CIDR Supernetting & Route Aggregation

CIDR Supernetting and Route Aggregation

Supernetting (also called route summarization or CIDR aggregation) combines multiple contiguous or overlapping CIDR blocks into the fewest possible blocks that cover the same address space. This is the inverse of subnetting.

Basic Example

Four contiguous /24 subnets can be summarized into a single /22:

10.0.0.0/24   (10.0.0.0 - 10.0.0.255)
10.0.1.0/24   (10.0.1.0 - 10.0.1.255)
10.0.2.0/24   (10.0.2.0 - 10.0.2.255)
10.0.3.0/24   (10.0.3.0 - 10.0.3.255)

Merged: 10.0.0.0/22  (10.0.0.0 - 10.0.3.255)

When Aggregation Is Useful

1. Routing Tables

Internet backbone routers hold 900,000+ routes. Without aggregation, this number would be millions. ISPs summarize customer routes before advertising to peers.

2. Firewall / ACL Rules

Instead of 16 separate /28 allow rules, a single /24 rule is cleaner and faster to evaluate:

# Before (16 rules)
allow 10.0.1.0/28
allow 10.0.1.16/28
...
allow 10.0.1.240/28

# After (1 rule)
allow 10.0.1.0/24

3. BGP Announcements

ISPs prefer to receive aggregated routes. Many providers filter announcements more specific than /24 for IPv4, meaning your individual /28 announcements may be dropped.

The Aggregation Algorithm

1. Convert all CIDRs to [start, end] integer ranges
2. Sort by start address
3. Merge overlapping or adjacent ranges
4. Convert merged ranges back to the minimum set of CIDR blocks

The "convert back" step is non-trivial because a merged range may not align to a single CIDR boundary. For example, merging 10.0.0.0/24 and 10.0.1.0/25 produces range 10.0.0.0 - 10.0.1.127, which requires two CIDRs: 10.0.0.0/24 + 10.0.1.0/25.

When NOT to Aggregate

• When you need different policies per subnet (e.g., different security groups)
• When aggregation would include unintended address space
• When debugging — specific routes help identify traffic sources