What is a correct IP4 CIDR for AWS?

amazon-web-services cidr amazon-vpc

I am trying to create some new subnets and cannot get AWS to accept a CIDR IP4. I receive the message: Must be valid IPv4 CIDR. Nothing I try is accepted. What is a valid IP4 for this purpose, and why? See attached image> enter image description here

I tried :

  • 10.0.0.1/16
  • 10.0.1.0/16
  • 10.1.0.0/16
  • 10.0.0.255/16
  • 10.255.255.255/16
  • 128.128.128.128/16
  • 10.0.0.16/24
  • 10.0.0.14/24 ... this list goes on a bit. I also tried various CIDR calculators online which didn't give me a correct subnet IP4. Obviously without understanding what i'm being asked to input trying random numbers is useless. I also read the documentation on amazon, which made no sense to me, hence me asking this question. Can someone answer what they would enter in this box, so that I can understand by example?

Solution 1:

You need to create subnet, which is in range 10.0.0.0/16 .

For example:

10.0.0.0/24

10.2.0.128/25

etc

Solution 2:

TL;DR version (Amazon VPC FAQs)

  • Read about CIDR Notation to understand what the below means.
  • AWS VPC CIDR block size must be between /16 and /28, e.g. 192.168.0.0/16
  • Subnet CIDR block sizes must also be between /16 and /28 and in reality should have smaller CIDR blocks than the VPC because you typically want more than one subnet per VPC. E.g. 192.168.2.0/24
  • The host-part of the CIDR must be zero'ed. I.e. this is valid: 192.168.0.0/16 and this isn't: 192.168.2.123/16
  • Choose a block from RFC1918 private range addresses: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 unless you really really know what you are doing.

Some explanation:

In IPv4 and IPv6 we sort of distinguish between network and host addresses. Hosts belong to networks, smaller networks belong to larger networks.

In case of IPv4 a host address looks like this: 192.168.2.123 - it's got 4 bytes which means 32 bits (1 byte = 8 bits).

CIDR notation is the standard way to describe network addresses. It uses a prefix notation to split the address to a network part and a host part where the prefix can be anywhere between /0 and /32, showing the number of bits from the left that are known.

A host address has all the 32 bits defined. That means our example instance address in CIDR notation can be written as 192.168.2.123/32 - we know all the bits.

This instance perhaps sits in a subnet 192.168.2.0/24 - 24 bits (= 3 bytes) from the left (192.168.2) are the CIDR block of the subnet, while the remaining 8 bits on the right are available for hosts.

Network addresses are hierarchical - VPC has a large network address block with subnets inside having smaller slices of the VPC network network address block. That means your VPC CIDR block can be for example 192.168.0.0/16 - the first 16 bits (192.168) is defined and everything in the VPC must have addresses that start with 192.168.: subnets, instances, RDS, load balancers, everything.

So to wrap up: an instance IP 192.168.2.123 (/32) belongs to subnet CIDR 192.168.2.0/24 which belongs to VPC CIDR 192.168.0.0/16. The undefined bits in the subnet and VPC addrs are always set to 0.

However the prefix lengths don't have to be aligned to bytes boundaries. This would also be a valid example: instance IP 192.168.2.123 (/32) belongs to subnet CIDR 192.168.2.64/26 which belongs to VPC CIDR 192.168.2.0/23. It's a bit more effort to work it out but it's completely valid.

Hope that helps :)

Related

CPU load for high performance computing
What are people's experiences with Blackberry Enterprise Server?
Powershell provider for Sharepoint 2007
Cheap clustering for SQL server
Suggestions for Terminal Emulators on Linux, Windows and Mac [closed]
Windows Vista activation in VMWare
Can any hard drive of the same format be put into a hot-swap tray?
Setting up daemons on Mac OS X
BSOD Error codes
How can I render html at high resolution? [closed]
Can VLC play Blu-ray films?
How to search a collapsed file item in NERDTree vim plugin?