An IPv4 address (e.g. 10.0.0.0) has four 8-bit decimal numbers (separated by dots) for a total of 32 bits.
Each number separated by a dot is called an Octet.
Why is this important? The CIDR block (e.g. /16) tells us what our starting range is, how many IP addresses will be allocated, how many bits are being used, and how the octets will be affected.
How do we determine how many IP addresses are in, for example, a /16 CIDR block?
Since there are 32 bits in IPv4 addresses, we can use the following formula:
32 - 16 = 16.
216 = 65,536 addresses
Another example with /20:
32 - 20 = 12
212 = 4,096 addresses
This shows us that a CIDR block of /20 will have fewer addresses than a CIDR block of /16 or /18, /19, etc.
AWS only allows VPC CIDR block sizes to be between /16 and /28. Typically, we will want to create VPCs with a CIDR block of /16, so we will have plenty of IPs to allocate to our subnets and resources. With this in mind, let us start with creating a VPC with a CIDR range of 10.0.0.0/16. In this case, /16 specifies that the first 16 bits (two octets) will not change, only the 3rd and 4th octets will change.
This means that any Private IP address in our VPC network will always start with 10.0. For example, let's say we want to make another VPC outside of this network of IPs. 10.1.0.0/16 will work because it is outside the range of IPs being allocated by our 10.0 network.
To calculate the ending address, we need to write out the bits in binary form.
10.0.0.0/16 will be written as:
11111111.11111111.00000000.00000000
Notice how there are sixteen (16) 1s (8 per octet)?
Flip the 0s to 1s and vice versa:
00000000.00000000.11111111.11111111
Now we can convert the binary bits to decimal to get the ending address:
Ending address: 10.0.255.255/16.
Determine the total IPs allocated in a CIDR block and what the ending address will be; this should make creating subnets really easy.
Using the example of a subnet with a starting address of 10.0.0.0/20, we can determine that this will have an ending address of 10.0.15.255/20.
Since all of the addresses between 10.0.0.0/20 and 10.0.15.255/20 will be allocated to this subnet, we can create another subnet using 10.0.16.0/20, which will have an ending address of 10.0.31.255/20.
This shows us that CIDR blocks of /20 will iterate by 16 on the 3rd octet.
Example:
Subnet1: 10.0.0.0/20
Subnet2: 10.0.16.0/20
Subnet3: 10.0.32.0/20
What if we want to slot in a smaller subnet of /24 between our /20 subnets?
We would not be able to since the addresses would all be used up. However, we could slot them afterwards.
Example:
Subnet1: 10.0.0.0/20 (4,096 addresses)
Subnet2: 10.0.16.0/20 (4,096 addresses)
Subnet3: 10.0.32.0/20 (4,096 addresses)
Subnet4: 10.0.48.0/24 (256 addresses)
Subnet5: 10.0.49.0/24 (256 addresses)
Could we then use 10.0.50.0/20 for Subnet6?
We could not because remember, the scheme of /20 CIDR blocks is that they iterate by 16 on the third octet, so we should have to use 10.0.64.0/20 instead.
Simply input the VPC starting address (e.g. 10.0.0.0) and select the subnet CIDR (e.g. /20) to see all of the possible subnets that can be created by referencing the left-most column.
Understanding CIDR basics is important for anyone interested in how networks operate. At its core, CIDR enables the grouping of IP addresses in a way that maximizes the use of available addresses. This means that rather than being limited to fixed group sizes, network administrators can allocate addresses based on actual needs. By learning CIDR basics, individuals can appreciate how this system supports the growth of the internet and the increasing number of devices connected to it. Overall, CIDR is crucial for maintaining an efficient and scalable network environment.