Aws vpc, Subnet, and CIDR
What is CIDR?
CIDR is short for Classless Inter-Domain Routing. Chinese is Classless Inter-Domain Routing. It is a method for creating additional addresses on the Internet. These addresses are provided to service providers (ISPs ),
Then, the ISP assigns the service to the customer. CIDR aggregates routes so that an IP address represents thousands of IP addresses served by the primary backbone provider, thus reducing the burden on Internet routers.
Why Choose CIDR and CIDR?
It has the following two functions:
1: As previously introduced, CIDR can reduce the burden on Internet routers.
2: CIDR can improve IP address Utilization
Let's introduce how CIDR implements the above two functions.
One of the most important actions of CIDR is route aggregation. The above two functions can be implemented through this action. Next we will introduce how CIDR implements these two functions through route aggregation.
I. CIDR reduces the burden on Internet Routers
Suppose we have the following four class c ip addresses:
1: 192.168.0.8/255.255.255.0/11000000.10101000.00000000.00000000
2: 192.168.1.9/255.255.255.0/112.1600.10101000.00000001.00000000
3: 192.168.2.10/255.255.255.0/112.1600.10101000.00000010.00000000
4: 192.168.3.11/255.255.255.0/112.1600.10101000.00000011.00000000
You can see that the network addresses of the above four IP addresses are different, so you need to configure the corresponding four routes to reach the corresponding network in the route table.
Next we will perform route aggregation. We can see that the first 22 bits of the binary addresses of the above four IP addresses are the same, so we can aggregate them into a network address, the CIDR expression format of this network address is 192.164.0.0/22. This address is interpreted as: the network address is 192.164.0.0, the first 22 are the network address, and the last 10 are the host address.
Therefore, you can configure the previous four class C addresses under this network, so that you only need to configure a route on the router to reach the 192.164.0.0/22 network, to reduce the burden on the vro.
Ii. CIDR improves IP address Utilization
Suppose we create a local area network, and there will be 500 hosts in the initial planning of this local area network. Therefore, we need 500 IP addresses and 500 IP addresses. This address is a Class B address, the format of this Class B address is as follows:
192.168.0.0/255.255.0.0/112.1600.10101000.20.2.16.00000000
This class B address has 256*256 = 65536 host addresses, but only 500 host addresses are required. This results in a waste of IP addresses. Next, we will perform route aggregation and only need 500 host addresses, therefore, the last nine digits must be the host address.
When the last nine digits are host addresses, there will be 512 host addresses. This will greatly reduce the address waste and greatly increase the address utilization. The aggregated network address is as follows:
192.168.254.0/23 (192.168.254.0/255.255.254.0/112.1600.10101000.11111110.00000000)
How do I apply CIDR on AWS VPC and Subnet?
On AWS, we need to first create a Virtual Private Cloud (VPC). We need to specify a CIDR address for this Cloud, add subnet to the cloud and specify the CIDR address for each subnet. Finally, we add a host to subnet.
The host address is automatically allocated to the Host Based on the host address of the subnet CIDR. The following example shows the process:
Create a VPC. The CIDR address of the VPC is as follows:
Default-vpc, 172.31.0.0/16,101 01100.000111.20.2.16.00000000
Next, you can add the following subnet to the VPC.
Default-subnet, 172.31.0.0/20,101 01100.000111.20.2.16.00000000
Public-subnet, 172.31.24.0/21,101 01100.000111.00011000.00000000
Private-subnet, 172.31.16.0/21,101 01100.000111.0002.16.00000000
From the preceding binary address, we can see that the intersection of all subnet and VPC network addresses is 10101100.00011111, that is, the first 16 bits are the same, which is exactly the VPC network address, therefore, you can smoothly Add the three subnet instances to the VPC.
Next, you can try to add the next subnet to the VPC to check whether it is successful.
Test-subnet, 172.31.0.0/21,101 01100.000111.20.2.16.00000000
This address cannot be added to the VPC because the 21-bit network address of test-subnet overlaps with the 20-bit network address of default-subnet, and thus cannot be added.
The rules for configuring VPC and subnet on AWS are summarized as follows: All subnet networks must be a subset of VPC network addresses and cannot overlap with other Subnet network addresses, in this way, you can specify a route for the VPC to reach all Subnet in the VPC.