RFC 1918 Private Range: 172.16.0.0/12
Convert the RFC 1918 172.16.0.0/12 private network range to CIDR. Understand this mid-sized private block and why it requires a /12 prefix.
Detailed Explanation
RFC 1918: The 172.16.0.0/12 Private Network
The 172.16.0.0/12 block is the mid-sized RFC 1918 private address range, containing 1,048,576 addresses. It's notable because the CIDR prefix (/12) doesn't fall on an octet boundary, which sometimes causes confusion.
Range Details
Range: 172.16.0.0 - 172.31.255.255
CIDR: 172.16.0.0/12
Mask: 255.240.0.0
Addresses: 1,048,576
Why /12 and Not /16?
The range spans from 172.16.0.0 to 172.31.255.255. That's 16 Class B blocks (172.16 through 172.31). Since 16 = 2^4, and a Class B is /16, we subtract 4 from 16 to get /12.
Binary Representation
172.16.0.0 = 10101100.0001|0000.00000000.00000000
172.31.255.255 = 10101100.0001|1111.11111111.11111111
^--- bit 12
The first 12 bits (10101100.0001) are the network portion. The remaining 20 bits vary, giving 2^20 = 1,048,576 addresses.
Common Uses
| Scenario | Typical Allocation |
|---|---|
| AWS default VPC | 172.31.0.0/16 |
| Docker default bridge | 172.17.0.0/16 |
| Kubernetes service CIDR | 172.20.0.0/16 |
| VPN client pools | 172.16.100.0/24 |
Subdividing the /12
You can subdivide into 16 /16 blocks:
172.16.0.0/16, 172.17.0.0/16, ... 172.31.0.0/16
Or 256 /20 blocks, or 4,096 /24 blocks. The /12 gives generous room while being smaller than the 10.0.0.0/8 space.
Potential Pitfall
Because the range doesn't start at 172.0.0.0, a common mistake is using 172.0.0.0/12 (which would be wrong — that's 172.0.0.0 to 172.15.255.255, which are public addresses). Always verify with a converter tool.
Use Case
A DevOps team discovers that their Docker Swarm overlay network (172.17.0.0 - 172.19.255.255) overlaps with the VPN client range. They use this tool to convert both ranges to CIDR and find a non-overlapping allocation within the 172.16.0.0/12 space.