Scope:
- Intro,
- Core AWS CIDR Constraints,
- Links to Detailed documentation,
- The Concept of CIDR & Subnet Masks (Definitions),
- Table for CIDR vs Subnet Mask Relationship,
- How CIDR Defines Subnet Boundaries,
- Table for CIDR & Subnet Mask in AWS VPCs (Sample VPC design),
- Key Insights.
Intro:
- In AWS, Classless Inter-Domain Routing (CIDR) notation is the standard method for defining IP address ranges for Virtual Private Clouds (VPCs) & subnets.
- Classless Inter-Domain Routing (CIDR) notation replaces traditional IP classes with a flexible system where a slash is followed by a number (the subnet mask or prefix length).
- The subnet mask or prefix length indicates how many bits represent the network portion of the address.
- AWS enforces specific size limits for IPv4 CIDR blocks:
- Allowed block sizes range from a /16 (65,536 addresses) to a /28 (16 addresses).
- A VPC CIDR cannot be changed once created, though additional secondary CIDR blocks can be added.
- Subnet CIDR blocks must be a subset of the VPC's CIDR block and cannot overlap with other subnets in the same VPC.
- In every AWS subnet, five IP addresses are reserved and cannot be assigned to resources like EC2 instances:
- Network address (e.g., 10.0.0.0)
- VPC router (e.g., 10.0.0.1)
- DNS server (e.g., 10.0.0.2)
- Future use (e.g., 10.0.0.3)
- Network broadcast address (e.g., 10.0.0.255)
| CIDR | Subnet Mask | Total Addresses | Usable AWS Addresses |
|---|---|---|---|
| /16 | 255.255.0.0 | 65,536 | 65,531 |
| /20 | 255.255.240.0 | 4,096 | 4,091 |
| /24 | 255.255.255.0 | 256 | 251 |
| /28 | 255.255.255.240 | 16 | 11 |
https://docs.aws.amazon.com/vpc/latest/userguide/subnet-sizing.html
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html
- We are tring to Understand:
- How CIDR and Subnet Masks are related.
- How subnet masks define network boundaries.
- How this network boundaries impacts IP design in VPCs and routing.
The
Concept of CIDR
& Subnet Masks (Definitions).
- Both the CIDR
and Subnet Masks define how an IP network
is divided between network and host portions.
|
Concept |
Definition |
|
CIDR (Classless
Inter-Domain Routing) |
Expresses the number of bits used
for the network prefix (e.g., /24). |
|
Subnet Mask |
Binary or dotted-decimal representation
of those network bits (e.g., 255.255.255.0). |
Table for CIDR vs Subnet Mask
Relationship
|
CIDR |
Subnet
Mask |
#
of Networks |
#
of Hosts (Usable) |
Example
Range |
|
/8 |
255.0.0.0 |
1 |
16,777,214 |
10.0.0.0 – 10.255.255.255 |
|
/16 |
255.255.0.0 |
256 |
65,534 |
10.0.0.0 – 10.0.255.255 |
|
/24 |
255.255.255.0 |
65,536 |
254 |
10.0.0.0 – 10.0.0.255 |
|
/28 |
255.255.255.240 |
1,048,576 |
14 |
10.0.0.0 – 10.0.0.15 |
Subnet Mask Binary Breakdown
- Each subnet mask octet can be visualized as a series of 1s for network bits and 0s for host bits:
|
CIDR |
Subnet Mask |
Binary Representation |
|
/8 |
255.0.0.0 |
11111111.00000000.00000000.00000000 |
|
/16 |
255.255.0.0 |
11111111.11111111.00000000.00000000 |
|
/24 |
255.255.255.0 |
11111111.11111111.11111111.00000000 |
|
/28 |
255.255.255.240 |
11111111.11111111.11111111.11110000 |
NB:
· The more 1s, the more network bits —
smaller subnets, fewer hosts.
How CIDR Defines
Subnet Boundaries
Sample: 10.0.0.0/24
- Network bits: first 24 bits → 10.0.0
- Host bits: last 8 bits → range for hosts
- 10.0.0.1 – 10.0.0.254
- Total usable hosts: 254
· To subnet further to: /28 = we divide /24 into 16 smaller subnets:
- 10.0.0.0/28 → 10.0.0.0 – 10.0.0.15
- 10.0.0.16/28 → 10.0.0.16 – 10.0.0.31
- 10.0.0.240/28 → 10.0.0.240 –
10.0.0.255
Table for CIDR & Subnet Mask in AWS VPCs (Sample VPC design):
|
Layer |
CIDR |
Subnet Mask |
Purpose |
|
VPC |
10.0.0.0/16 |
255.255.0.0 |
Entire virtual
network |
|
Public
Subnet |
10.0.1.0/24 |
255.255.255.0 |
Internet-facing
instances |
|
Private
Subnet |
10.0.2.0/24 |
255.255.255.0 |
Internal
workloads |
|
Database
Subnet |
10.0.3.0/28 |
255.255.255.240 |
RDS isolated
zone |
Key Insights
- CIDR simplifies
representation –
/24 is easier than 255.255.255.0.
- Subnet masks are crucial for routers and firewalls, which interpret them at binary level.
- CIDR aggregation (supernetting) improves routing efficiency.
- Overlapping CIDRs cause connectivity conflicts — always plan network ranges carefully.
Quick Conversion
Reference
|
CIDR |
Subnet Mask |
Hosts |
Networks (per /16) |
|
/17 |
255.255.128.0 |
32,766 |
2 |
|
/18 |
255.255.192.0 |
16,382 |
4 |
|
/19 |
255.255.224.0 |
8,190 |
8 |
|
/20 |
255.255.240.0 |
4,094 |
16 |
|
/21 |
255.255.248.0 |
2,046 |
32 |
|
/22 |
255.255.252.0 |
1,022 |
64 |
|
/23 |
255.255.254.0 |
510 |
128 |
|
/24 |
255.255.255.0 |
254 |
256 |
No comments:
Post a Comment