What is a correct IP4 CIDR for AWS?
Solution 1:
You need to create subnet, which is in range 10.0.0.0/16 .
For example:
10.0.0.0/24
10.2.0.128/25
etc
Solution 2:
TL;DR version (Amazon VPC FAQs)
- Read about CIDR Notation to understand what the below means.
- AWS VPC CIDR block size must be between
/16and/28, e.g.192.168.0.0/16 - Subnet CIDR block sizes must also be between
/16and/28and in reality should have smaller CIDR blocks than the VPC because you typically want more than one subnet per VPC. E.g.192.168.2.0/24 - The host-part of the CIDR must be zero'ed. I.e. this is valid:
192.168.0.0/16and this isn't:192.168.2.123/16 - Choose a block from RFC1918 private range addresses:
10.0.0.0/8,172.16.0.0/12, or192.168.0.0/16unless you really really know what you are doing.
Some explanation:
In IPv4 and IPv6 we sort of distinguish between network and host addresses. Hosts belong to networks, smaller networks belong to larger networks.
In case of IPv4 a host address looks like this: 192.168.2.123 - it's got 4 bytes which means 32 bits (1 byte = 8 bits).
CIDR notation is the standard way to describe network addresses. It uses a prefix notation to split the address to a network part and a host part where the prefix can be anywhere between /0 and /32, showing the number of bits from the left that are known.
A host address has all the 32 bits defined. That means our example instance address in CIDR notation can be written as 192.168.2.123/32 - we know all the bits.
This instance perhaps sits in a subnet 192.168.2.0/24 - 24 bits (= 3 bytes) from the left (192.168.2) are the CIDR block of the subnet, while the remaining 8 bits on the right are available for hosts.
Network addresses are hierarchical - VPC has a large network address block with subnets inside having smaller slices of the VPC network network address block. That means your VPC CIDR block can be for example 192.168.0.0/16 - the first 16 bits (192.168) is defined and everything in the VPC must have addresses that start with 192.168.: subnets, instances, RDS, load balancers, everything.
So to wrap up: an instance IP 192.168.2.123 (/32) belongs to subnet CIDR 192.168.2.0/24 which belongs to VPC CIDR 192.168.0.0/16. The undefined bits in the subnet and VPC addrs are always set to 0.
However the prefix lengths don't have to be aligned to bytes boundaries. This would also be a valid example: instance IP 192.168.2.123 (/32) belongs to subnet CIDR 192.168.2.64/26 which belongs to VPC CIDR 192.168.2.0/23. It's a bit more effort to work it out but it's completely valid.
Hope that helps :)