Reputation: 970
How, via Terraform or Amazon VPC UI does one define VPC CIDR block for subnet of size not a power of 2?
My overall goal is to create a VPC of 1 public subnet + 3 private subnets, each having 4 usable IPs.
A previous Stackoverflow answer informs me that for each of the 4 usable-IP subnets I desire to create, I need an address range spanning 9 ips: Amazon VPC n^2 -4 IP Addresses? CIDR Block
All well and good. So we need to create 4 subnets each having 9 IP addresses.
How, in AWS VPS definition, do I express a CIDR range of 9 Ips? In CIDR, many sites explain, a range of 9 IPs is expressed by 2 numbers, for example:
10.0.0.0/29
10.0.0.8/32
But when I attempt to enter these 2 numbers the VPC console gives an error message:
Must be a valid CIDR block. The Amazon DNS server cannot resolve private DNS hostnames if your VPC's address range falls outside of the private IP address ranges specified by RFC 1918.
I could just allocate a range of 64 IPs and leave some unused. But that is not a thrifty solution.
Upvotes: 0
Views: 511
Answers (1)
Reputation: 13176
AWS VPC CIDR are not mutable! x 3
Unless you already have continuous-integration deployment/configuration that can rapidly deployed into VPC, better reserved space for expansion. Currently, the limit of VPC range from CIDR/16 to CIDR/28. You CANNOT use /29, in fact, there is 5 IP reserved : IP Subnet usage = 2 , AWS reserved = 3. Check out : VPC subnets
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS for mapping to the Amazon-provided DNS.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.
For private subnet , there is nothing about "waste", AWS NOT charging you by allocating "too broad range", but you will face problem if you create tiny subnet (e.g. CIDR/28) and plan to expand, e.g. launching multiple SPOT instance, create multiple availability zone, etc. Then you will regret of assigning tiny subnet and run into grave problem of routing, worst, no room for expansion, and need to tear down the whole VPC.
So this is I will suggest so you use this simple setup so you don't regret in the and say you cannot launch multiple SPOT instance.
VPC CIDR : 10.0.0.0/18
subnet 1 : 10.0.1.0/26
subnet 2 : 10.0.1.64/26
subnet 3 : 10.0.1.128/26
subnet 4 : 10.0.1.192/26
# if you need AZ
AZ subnet-1 : 10.0.2.0/26
AZ Subnet-2 : 10.0.2.64/26 .....
If you plan to create VPN from your intranet to AWS VPC later , then you must plan ahead and make sure your VPC CIDR and subnet doesn't conflict with your intranet CIDR IP range.
Nevertheless, you can do this.
VPC CIDR 10.0.0.0/27
Subnet 1 : 10.0.0.0/28
Subnet 2 : 10.0.0.16/28
Subnet 3 : 10.0.0.32/28
Subnet 4 : 10.0.0.48/28
NOTE : above setup give some spare space for multiple-AZ in different subnet, if you plan to use RDS. Nevertheless, it can be very confusing
Upvotes: 1
Related Questions
- AWS VPC identify private and public subnet
- Extract an unassigned subnet CIDR block from a fragmented VPC
- Is it possible to let AWS assign CIDR block for you based on block size and VPC CIDR?
- Use of CIDR in AWS VPC
- How can AWS use public IPV4 address range for a VPC and assign them as private IP addresses to its resources like EC2s
- AWS VPC Create Subnet in with different zone
- Getting 'Must be valid Ipv4 CIDR' error after passing subnet's CIDR block
- Conflict between IPv4 CIDR block for the VPC and recomended CIDR block size
- Is it mandatory for EC2 instance in AWS VPC to have IP addresses starting with 10.0.0.0?
- Error in creating multiple subnets in AWS VPC