IP Network IconIP.network

CIDR Contains

Check whether candidates (B) are inside containers (A), showing partial coverage and gaps if applicable.

About This Tool

The CIDR Contains Checker validates whether candidate IP ranges (set B) are fully contained within container networks (set A). This tool is essential for verifying subnet hierarchies, validating IP address allocations, ensuring proper network encapsulation, and auditing whether assigned ranges fall within authorized blocks. It provides detailed containment status for each candidate, including coverage percentage and identification of any gaps (addresses that fall outside containers), making it invaluable for network compliance and validation workflows.

How to Use

  1. Enter one or more container networks (Set A) that should contain the candidates, one per line
  2. Enter one or more candidate CIDR blocks (Set B) to check for containment, one per line
  3. Enable "Merge containers" to consolidate overlapping container ranges before checking
  4. Enable "Strict equality" if you want exact matches only (candidate must equal a container)
  5. Click "Check" to validate containment
  6. Review the status for each candidate: "contained", "partial", "outside", or "exact"
  7. Check coverage percentage to understand how much of each candidate is contained
  8. View gaps to see which specific ranges fall outside the containers

Features

  • Validates whether IP ranges are contained within specified networks
  • Shows detailed status for each candidate range
  • Calculates coverage percentage for partial containment
  • Identifies and displays gaps (addresses outside containers)
  • Supports both IPv4 and IPv6
  • Optional container merging for accurate validation
  • Strict equality mode for exact match requirements
  • Handles multiple containers and candidates simultaneously

Common Use Cases

  • Verifying subnet allocations fall within authorized IP blocks
  • Validating cloud VPC subnet assignments against allocated ranges
  • Ensuring branch office networks are properly contained in corporate space
  • Auditing firewall rules to confirm addresses match allowed ranges
  • Checking if DHCP scopes are within designated subnets
  • Validating IP address management (IPAM) database accuracy
  • Confirming delegation boundaries for DNS reverse zones
  • Ensuring security group rules reference contained address ranges
  • Validating network segmentation and isolation requirements
  • Auditing compliance with IP address allocation policies

Technical Details

The CIDR Contains checker determines whether all addresses in a candidate range exist within at least one container range. It provides nuanced status reporting beyond simple yes/no answers.

Containment Statuses:

  • contained: 100% of candidate addresses exist in containers (proper subset)
  • exact: Candidate exactly matches a container (when strict mode enabled)
  • partial: Some but not all candidate addresses exist in containers (coverage < 100%)
  • outside: 0% of candidate addresses exist in containers (completely disjoint)

Example - Full Containment:

  • Container: 192.168.1.0/24 (addresses .0 to .255)
  • Candidate: 192.168.1.0/25 (addresses .0 to .127)
  • Status: contained (coverage 100%)
  • Gaps: None

Example - Partial Containment:

  • Container: 192.168.1.0/25 (addresses .0 to .127)
  • Candidate: 192.168.1.0/24 (addresses .0 to .255)
  • Status: partial (coverage 50%)
  • Gaps: 192.168.1.128/25 (.128 to .255 not in container)

Example - Outside:

  • Container: 192.168.1.0/24
  • Candidate: 192.168.2.0/24
  • Status: outside (coverage 0%)
  • Gaps: 192.168.2.0/24 (entire candidate outside)

Merge Containers Option:

When enabled, overlapping container ranges are first consolidated before checking. This prevents false negatives when a candidate is covered by multiple overlapping containers.

Strict Equality Mode:

When enabled, only exact matches between candidate and container are considered valid. Useful for verifying that assigned blocks precisely match allocated blocks without any subset relationships.