IPFYI

CIDR Aggregator

Aggregate a list of IP addresses or subnets into the minimal set of CIDR blocks. Optimize firewall rules and routing tables.

Calculator

Presets:
Input Entries
Aggregated Blocks
Reduction
Total IPs Covered

Aggregated CIDR Blocks

Skipped Lines (invalid)

CIDR Aggregation Rules

  • Adjacent blocks with the same prefix length merge if they form a valid supernet (e.g., 10.0.0.0/24 + 10.0.1.0/24 = 10.0.0.0/23).
  • Overlapping blocks are collapsed into the smallest covering block.
  • Single IP addresses are treated as /32 host routes.
  • The algorithm repeats until no further merges are possible.

How to Use

  1. 1
    Enter IP Addresses or CIDR Blocks

    Paste a list of IP addresses or CIDR blocks, one per line. The tool accepts mixed input including individual IPs (interpreted as /32 for IPv4 or /128 for IPv6), CIDR blocks of any prefix length, and combinations of both.

  2. 2
    Run Aggregation

    Click aggregate to compute the minimal set of CIDR blocks that covers exactly the same address space as the input. The algorithm merges adjacent and overlapping blocks into the fewest, largest possible CIDR blocks without including addresses not in the input set.

  3. 3
    Apply Results to Network Configuration

    Use the aggregated CIDR list in firewall rules, routing configurations, or access control lists. Fewer, larger CIDR blocks reduce rule counts in firewall and router configurations, improving performance and reducing management complexity.

About

CIDR aggregation is an optimization technique that reduces complex sets of IP address ranges to their minimal CIDR representation, finding applications in network security operations, routing protocol management, and network policy administration. As IP address lists grow — whether from threat intelligence feeds listing malicious IP ranges, allowlists for trusted partner networks, or network segmentation policies — managing individual addresses becomes impractical. Aggregation tools provide the computational mechanism to collapse these lists while preserving their coverage, enabling more efficient policy implementation.

The mathematical basis of CIDR aggregation is rooted in the binary tree structure of IP address space. IPv4's 32-bit address space can be visualized as a binary tree where each level represents one bit of the address. A CIDR block corresponds to a subtree rooted at the node identified by the network prefix bits. Two adjacent, same-size CIDR blocks that share a parent node in this tree can be replaced by their parent, a block twice as large with one fewer prefix bit. The aggregation algorithm traverses this tree bottom-up, merging siblings wherever possible. This process is analogous to the Karnaugh map minimization used in digital logic design.

Practical applications of CIDR aggregation span multiple network operations disciplines. Security teams maintaining IP reputation lists and geographic blocking rules benefit from aggregated lists that can be loaded into firewall memory more efficiently. Network operations centers use aggregation when planning route advertisements to ensure customers aren't accidentally leaking more-specific routes that should be aggregated. Cloud platform engineers aggregate VPC subnet ranges for transit gateway routing tables and security group rules. DevOps engineers working with CDN and DDoS protection services aggregate IP allowlists for origin server access policies. In all these cases, the goal is the same: represent the desired address space as efficiently as possible without sacrificing correctness.

FAQ

What is CIDR aggregation and why is it useful?
CIDR aggregation (also called route summarization or supernetting) is the process of combining multiple IP address ranges into the smallest number of CIDR blocks that represent exactly the same address space. When you have dozens or hundreds of individual IP addresses or small CIDR blocks — such as a list of trusted IPs or known bad addresses — aggregation reduces them to a compact, manageable representation. This is valuable for firewall rule optimization (fewer rules improve processing performance), routing table efficiency (fewer routes reduce memory and BGP convergence time), and IP allowlist/blocklist management (compact lists are easier to audit and maintain).
How does the aggregation algorithm work?
CIDR aggregation works in two phases. First, the input addresses are sorted numerically and converted to ranges. Overlapping or adjacent ranges are merged. Second, each merged range is expressed as the minimal set of CIDR blocks — ranges that don't naturally align to CIDR boundaries require multiple blocks. Two adjacent /24 blocks can be expressed as a single /23 if their starting address is the network address of the /23. The algorithm repeatedly checks whether pairs of same-size blocks that are adjacent and aligned can be merged into a single larger block, working from smallest to largest prefix lengths. This is a bottom-up approach that produces the canonical minimum representation.
When would aggregation include addresses I didn't intend?
If you input addresses that are close but not part of an aligned CIDR block, the aggregator may produce output that looks correct but actually represents a range slightly different from your intent. For example, inputting 10.0.0.1 and 10.0.0.3 — two individual addresses — cannot be expressed as a single CIDR block (the only /31 covering both is 10.0.0.2/31 which includes 10.0.0.2 but not 10.0.0.1). A correct aggregator would output two /32 blocks. Tools vary in how they handle non-alignable inputs; always verify aggregated output represents exactly the intended addresses by expanding the result back to individual IPs or ranges.
How does CIDR aggregation apply to BGP routing tables?
BGP (Border Gateway Protocol) routing tables contain entries for IP prefixes exchanged between autonomous systems. Without aggregation, the global routing table would contain billions of entries as networks advertise their individual IP blocks. ISPs and network operators use route aggregation to announce their entire allocated address space as a few large CIDR blocks rather than thousands of individual subnets, keeping the global routing table manageable (currently approximately 900,000 IPv4 routes). When a downstream customer is given a /24 block from a provider's /16, the provider can aggregate all customer /24s back into their /16 announcement upstream. Failures to aggregate properly contribute to BGP table bloat, which strains router memory and BGP convergence speed.
What is the difference between aggregation and summarization?
Aggregation and summarization are often used interchangeably, but have a subtle distinction. Summarization refers to replacing multiple more-specific routes with a single less-specific route that covers the same or a superset of addresses — typically used for routing simplification where some addresses in the summarized block may not be routed. Aggregation more strictly refers to creating the exact minimal set of CIDR blocks covering precisely the input address space, without including additional addresses. In practice, both terms are commonly used for the same operation in the context of firewall and ACL optimization tools, while routing engineers may use summarization to mean a potentially lossy supernet that covers more address space than strictly needed for routing efficiency.