AWS VPC, subnet, and CIDR

What is CIDR?

CIDR is an abbreviation for the English Classless Inter-Domain routing, which is classless inter-domain Routing and is a method of creating an additional address on the Internet that is provided to the service provider (ISP),

The ISP is then assigned to the customer. CIDR reduces the burden on the Internet router by centralizing the route so that an IP address represents the thousands of IP addresses of the primary backbone provider service.

Why Choose CIDR,CIDR?

There are two main functions:

1: As described earlier, CIDR can reduce the burden on Internet routers

2:CIDR can increase the utilization of IP addresses

Let's introduce how CIDR achieves the above two functions.

One of the most important actions in CIDR is Route aggregation, which allows you to implement two functions as described above, followed by an example of how CIDR implements these two functions through route aggregation.

One: CIDR features reduce the burden of Internet routers

Suppose we have the following 4 classes of Class C IP addresses

1:192.168.0.8/255.255.255.0/11000000.10101000.00000000.00000000

2:192.168.1.9/255.255.255.0/11000000.10101000.00000001.00000000

3:192.168.2.10/255.255.255.0/11000000.10101000.00000010.00000000

4:192.168.3.11/255.255.255.0/11000000.10101000.00000011.00000000

You can see that the network addresses of the above 4 IP addresses are different, so the routing table above needs to configure the corresponding 4 routes to reach the corresponding network.

Next route aggregation, you can see the above 4 IP address of the binary address of the first 22 bits are the same, so it can be aggregated into a network address, the CIDR expression format of this network address is 192.164.0.0/22, the address is interpreted as, The address of this network is 192.164.0.0, and the first 22 bits are the network address and the last 10 bits are the host address.

Therefore, the previous 4 C-class addresses can now be placed under this network, so that only one route on the router must be configured to reach the 192.164.0.0/22 network, so as to reduce the burden of the router.

Second: Increase the utilization of IP address by CIDR function

Suppose we set up a local area network, the initial planning of this LAN will have 500 hosts, so requires 500 IP addresses, 500 IP addresses need this address is a Class B address, this class B address format is as follows

192.168.0.0/255.255.0.0/11000000.10101000.00000000.00000000

This class B address has 256*256=65536 host address, but only requires 500 host address, resulting in a waste of IP address, next to do the route aggregation, only 500 host address, so need to the latter 9 is the host address

The latter 9-bit is the host address means there will be 512 host addresses, so that the address waste will be greatly reduced, the utilization of the address will greatly increase, the aggregated network address is as follows:

192.168.254.0/23 (192.168.254.0/255.255.254.0/11000000.10101000.11111110.00000000)

How CIDR is applied on AWS ' VPC and subnet?

On AWS We need to first create a VPC virtual private cloud, we need to specify a CIDR address for the cloud, then add subnet to the cloud and specify CIDR addresses for each subnet. Finally we add the host to subnet, AWS

The host address is automatically assigned to the host based on the host address owned by the subnet CIDR, followed by an example of the process:

First create a VPC with the following CIDR address

DEFAULT-VPC, 172.31.0.0/16, 10101100.00011111.00000000.00000000

Next you can add the following to this VPC subnet

Default-subnet, 172.31.0.0/20, 10101100.00011111.00000000.00000000

Public-subnet, 172.31.24.0/21, 10101100.00011111.00011000.00000000

Private-subnet, 172.31.16.0/21, 10101100.00011111.00010000.00000000

From the binary address above you can see that all subnet and VPC network address intersection is 10101100.00011111, that is, the first 16 bits are the same, this is exactly the network address of the VPC, so you can successfully add these 3 subnet to the VPC

Next, try adding the following subnet to your VPC to see if you can succeed

Test-subnet, 172.31.0.0/21, 10101100.00011111.00000000.00000000

This address is not allowed to join the VPC because Test-subnet's 21-bit network address overlaps with Default-subnet's 20-bit network address, and therefore joins failed.

This concludes that the rules for configuring VPC and subnet on AWS are that all subnet networks must be a subset of the VPC network addresses and cannot overlap with other subnet network addresses, so you can specify a route for the VPC to reach all the subnet within the VPC.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

AWS VPC, subnet, and CIDR