Set Operation Tools

Difference (A - B)

Compute A - B set operations on CIDR blocks, ranges, and IP addresses

Overlap (A ∩ B)

Detect intersections between two sets of IP addresses and ranges

Contains (A ⊆ B)

Check if one set fully contains another with detailed containment analysis

Set Operations Reference

Mathematical set operations allow you to combine, analyze, and manipulate IP address ranges systematically. Each operation serves different network analysis and management purposes.

A ∪ B
Union
Combines all addresses from both sets. Results in addresses that are in A OR B. Useful for merging address allocations or creating comprehensive allow-lists.
Example: 192.168.1.0/24 ∪ 192.168.2.0/24 = both networks
A ∩ B
Intersection
Finds common addresses between sets. Results in addresses that are in BOTH A AND B. Essential for identifying conflicts or overlapping allocations.
Example: 192.168.0.0/16 ∩ 192.168.1.0/24 = 192.168.1.0/24
A - B
Difference
Removes B's addresses from A. Results in addresses that are in A but NOT in B. Critical for calculating remaining capacity or excluding reserved ranges.
Example: 192.168.1.0/24 - 192.168.1.128/25 = 192.168.1.0/25
A ⊆ B
Containment
Tests if A is completely contained within B. Returns boolean result plus coverage analysis. Valuable for validating subnet hierarchies and allocation compliance.
Example: 192.168.1.0/25 ⊆ 192.168.1.0/24 = true

Common Network Patterns

Firewall Management
  • Allow Lists: Union of trusted networks
  • Conflicts: Intersection of allow/deny rules
  • Exceptions: Difference to exclude specific ranges
IP Allocation
  • Available Space: Difference from allocated ranges
  • Overlaps: Intersection of allocation requests
  • Validation: Containment within authorized blocks
Network Analysis
  • Coverage: Union of monitoring ranges
  • Gaps: Difference to find unmonitored areas
  • Redundancy: Intersection of backup networks
Cloud Networks
  • VPC Planning: Union of required address space
  • Peering: Intersection analysis for conflicts
  • Segmentation: Difference for isolation

Implementation Notes

IPv4 vs IPv6

All operations process IPv4 and IPv6 addresses separately. You cannot perform set operations between different IP versions - they operate in distinct address spaces.

CIDR Optimization

Results are automatically optimized into minimal CIDR representations. Complex operations may require multiple CIDR blocks to exactly represent the result.

Range Normalization

Input ranges are normalized and merged before operations. Overlapping inputs within the same set are automatically combined for accurate results.

Performance Considerations

Operations are optimized for network-sized ranges. Very large address spaces or numerous small ranges may require additional processing time.

Best Practices

  • Validate Inputs: Always verify CIDR notation and IP formats before operations
  • Document Operations: Export results and maintain records of set operations
  • Test in Stages: For complex operations, break into smaller steps for verification
  • Monitor Results: Use visualization to verify operations produce expected outcomes