CIDR is in use. Classless routing is a ubiquitous fact of internet operation, regardless of how it may be expressed on a screen. CIDR notation for a block of IP addresses is the normal way to refer to them. It's used in written or spoken communications between technical people ("Please add the customer's slash-twenty-two to their BGP filter."). The vast majority of people, however, have no practical reason to use it or know what it means, and they do not.
Many examples exist, if you know where to look for them. A lot of internet server software uses CIDR notation in their documentation and in configuration files. Nearly anywhere that you can configure an access list (block IPs), or talk about routed networks, there will be an option to name them using CIDR notation.
For a few examples:
In the documentation for iptables, CIDR notation is in use without being specifically described as such:
[!] -s, --source address[/mask][,...]
Source specification. Address can be either a network name, a hostname, a network IP address (with /mask),
Postfix mail server has various features defined around specification of particular networks. An admin could distinguish between local and remote requests, enter a CIDR formatted network addresses in its "mynetworks" configuration directive in main.cf, something like mynetworks = 192.168.1.128/25
For another example active use of CIDR notation, here's a page from American Registry for Internet Numbers, with a fee schedule for IP allocations:
https://www.arin.net/resources/fees/fee_schedule/
So, why then, do so many more commonly used IP configuration interfaces, like Windows' "Local Area Connection" "Properties...") use a subnet mask? I think it's just an accident of history that Windows and Macs had their first network support added at a time when subnet mask format seemed more appropriate. Then there just wasn't enough reason to change it. In Windows 10, there is another display of the same configuration that's labeled "Edit IP Settings" and it has a field labeled "Network Prefix Length" of 24 when the subnet mask is 255.255.255.0. It's just two ways to describe a 32 bit integer comprised of 24 1's followed by 8 0's.
Regarding classful routing, there's no way for an internet router today to use that (maybe in a lab or a museum), but some vestigial relics of classful routing can still be seen. When IP ranges were designated for private use, they were made to be somewhat compatible with classful allocations. 10.0.0.0/8 could have been a valid class A network. 172.16.0.0/12 is a CIDR notation for 16 consecutive class B's, and similarly, addresses in 192.168.0.0/16 would be interpreted as being in one of 256 consecutive class C's, there.
If you delve more into the practical side, you will start to see CIDR. For example: sign up for a cloud provider, create some virtual machines, and then create security rules to define what traffic is allowed in/out of these virtual machines. Most clouds accept CIDR as part of these rule definitions.
– Tyler Church Feb 25 '22 at 21:34