{{ result.summary.heading }}
{{ result.summary.primary }}
{{ result.summary.line }}
{{ badge.label }}
Range A {{ overlapLaneStage.windowLabel }} Range B
Use labels and optional groups to audit VPCs, VLANs, VPN pools, partner ranges, and route inventories before a change.
{{ params.inventory.length.toLocaleString() }} chars
{{ sourceStatus }}
{{ fileError }}
Normalize keeps common spreadsheet exports usable while recording host-bit corrections in the Inventory Ledger.
Use cross-group mode for migration checks where duplicate ranges inside the same inventory group are already expected.
Leave off for strict overlap checks; turn on when reviewing route plans or IPAM cleanup candidates.
{{ flagAdjacentBool ? 'Show adjacent notes' : 'Ignore adjacency' }}
The Inventory Ledger still shows every parsed range; this only filters conflict rows and summary counts.
addresses
{{ header }} Copy
{{ cell }}
No rows for the current input.
Tags: Diagnostics, IP Addressing, Networking
BGP Prefix List Generator Generate BGP prefix-list config from CIDR rows with Cisco, Arista, FRR, SONiC, and Junos syntax, normalization, and shadowing checks.
Static Route Commands Generator Generate static route add, replace, and delete commands for Linux, Windows, Cisco-like, Junos, and firewall CLIs with route-row checks.
IPv4 Supernet Calculator Summarize IPv4 CIDR lists into a single cover route or exact aggregate set, with gap exposure warnings, normalization, and exportable ledgers.
IPv6 Prefix Plan Calculator Plan IPv6 site and LAN prefixes from a parent CIDR, then check capacity, /64 fit, nibble alignment, and copyable ledger rows.
Customize
Advanced
:

IPv4 overlap is a planning error that hides inside notation. A spreadsheet row can say 10.44.0.0/16, another can say 10.44.80.0/20, and both can look valid until the ranges are converted into their first and last addresses. The smaller block is completely inside the larger one, so the same addresses have been claimed twice.

The risk appears most often before networks are connected. VPNs, VPC peering, route redistribution, firewall policy, tenant migrations, partner links, and mergers all assume that an address points to one intended place. When two inventories use the same addresses, routing may still pick a path, but it cannot decide which business system, branch, lab, or partner the address was supposed to represent.

CIDR notation is compact because a prefix length describes many addresses at once. That compactness is also why broad parent blocks, carved-out child subnets, single-host reservations, and start-end ranges can be hard to compare by eye. A /16 covers 65,536 addresses, a /24 covers 256, and a /32 covers one host.

Relationship What it means Why it matters
Exact duplicate Two rows have the same first and last address. The same block may be counted twice or assigned to two places.
Containment One range sits fully inside another range. A broad allocation can hide a child subnet that needs an exception, split, or reservation.
Partial overlap Only part of two ranges intersects. Route exchange, NAT design, or allocation cleanup can break on the shared portion.
Adjacent only One range ends immediately before another begins. The ranges may be candidates for summarization, but they do not share addresses.
10.44.0.0/16 VPN /20 shared 10.80.0.0/16 gap Closed ranges overlap when the later start is not greater than the earlier end.

Overlap checks are not reachability checks. They do not prove which router has the best path, whether a firewall permits traffic, or who owns a live host. They answer a narrower inventory question: do the declared IPv4 ranges collide under the scope being reviewed?

Special-use address space adds another source of confusion. Private, shared carrier-grade NAT, loopback, link-local, documentation, benchmark, multicast, reserved, and public ranges carry different expectations. The label can make unusual rows stand out, but it does not replace allocation records or live routing evidence.

A useful overlap review separates shared addresses from adjacent ranges, broad coverage from unique coverage, and host-bit mistakes from intentional network boundaries. Those distinctions prevent a clean-looking plan from hiding duplicate address counts or a parent range that swallows smaller allocations.

How to Use This Tool:

Start with the inventory text or file you already have, then narrow the scope only when the planned change calls for a cross-group audit.

  1. Paste entries into IP inventory, drag a file onto the textarea, or use Browse for a text or CSV-style file under 512 KiB. A run accepts up to 600 non-blank rows.
  2. Use one range per line. Accepted forms include CIDR blocks, single IPv4 hosts, start-end ranges, address plus dotted mask, CSV rows, and header rows such as label,cidr,group,note.
  3. Keep labels and groups when you have them. Groups help separate on-prem, cloud, branch, partner, VPN, tenant, or environment ranges during cross-group review.
  4. Choose Host-bit handling. Normalize mode converts host-bearing CIDRs such as 10.20.4.25/24 to the network boundary and records the correction. Strict mode rejects the row so the source inventory can be fixed.
  5. Set Conflict scope. Use Audit all ranges for cleanup. Use Only flag overlaps between different groups when same-group reuse is expected but cross-group collisions would block peering, migration, or VPN work.
  6. Open Advanced only when needed. Adjacent range notes marks touching ranges in the ledger, and Minimum shared addresses filters smaller intersections from conflict rows and summary counts.
  7. Read the summary first, then use Overlap Findings, Inventory Ledger, Coverage Blocks, Overlap Pressure Map, and JSON when you need conflict rows, normalized ranges, unique coverage, chart triage, or a machine-readable record.

If the page shows Input needs review, correct the named line before relying on any overlap count. Invalid octets, invalid prefixes, leading-zero addresses, non-contiguous masks, and strict-mode host-bit rows stop the audit.

Interpreting Results:

Overlap Findings is the main conflict list. Exact duplicates and cross-group containment are usually the most urgent because they can make two places claim the same complete block. Partial cross-group overlap is also high risk because a route, firewall exception, or NAT rule may work for one part of a range and fail for another.

A No overlaps summary is only as broad as the selected settings. Cross-group mode ignores same-group collisions, and a raised Minimum shared addresses value can hide small intersections. Before attaching a clean result to a change record, check the scope note, Host-bit corrections, and the normalized CIDRs in Inventory Ledger.

Output Use it for Check before trusting it
Severity Ranking duplicate, containment, and partial-overlap pairs. Confirm whether the two rows are in the same group or different groups.
Shared addresses Measuring the exact size of an intersection. Do not read it as active hosts, sessions, or observed traffic.
Duplicate address count Comparing declared address total with merged unique coverage. Remember that one broad containment can create thousands of duplicate addresses.
Address space Spotting private, shared, loopback, link-local, benchmark, documentation, multicast, reserved, or public ranges. Do not treat the label as allocation ownership or live reachability.
Coverage Blocks Reviewing merged unique address spans after overlap and adjacency are collapsed. Compare source labels before replacing detailed inventory with a broader cover.

Use Overlap Pressure Map to find ranges that create many conflicts or cover many addresses, then resolve the exact table rows. The chart helps triage; the row-level Action, Overlap CIDRs, and Range values are the audit evidence.

Technical Details:

IPv4 addresses are 32-bit integers usually written as four decimal octets. CIDR combines an address with a prefix length, where the prefix fixes the network bits and the remaining bits define the block size. Larger prefix numbers create smaller blocks: /24 covers 256 addresses, /31 covers 2, and /32 covers 1.

Overlap testing becomes exact after every accepted input is converted to a closed numeric range with a start address, end address, and size. CIDR blocks, dotted-mask rows, start-end spans, wildcard-style rows, and single hosts all reduce to that same form. Two ranges intersect when the later start address is less than or equal to the earlier end address.

Host-bit handling affects whether input such as 10.20.4.25/24 is accepted. In canonical network notation, the host bits outside the prefix are zero, so that input describes the 10.20.4.0/24 network after normalization. Strict review rejects the row instead, which is useful when the source inventory must remain exact.

Formula Core:

For an IPv4 CIDR prefix /p, the address count is:

addresses = 2 32 - p

For two closed ranges A and B, the shared address count is:

shared = min ( endA , endB ) - max ( startA , startB ) + 1

The formula applies only when max(startA, startB) <= min(endA, endB). Comparing 10.44.0.0/16 with 10.44.80.0/20 produces 4,096 shared addresses because the /20 sits entirely inside the /16.

Accepted Input Rules:

Input shape Example Important validation
CIDR 10.44.80.0/20 Prefix must be /0 through /32; host bits are normalized or rejected by mode.
Dotted mask 10.44.80.0 255.255.240.0 The mask must be contiguous; wildcard-style masks are handled when the detected pattern indicates one.
Start-end range 203.0.113.16-203.0.113.31 The lower and higher addresses are ordered before comparison.
Single host 10.44.88.10 The host is treated as a /32 range.
CSV-style row VPN pool,10.44.80.0/20,remote Recognized headers map labels, ranges, groups, and notes; otherwise the first columns are read in that order.

Relationship and Severity Rules:

Condition Relationship Severity cue Typical action
Same start and same end Exact duplicate Critical Remove the duplicate row, document intentional reuse, or readdress one side before connectivity.
One range fully contains a different-group range Containment Critical Narrow the broader side, exclude the child block, translate, isolate, or readdress.
One range fully contains a same-group range Containment High Reserve the child range, split the parent block, or document the source purpose.
Different groups share part of a range Partial overlap High Move, NAT, or isolate one side before connectivity is added.
Same group shares part of a range Partial overlap Medium Split one allocation at the intersection or clean up the ledger.

Usable host count follows the common subnet convention of subtracting network and broadcast addresses for CIDR blocks shorter than /31. A /31 or /32 keeps its full size because point-to-point and host-specific cases often use those prefixes without the older subtraction rule.

Address-space classification is contextual. Private RFC 1918 blocks, shared carrier-grade NAT space, loopback, link-local, benchmark, documentation, multicast, reserved, current-network, mixed special/public, and public ranges are identified so unusual entries stand out. The label helps review intent, but it does not replace IPAM records, route tables, firewall policy, or live testing.

Privacy Notes:

The overlap audit runs in the browser after the page loads. Pasted inventory and files opened with Browse are read locally for parsing, tables, chart data, and downloads rather than uploaded for server-side analysis.

  • Do not paste secrets, credentials, or customer-sensitive notes unless your environment permits that review in a browser page.
  • Downloaded CSV, DOCX, JSON, and chart files are ordinary local files; store them under the same controls as other network change evidence.
  • The result is inventory math, not a scan of live hosts, route preference, firewall reachability, or ownership records.

Worked Examples:

A migration review that includes Prod LAN,10.44.0.0/16,core and VPN pool,10.44.80.0/20,remote should produce a Critical row in Overlap Findings. The relationship shows containment, Shared addresses shows 4,096, and the action points toward narrowing, excluding, translating, isolating, or readdressing one side before peering.

A cleanup pass with Branch LAN,10.20.4.25/24,branch depends on Host-bit handling. Normalize mode records 10.20.4.0/24 in Inventory Ledger and increments Host-bit corrections. Strict mode stops the run with an error that names the corrected network boundary.

Two neighboring ranges such as 10.10.0.0/24 and 10.10.1.0/24 should not appear as an overlap because they share no address. When Adjacent range notes is enabled, the ledger can still flag the relationship, and Coverage Blocks can show how the unique cover looks after adjacency is merged.

A troubleshooting row such as Lab,10.1.0.0 255.0.255.0,test fails because the mask is non-contiguous. Replace it with a valid prefix or contiguous dotted mask, then recheck Inventory Ledger to confirm the normalized CIDR and address count.

FAQ:

Can adjacent IPv4 ranges be treated as overlaps?

No. Adjacent ranges touch at a boundary but share no address. Enable Adjacent range notes when summarization or cleanup review needs to see touching ranges in Inventory Ledger.

Why did a pasted host become a CIDR network?

Host-bit handling is set to normalize. The checker moves host-bearing CIDR input to the correct network boundary and records the correction; strict mode rejects the row instead.

Why does cross-group mode show fewer conflicts?

Cross-group mode ignores pairs where both rows have the same group value. Switch back to Audit all ranges when duplicate or nested ranges inside one group are part of the cleanup task.

Does the checker understand public and private address space?

It labels parsed ranges as private, shared, loopback, link-local, benchmark, documentation, multicast, reserved, current-network, mixed special/public, or public in Inventory Ledger. The label is context, not ownership proof.

Why did a file fail to load?

The browser file input expects a text or CSV-style inventory under 512 KiB. If the file is larger, split the inventory or paste the relevant rows into IP inventory.

Glossary:

CIDR
Classless notation that writes an IPv4 range as an address plus prefix length, such as 10.44.0.0/16.
Host bits
The part of an IPv4 address outside the prefix. In canonical CIDR network notation, those bits are zero.
Closed range
A start and end address where both boundary addresses are included in the comparison.
Containment
An overlap relationship where one range fully includes another range.
Adjacent range
A range that touches another range at the next address but does not share an address.
Coverage block
A merged unique address span created after overlapping and adjacent source ranges are combined.

References: