classless inter-domain routing = CIDR is a method for allocating ip addresses
used in security group rules and aws networking
they define a network address range
CIDR has 2 components:
base ip: eg 10.0.0.0 or 192.168.0.0
and
subnet mask: defines how many bits can change in the ip
eg /0, /24, /32
subnet mask
allows part of the underlying ip to obtain additional ip values from the base ip:
eg 192.168.0.0/32 = 1 ip
but
192.168.0.0/31 = 2 ip (.0 and .1)
/30 = 4 ip = 0.0 to 0.3
/29 = 8 ip
/28 = 16 ip
/27 = 32 ip
etc, all the way to /0 which means ALL ips!
A quick memo:
1st – 2nd – 3rd – 4th octet
/32 = no octet can change
/24 = the 4th can change
/16 = the last 2 octets 3rd and 4th can change
/8 = last 3 octets can change
/0 ALL octets can change
Another good way to memorize:
The subnet mask space starts at /32 : this is for 1 ip only
then for each value the number of ip addresses doubles…
eg
/31 = 2 ips
/30 = 4 ips
/29 = 8 ip
/28 = 16 ips
/27 = 32 ips
/26 = 64 ips
/25 = 128 ips
/24 = 256 ips
right up to
/16 = 65,536 ips
private ips are the ranges 10.0.0.0 – 10-255-255-255 and 10.0.0.0/8 is used for big private networks
172.16.0.0 – 172.31.255.255 – this is the aws default range for vpcs
192.168.0.0 – 192.168.255.255 /16 – this is often used for home networks and small subnets
all other ip address ranges are public ip ranges
Default VPC Virtual Private Cloud of AWS
Note the following:
All new aws accounts are allocated automatically a default vpc
new EC2 instances are automatically launched in the default vpc unless a subnet is specifically specified
default vpc has internet connectivity and all EC2 instances within it also get public ipv4 addresses
we also get a public and a private ipv4 dns name
this default vpc approach makes it very easy for new customers to get started with aws.
MAX 5 VPCs per region
you can have a max of 5 VPCs in one region
max cidr per vpc is also 5 for each cidr
min size is /28 (16 ips)
max size is /16 (65536 ips)
as vpc is private, only the private ip range is allowed – always remember this!
ie
10.0.0.0 – 10.255.255.255 = 10.0.0.0/8
172.16.0.0 – 172.31.255.255 = 172.16.0.0/12
192.168.0.0 – 192.168.255.255 = 192.168.0.0/16
important also: do not let your cidrs on aws vpc overlap with any of your on-premises networks, in case you later want to interconnect them!
also important for exam and practice:
Reserved IPs with aws vpc1:
5 ips the first 4 and the last 1 of every subnet are always reserved and not available for use and so cant be assigned for an instance..
eg in the case of 10.0.0.0/24:
10.0.0.0 is the network address and so cant be used
-.1 is reserved for the vpc router
-.2 is reserved for mapping to aws dns
-.3 is reserved for aws future use
and 10.0.0.255 is the network broadcast address – aws does NOT support broadcasts in a vpc thus the address is reserved and not usable
This means for example – exam question!
if you need 29 addresses for ec2 instances, then you cant choose a subnet of /27 because that only means 32 -5 b0 27 ips
you will need to choose a subnet of the next size up, ie /26 which gives 64 addresses, ie 64 -5 = 59 which is fine