Error when creating private subnets within AWS VPC

Question

I am currently trying to create a VPC with multiple subnets in AWS. Unfortunately, whenever I go to design the subnets within the VPC I am getting errors. This is my VPC design:

VPC: 10.82.0.0/16

Private Subnets:

• 10.82.96.0/21
• 10.82.119.0/21
• 10.82.194.0/21
• 10.82.212.0/21

The Error I get is the following for each subnet CIDR except 10.82.96.0/21:

Must be a valid CIDR block.

What am I doing wrong? I just want to create multiple private subnets in this VPC.

Answer 1

A /21 is quite an unusual netmask to be using. It contains 2048 IP addresses.

The netmask for /21 would be:

11111111.11111111.11111000.00000000

Only the zeroes are allowed to change. In binary, 100000000000 is equivalent to 2048 in decimal and 1000 in binary is 8 in decimal.

This means that the second last number would be a multiple of 8 (eg 0, 8, 16, 32).

However, you have not chosen IP addresses that start in a /21 range.

Your chosen subnets would have the following IP address ranges:

CIDR            First address   Last address
10.82.96.0/21   10.82.96.0      10.82.103.255  Good!
10.82.119.0/21  10.82.112.0     10.82.119.255  Invalid
10.82.194.0/21  10.82.192.0     10.82.199.255  Invalid
10.82.212.0/21  10.82.208.0     10.82.215.255  Invalid

Note that the first line is good because 96 is divisible by 8. Therefore, it is valid in a /21 CIDR.

However, the subsequent lines do not start on a /21 boundary. They are invalid CIDR values.

I highly recommend using a CIDR calculator when determining difficult IP ranges.