ToolBelt

Subnet Aggregator

Collapse a list of IPv4 CIDRs into the smallest covering set.

Open tool

Overview

The subnet aggregator collapses a long list of IPv4 CIDR blocks into the smallest set of CIDRs that covers the same addresses. Paste a hundred lines of route advertisements, firewall exception entries, or BGP prefix-list snippets, and the aggregator returns the supernet form — typically a much shorter list — without changing what is matched.

Network engineers cleaning up an access list, security teams consolidating threat-intel feeds, and BGP operators auditing their prefix-list advertisements all need a CIDR aggregator. Long-tail keywords covered: collapse list of IPv4 CIDRs to supernets, summarise routes for ACL, and merge adjacent subnets into the smallest set.

How it works

CIDR aggregation works on the 32-bit integer representation of each block's network and broadcast addresses. Two adjacent blocks of the same size combine into a parent block one bit shorter — 192.168.0.0/24 and 192.168.1.0/24 aggregate to 192.168.0.0/23. The algorithm sorts the input by start address, walks linearly, and repeatedly merges runs of contiguous ranges into the largest aligned CIDR that fits without overshooting. Overlapping inputs are de-duplicated as a side effect.

The output is canonical: every block is the largest possible at its starting alignment, and the list is sorted ascending. Two equivalent input sets always aggregate to the same output, so this is a stable normalisation step for storing or comparing CIDR sets.

Examples

  • 10.0.0.0/24 + 10.0.1.0/2410.0.0.0/23.
  • 10.0.0.0/25 + 10.0.0.128/2510.0.0.0/24.
  • 192.168.1.0/24 + 192.168.2.0/24 does not aggregate — they are not aligned at the /23 boundary. The output is the two original blocks unchanged.
  • Overlapping 10.0.0.0/16 and 10.0.1.0/24 → just 10.0.0.0/16 (the larger block subsumes the smaller).

FAQ

Why won't 192.168.1.0/24 + 192.168.2.0/24 aggregate?

A /23 must start on an even-numbered octet (192.168.0.0, 192.168.2.0, 192.168.4.0). 192.168.1.0 and 192.168.2.0 straddle that boundary, so the smallest single CIDR covering both is 192.168.0.0/22 — which also includes 192.168.0.0 and 192.168.3.0. Aggregation only merges blocks that fit perfectly.

Does it handle IPv6?

The current aggregator focuses on IPv4. The same algorithm extends to IPv6 trivially in principle; for now use it for IPv4 lists.

What happens to duplicate entries?

They are silently merged. The output never contains duplicate or overlapping CIDRs.

Is the output order stable?

Yes. Sorted ascending by start address. Run the same input through twice and you get the identical line-by-line output.

Try Subnet Aggregator

An unhandled error has occurred. Reload ×