Calculation and allocation of AWS VPC and Subnet CIDR
Gauthier Kwatatshey
Principal DevOps Engineer - BU Manager at Storm Reply Multi-Env| k8s | Python | CI/CD | ArgoCD | FluxCD| IaC | Terraform | Terragrunt | Serverless | Machine Learning & AI |GenAI| IoT| Big data | AWS Community Builder
When we create our first virtual private cloud and subnets, it is difficult to understand CIDR calculation and allocation. I hope this content will be helpful to the cloud newbies.
Let's start with why CIDR allocation is so important when creating VPCs. When we have a single VPC, CIDR allocation may not be as important. However, when we need interconnectivity between multiple VPCs in the same account or across accounts, we must plan ahead and define our CIDR blocks accordingly. When we have the same or overlapping CIDR blocks in two different VPCs, we cannot use features like VPC peering.
So, now we understand that allocating CIDR blocks correctly is a critical task, let's understand what CIDR is, CIDR stands for Classless Inter-Domain Routing (CIDR) which is an IP addressing scheme that improves IP address allocation.
---------------------------------------------------
How does the CIDR address range work?
IPv4 addresses are?32-bit?numbers that are typically displayed in dotted decimal notation. A 32-bit address contains two primary parts: the network prefix and the host number.
1) /32 in CIDR x.x.x.x/32 means use all 32 bits to form a range of addresses. In this case just one IP address is possible.
2) /24 in CIDR x.x.x.0/24 means fix the first 24 bits and use last 8 bits to form a range of addresses. In this case, there can be 2^8 IP addresses i.e. from x.x.x.0 to x.x.x.255.
3) /16 in CIDR x.x.0.0/16 means fix the first 16 bits and use the last 16 bits to form a range of addresses. In this case, there can be 2^16 IP addresses i.e. from x.x.0.0 to x.x.255.255.
4) /8 in CIDR?x.0.0.0/8?means fix the first 8 bits and use the last 24 bits to form a range of addresses. In this case, there can be 2^24 IP addresses i.e. from x.0.0.0 to x.255.255.255.
5) /0 in CIDR?0.0.0.0/0?means fix the first 0 bits and use the last 32 bits to form a range of addresses. In this case, all the possible IP addresses are included in the range.
I hope this helps you understand why the first 16 bits of x.x.0.0/16 CIDR must be fixed.
-------------------------------------------------
Now that we understand how CIDR address ranges work, let's take a look at an example CIDR — 10.97.224.0/20 and create a VPC with 4 subnets (2 subnets may act as public subnets and another 2 subnets may act as private subnets).
As previously explained, the first 20 bits of the 10.97.224.0/20 CIDR block are fixed, and the last 12 bits can be used to generate a range of IP addresses. As a result, we can have a total of 212, or 4,096 IP addresses. Because we intend to create four subnets, we can divide the IP address range into four parts, allowing each subnet to have 1,024 IP addresses. Because we are dividing the IP address range into 4 (i.e. 22) parts, our CIDR blocks for each subnet should end in /22. (/22 means we can use the last 10 bits to form a range of IP addresses, giving us a total of 21??(1024) addresses).
As a result, we can use the following CIDR configuration for our VPC.
VPC name => demo-vpc
CIDR Block => 10.97.224.0/20
First IP => 10.97.224.0
Last IP => 10.97.239.255
You can check the IP address range for your CIDR block using CIDR interpretation tools such as https://www.ipaddressguide.com/cidr.
*As a result, our first subnet will have the CIDR configuration shown below. The only difference between this CIDR and others is the /22 suffix. Which means, it will use the first 1,024 IP addresses between 10.97.224.0 and 10.97.227.255.
subnet name => public-subnet-a
CIDR Block => 10.97.224.0/22
领英推荐
First IP => 10.97.224.0
Last IP => 10.97.227.255
*The CIDR block for the second subnet can begin immediately after the first subnet ends. As a result, the CIDR blocks start at 10.97.228.0 and end at 10.97.231.255.
subnet name => public-subnet-b
CIDR Block => 10.97.228.0/22
First IP => 10.97.228.0
Last IP => 10.97.231.255
*The third subnet's CIDR block can begin immediately after the second subnet's end. As a result, the CIDR blocks begin at 10.97.232.0 and end at 10.97.235.255.
subnet name => private-subnet-a
CIDR Block => 10.97.232.0/22
First IP => 10.97.232.0
Last IP => 10.97.235.255
*The fourth subnet's CIDR block can begin immediately after the third subnet's end. As a result, the CIDR blocks begin at 10.97.236.0 and end at 10.97.239.255. (As can be seen, this is the the last IP address in our master CIDR block).
subnet name => private-subnet-b
CIDR Block => 10.97.236.0/22
First IP => 10.97.236.0
Last IP => 10.97.239.255
We can now use these CIDR configurations to create our VPC and subnets.
-----------------------------------------------
Conclusion
In this article, we learned why CIDR allocation is important and how to efficiently allocate CIDR blocks while avoiding CIDR overlapping issues.
#cloud #aws #vpc #subnets #cidr #networking #security #bestpractices