How to pick AWS CIDR within the CIDR ranges of VPC

amazon-vpcamazon-web-servicessubnet

When i try to add a new subnet in my VPC I get this message:

172.22.128.0/24 CIDR is not within the CIDR ranges of VPC.

My current VPC CIDR is 172.22.130.0/28

Any help?

Best Answer

The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.

Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.

For example:

Your VPC CIDR is 172.22.130.0/28 where /28 means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.

That gives you at most 2⁴ = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.
Also because the minimum subnet size is /28 you can really create only one subnet in your /28 VPC and it has to have the same CIDR range, i.e. 172.22.130.0/28.

That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.

Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.

In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:

Public A = 172.22.128.0/26 (in Availability zone a, e.g. ap-southeast-2a)
Public B = 172.22.128.64/26 (in AZ b, e.g. ap-southeast-2b)
Private A = 172.22.128.128/26 (in AZ a again)
Private B = 172.22.128.192/26 (in AZ b again)

That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.

If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:

VPC CIDR = 172.22.128.0/22
Public A = 172.22.128.0/24
Public B = 172.22.129.0/24
Private A = 172.22.130.0/24
Private B = 172.22.131.0/24

For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances

Hope that helps :)

Best Answer

Related Solutions

Connecting two AWS VPC Regions of the same CIDR range

How to get the VPC CIDR range from within an AWS Instance

Related Topic