AWS Classless Inter-Domain Routing (CIDR) for IPv4 - Overview.
Scope:
- Intro,
- VPC CIDR Block Requirements.
- Subnet CIDR Sizing & Reservations,
- Table of Common CIDR Samples (Notation, Total addresses & Assignable Addresses),
- The concept of CIDR (Classless
Inter-Domain Routing),
- Structure of an IPv4 CIDR Block (format),
- Sample CIDR Block,
- CIDR Notation Breakdown,
- Explanation
- Sample Calculation for a CIDR Block (when twtech is given 10.0.0.0/16) ,
- CIDR Aggregation (Supernetting),
- Sample CIDR Aggregation (Supernetting) for network,
- CIDR in AWS VPC Design,
- Tools & Tips for CIDR Planning,
- CIDR in Security Context (AWS SGs & NACLs),
- Samples CIDR in Security Context (AWS SGs & NACLs)
- Architecture,
- Link to calculate CIDR to IP Range from the website,
- Insights.
Intro:
- In AWS, Classless Inter-Domain Routing (CIDR) is the notation used to define the range of IPv4 addresses for a Virtual Private Cloud (VPC) and its subnets.
- Classless Inter-Domain Routing (CIDR) represents an IP address followed by a slash and a number (the prefix length).
- The prefix length indicates the number of bits used for the network portion of the address.
VPC CIDR Block Requirements- When creating a VPC, twtech must specify a primary IPv4 CIDR block.
- Size Limits: The allowed block size is between a /16 netmask (65,536 addresses) and a /28 netmask (16 addresses).
- Private Ranges: AWS recommends using private IPv4 address ranges from RFC 1918, such as 10.0.0.0/16, 172.31.0.0/16, or 192.168.0.0/20.
- Secondary CIDRs: twtech can associate additional (secondary) CIDR blocks after creation to expand the VPC.
- But twtech cannot change the size of an existing block.
Subnet CIDR Sizing & Reservations- Subnet CIDR blocks must be a subset of the VPC's CIDR blocks and cannot overlap with other subnets in the same VPC.
- Subnet Size: Like VPCs, the size must be between /16 and /28.
- Reserved Addresses: In every subnet, AWS reserves exactly five IP addresses for internal networking.
NB:- The reserved five IP addresses cannot be assigned to resources like EC2 instances.
- The reserved five IP addresses are used for:
- Base address (e.g., .0): Network address.
- Base + 1 (e.g., .1): Reserved for the VPC router.
- Base + 2 (e.g., .2): Reserved for the AWS DNS server.
- Base + 3 (e.g., .3): Reserved by AWS for future use.
- Last address (e.g., .255): Network broadcast address.
NB:- AWS does not support broadcast address but still reserves this.
Table of Common CIDR Samples (Notation, Total addresses & Assignable Addresses)Notation Total Addresses Assignable Addresses (Total - 5) /16 65,536 65,531 /20 4,096 4,091 /24 256 251 /28 16 11
- CIDR (Classless Inter-Domain Routing) for IPv4 is a fundamental concept in networking, especially when designing:
- VPCs,
- Subnets,
- Routing in AWS or any cloud environment.
- In AWS, Classless Inter-Domain Routing (CIDR) is the notation used to define the range of IPv4 addresses for a Virtual Private Cloud (VPC) and its subnets.
- Classless Inter-Domain Routing (CIDR) represents an IP address followed by a slash and a number (the prefix length).
- The prefix length indicates the number of bits used for the network portion of the address.
VPC CIDR Block Requirements
- When creating a VPC, twtech must specify a primary IPv4 CIDR block.
- Size Limits: The allowed block size is between a /16 netmask (65,536 addresses) and a /28 netmask (16 addresses).
- Private Ranges: AWS recommends using private IPv4 address ranges from RFC 1918, such as 10.0.0.0/16, 172.31.0.0/16, or 192.168.0.0/20.
- Secondary CIDRs: twtech can associate additional (secondary) CIDR blocks after creation to expand the VPC.
- But twtech cannot change the size of an existing block.
Subnet CIDR Sizing & Reservations
- Subnet CIDR blocks must be a subset of the VPC's CIDR blocks and cannot overlap with other subnets in the same VPC.
- Subnet Size: Like VPCs, the size must be between /16 and /28.
- Reserved Addresses: In every subnet, AWS reserves exactly five IP addresses for internal networking.
- The reserved five IP addresses cannot be assigned to resources like EC2 instances.
- The reserved five IP addresses are used for:
- Base address (e.g., .0): Network address.
- Base + 1 (e.g., .1): Reserved for the VPC router.
- Base + 2 (e.g., .2): Reserved for the AWS DNS server.
- Base + 3 (e.g., .3): Reserved by AWS for future use.
- Last address (e.g., .255): Network broadcast address.
- AWS does not support broadcast address but still reserves this.
Table of Common CIDR Samples (Notation, Total addresses & Assignable Addresses)
| Notation | Total Addresses | Assignable Addresses (Total - 5) |
|---|---|---|
| /16 | 65,536 | 65,531 |
| /20 | 4,096 | 4,091 |
| /24 | 256 | 251 |
| /28 | 16 | 11 |
- CIDR (Classless Inter-Domain Routing) for IPv4 is a fundamental concept in networking, especially when designing:
- VPCs,
- Subnets,
- Routing in AWS or any cloud environment.
The concept of CIDR (Classless
Inter-Domain Routing)
- CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and routing Internet Protocol packets.
- CIDR (Classless Inter-Domain Routing) replaced the old classful addressing system (Class A, B, C) to make IP address allocation more efficient & flexible.
Structure of an IPv4 CIDR Block (format):
<IPv4 Address>/<Prefix Length>Sample CIDR Block
192.168.10.0/24
Explanation
192.168.10.0→ Network address/24→ Prefix length (number of bits representing the network)- The remaining (32 - 24 = 8) bits are reserved for host addresses.
CIDR
Notation Breakdown
|
CIDR |
Network
Bits |
Host
Bits |
#
of Hosts (Usable) |
Subnet
Mask |
Sample
Range |
|
/8 |
8 |
24 |
16,777,214 |
255.0.0.0 |
10.0.0.0 – 10.255.255.255 |
|
/16 |
16 |
16 |
65,534 |
255.255.0.0 |
192.168.0.0 – 192.168.255.255 |
|
/24 |
24 |
8 |
254 |
255.255.255.0 |
192.168.1.0 – 192.168.1.255 |
|
/28 |
28 |
4 |
14 |
255.255.255.240 |
192.168.1.0 – 192.168.1.15 |
Sample Calculation for a CIDR Block (when twtech is given 10.0.0.0/16)
- Network bits: 16
- Host bits: 16 → (32 – 16 = 16)
- Number of addresses: 2^16 = 65,536 total addresses
NB:
- Usable IP addresses = 65,534,
- Because:
- One IP address is reserved for network.
- Another IP address is reserved for broadcast,
CIDR Aggregation (Supernetting)
- CIDR allows grouping multiple contiguous networks into a single routing entry.
Sample CIDR Aggregation (Supernetting) for networks.
192.168.0.0/24192.168.1.0/24
This Can be
summarized as:
192.168.0.0/23
NB:
- This reduces routing table entries — critical in internet routing.
CIDR in AWS VPC
Design
- In AWS, twtech defines the VPC CIDR block, then subdivide it into subnets (Sample):
VPC CIDR: 10.0.0.0/16Subnets:
- Public Subnet A → 10.0.0.0/24
- Private Subnet A → 10.0.1.0/24
- Public Subnet B → 10.0.2.0/24
- Private Subnet B → 10.0.3.0/24
NB:
This allows for isolation and controlled routing.
Tools
& Tips for CIDR Planning
- CIDR Calculator:
- Tols like
cidr.xyz,ipcalc, or AWS VPC wizard help in visualizing ranges. - Avoid Overlap:
- Ensure CIDR ranges don’t overlap when peering or connecting networks.
- Private IPv4 Ranges (RFC 1918):
-
10.0.0.0/8→ Large enterprises -
172.16.0.0/12→ Mid-size -
192.168.0.0/16→ Small networks
CIDR
in Security Context (AWS SGs & NACLs)
- CIDR is used to define source/destination IP ranges in:
- Security Groups
- Network ACLs
- Route Tables
Samples CIDR in Security Context (AWS SGs & NACLs):
0.0.0.0/0→opentothe internet10.0.0.0/16→internalnetwork203.0.113.0/24→ specific corporate range
Architecture:
Link to calculate CIDR to IP Range from the website:
https://www.ipaddressguide.com/cidr
Insights: Advanced Topics
- VLSM (Variable Length Subnet Masking):
- Allows efficient IP allocation using variable subnet sizes.
- Route Summarization:
- Reduces route table size by combining multiple CIDRs.
- CIDR Overlaps in Multi-VPC / Hybrid Cloud:
- Must plan carefully to avoid conflicts with on-premises IP space.
- IPv6 Equivalent:
- Uses
/nnotation as well, but supports 128-bit addressing.
CIDR to IPv4 Conversion
- CIDR is the short for Classless Inter-Domain Routing,
an IP addressing scheme that replaces the older system based on classes A, B,
and C.
- A single IP address can be used to designate many
unique IP addresses with CIDR.
- A CIDR IP address looks like a normal IP address
except that it ends with a slash followed by a number, called the IP network
prefix.
- CIDR addresses reduce the size of routing tables and
make more IP addresses available within organizations.
No comments:
Post a Comment