/24 – The Internet’s Smallest Block

by Leo Vegoda

Our auction platform lets you filter scores of open auctions in several ways. One is by block size. The smallest block is a /24 (256 IPv4 addresses). But why /24?

IPv4.Global Auction Platform showing the block-size filter

One answer is that this is the smallest block that some RIRs will transfer. But that doesn’t explain the rationale for why this is true. The fact is, perhaps underlying the transfer rules is the fact that it is very difficult to use anything smaller than a /24 on the internet. But why?

CIDR recap

Early on in the development of internet routing, internet engineers cut the IPv4 space into three sizes of network.

  • Big networks (Class A) had 16 million addresses
  • Medium sized networks (Class B) had 65,536 addresses
  • Small networks (Class C) had 256 addresses

IP addresses were distributed to networks in these three sizes only. They chose this approach when computing was expensive and the number of networks was small. But things started to change in the early 1990s. The number of small, Class C blocks was limited and in great demand. Over time, many were allocated and a future shortage became obvious to everyone. “Shortage” in the sense that the supply would be completely exhausted. In fact, the first mention of IPv4 depletion came in 1992. A proposal for a new approach came in 1993.

The new approach was – and is – known as Classless Inter-Domain Routing – or CIDR – and offers more granularity. It subdivides sets of addresses much more finely.

This delivered two advantages. Addresses could be allocated in aggregations more appropriate to need (that is, less allocation overkill could occur than happened by assigning a Class B where something between a Class C and a Class B was needed). Efficient allocation meant a greater number of networks could use the same number of addresses because fewer addresses went to those who did not need them. Excessive distribution, and therefore unused address possession, was avoided. Plus, networks could control their routing better.

How many?

Classful addressing gave us about 2 million Class C networks. The internet’s routing table is almost 1 million routes today and 60 percent of those routes are /24s. But the RIRs have only issued about 72,000 /24s. That means about seven /24s are announced for each /24 issued by the RIRs.

Why do organizations with bigger blocks announce them as several /24s? And why doesn’t everyone announce all their address space as /24s?

Influencing other networks

Traffic engineering is an answer to why large blocks are announced as /24s. Traffic for an organization’s addresses might not be spread evenly. One /24 could get a disproportionately heavy load. The network’s operator might want that heavy load to use one path and the rest of the traffic to use another.

This can be done by announcing a more specific part of the addresses. In BGP – the internet’s routing protocol – the more specific route always wins. This is called deaggregation. Keeping all addresses in a single announcement is called aggregation.

The example network ensures that most traffic for comes from Upstream 2 telling it about the more specific – smaller – /24. The whole /19 network is announced to both upstreams.

Too many routes!

The internet engineers who developed the CIDR strategy in 1993 described two benefits. One was that “more-appropriately sized blocks” could stave off depletion. The other was “an immediate decrease in the number [of] routing table entries”.

A routing table is the map of which blocks of IP addresses are in each destination. BGP – the internet’s routing protocol – shows each route as a sequence of other internet networks represented by their AS Numbers. When there are two routes to an IP address, BGP chooses the route to the smallest – most specific block – of addresses first. If both options are equal, it chooses the shortest route.

Routers – the specialized computers that send data through networks – use expensive, specialized silicon to make decisions fast. This limits the total number of routes they can handle because routers are made at a much smaller scale than consumer devices. This means they don’t benefit from the scaling available to laptop and phone manufacturers.

Smaller networks don’t need to know all the internet’s routes. They can point a ‘default’ route at one or more upstream networks. But the networks carrying traffic for those downstream networks need to have what internet engineers call the full ‘default free’ routing table.

The second issue has always been a problem. The default free routing table is now almost a million routes. This is a barrier for some router models. Ten years ago, we were approaching half a million. Network operators discussed the impact on networks using older equipment.

Network operators encourage each other to minimize the number of routes they advertise. This is because the cost of routes is paid for in router upgrades. Since the mid-1990s, engineers have been sharing a weekly CIDR Report. It showcases the networks that could reduce the size of the routing table by aggregating better. There are still significant gains to be made.

The early IPv4 distribution policies noted that conservation and routability are often “conflicting goals.” Traffic engineering could be added to that.


Sometimes a service needs just one IPv4 address. Root nameservers are an example of this. The service address is just one of 256, so why route the whole /24?

Root nameservers are important. Everyone needs them. But the routing system cannot scale to cope with each IPv4 address having its own route across the internet. The informal but real barrier of a /24 reduces the potential scale of the routing table 256 times.

As long as the default free routing table grows slowly, networks can budget for scheduled router upgrades. But when it leaps in size because of configuration errors large parts of the internet can suffer. AS7007 famously caused a major internet outage in 1997 when it leaked 72,000 routes. Outages like this are a result of sudden, unplanned growth in routes exceeding the capabilities of deployed hardware.

Today, Geoff Huston’s BGP Routing Table Analysis Report shows about 3,000 routes for blocks smaller than a /24. These tend to be short lived route leaks. At 0.3% of the whole routing table, these are not a problem. And most networks will probably not see them as they don’t accept anything smaller than a /24.

But network operators with older equipment see 1 million routes as a problem. This is the same as the 512k issues they had in 2014. There are strategies to cope with this. They include ignoring more specific routes.

This could make traffic engineering less effective without breaking reachability.