How Can We Help?

AWS CIDR – Classless Inter-Domain Routing

You are here:
< All Topics

classless inter-domain routing = CIDR is a method for allocating ip addresses


used in security group rules and aws networking


they define a network address range



CIDR has 2 components:


base ip: eg or




subnet mask: defines how many bits can change in the ip


eg /0, /24, /32


subnet mask


allows part of the underlying ip to obtain additional ip values from the base ip:


eg = 1 ip


but = 2 ip (.0 and .1)


/30 = 4 ip = 0.0 to 0.3


/29 = 8 ip


/28 = 16 ip


/27 = 32 ip


etc, all the way to /0 which means ALL ips!



A quick memo:


1st – 2nd – 3rd – 4th octet


/32 = no octet can change


/24 = the 4th can change


/16 = the last 2 octets 3rd and 4th can change


/8 = last 3 octets can change


/0 ALL octets can change



Another good way to memorize:


The subnet mask space starts at /32 : this is for 1 ip only

then for each value the number of ip addresses doubles…




/31 = 2 ips

/30 = 4 ips

/29 = 8 ip


/28 = 16 ips 


/27 = 32 ips


/26 = 64 ips


/25 = 128 ips


/24 = 256 ips


right up to 


/16 = 65,536 ips





private ips are the ranges – 10-255-255-255 and is used for big private networks – – this is the aws default range for vpcs – /16 – this is often used for home networks and small subnets


all other ip address ranges are public ip ranges




Default VPC Virtual Private Cloud of AWS


Note the following:


All new aws accounts are allocated automatically a default vpc


new EC2 instances are automatically launched in the default vpc unless a subnet is specifically specified


default vpc has internet connectivity and all EC2 instances within it also get public ipv4 addresses


we also get a public and a private ipv4 dns name


this default vpc approach makes it very easy for new customers to get started with aws.



MAX 5 VPCs per region


you can have a max of 5 VPCs in one region


max cidr per vpc is also 5 for each cidr


min size is /28 (16 ips)
max size is /16 (65536 ips)



as vpc is private, only the private ip range is allowed – always remember this!


ie – = – = – =


important also: do not let your cidrs on aws vpc overlap with any of your on-premises networks, in case you later want to interconnect them!


also important for exam and practice:

Reserved IPs with aws vpc1:


5 ips the first 4 and the last 1 of every subnet are always reserved and not available for use and so cant be assigned for an instance..


eg in the case of is the network address and so cant be used
-.1 is reserved for the vpc router
-.2 is reserved for mapping to aws dns
-.3 is reserved for aws future use


and is the network broadcast address – aws does NOT support broadcasts in a vpc thus the address is reserved and not usable



This means for example – exam question!


if you need 29 addresses for ec2 instances, then you cant choose a subnet of /27 because that only means 32 -5 b0 27 ips


you will need to choose a subnet of the next size up, ie /26 which gives 64 addresses, ie 64 -5 = 59 which is fine




Table of Contents