How Can We Help?

AWS CIDR – Classless Inter-Domain Routing

You are here:
< All Topics

classless inter-domain routing = CIDR is a method for allocating ip addresses

 

used in security group rules and aws networking

 

they define a network address range

 

 

CIDR has 2 components:

 

base ip: eg 10.0.0.0 or 192.168.0.0

 

and

 

subnet mask: defines how many bits can change in the ip

 

eg /0, /24, /32

 

subnet mask

 

allows part of the underlying ip to obtain additional ip values from the base ip:

 

eg 192.168.0.0/32 = 1 ip

 

but

 

192.168.0.0/31 = 2 ip (.0 and .1)

 

/30 = 4 ip = 0.0 to 0.3

 

/29 = 8 ip

 

/28 = 16 ip

 

/27 = 32 ip

 

etc, all the way to /0 which means ALL ips!

 

 

A quick memo:

 

1st – 2nd – 3rd – 4th octet

 

/32 = no octet can change

 

/24 = the 4th can change

 

/16 = the last 2 octets 3rd and 4th can change

 

/8 = last 3 octets can change

 

/0 ALL octets can change

 

 

Another good way to memorize:

 

The subnet mask space starts at /32 : this is for 1 ip only

then for each value the number of ip addresses doubles…

 

eg

 

/31 = 2 ips

/30 = 4 ips

/29 = 8 ip

 

/28 = 16 ips 

 

/27 = 32 ips

 

/26 = 64 ips

 

/25 = 128 ips

 

/24 = 256 ips

 

right up to 

 

/16 = 65,536 ips

 

 

 

 

private ips are the ranges 10.0.0.0 – 10-255-255-255 and 10.0.0.0/8 is used for big private networks

 

172.16.0.0 – 172.31.255.255 – this is the aws default range for vpcs

 

192.168.0.0 – 192.168.255.255 /16 – this is often used for home networks and small subnets

 

all other ip address ranges are public ip ranges

 

 

 

Default VPC Virtual Private Cloud of AWS

 

Note the following:

 

All new aws accounts are allocated automatically a default vpc

 

new EC2 instances are automatically launched in the default vpc unless a subnet is specifically specified

 

default vpc has internet connectivity and all EC2 instances within it also get public ipv4 addresses

 

we also get a public and a private ipv4 dns name

 

this default vpc approach makes it very easy for new customers to get started with aws.

 

 

MAX 5 VPCs per region

 

you can have a max of 5 VPCs in one region

 

max cidr per vpc is also 5 for each cidr

 

min size is /28 (16 ips)
max size is /16 (65536 ips)

 

 

as vpc is private, only the private ip range is allowed – always remember this!

 

ie

 

10.0.0.0 – 10.255.255.255 = 10.0.0.0/8

 

172.16.0.0 – 172.31.255.255 = 172.16.0.0/12

 

192.168.0.0 – 192.168.255.255 = 192.168.0.0/16

 

important also: do not let your cidrs on aws vpc overlap with any of your on-premises networks, in case you later want to interconnect them!

 

also important for exam and practice:

Reserved IPs with aws vpc1:

 

5 ips the first 4 and the last 1 of every subnet are always reserved and not available for use and so cant be assigned for an instance..

 

eg in the case of 10.0.0.0/24:

 

10.0.0.0 is the network address and so cant be used
-.1 is reserved for the vpc router
-.2 is reserved for mapping to aws dns
-.3 is reserved for aws future use

 

and 10.0.0.255 is the network broadcast address – aws does NOT support broadcasts in a vpc thus the address is reserved and not usable

 

 

This means for example – exam question!

 

if you need 29 addresses for ec2 instances, then you cant choose a subnet of /27 because that only means 32 -5 b0 27 ips

 

you will need to choose a subnet of the next size up, ie /26 which gives 64 addresses, ie 64 -5 = 59 which is fine

 

 

 

Tags:
Table of Contents