How, via Terraform or Amazon VPC UI does one define VPC CIDR block for subnet of size not a power of 2?

0
votes

My overall goal is to create a VPC of 1 public subnet + 3 private subnets, each having 4 usable IPs.

A previous Stackoverflow answer informs me that for each of the 4 usable-IP subnets I desire to create, I need an address range spanning 9 ips: Amazon VPC n^2 -4 IP Addresses? CIDR Block

All well and good. So we need to create 4 subnets each having 9 IP addresses.

How, in AWS VPS definition, do I express a CIDR range of 9 Ips? In CIDR, many sites explain, a range of 9 IPs is expressed by 2 numbers, for example:
10.0.0.0/29 10.0.0.8/32

But when I attempt to enter these 2 numbers the VPC console gives an error message:

Must be a valid CIDR block. The Amazon DNS server cannot resolve private DNS hostnames if your VPC's address range falls outside of the private IP address ranges specified by RFC 1918.

I could just allocate a range of 64 IPs and leave some unused. But that is not a thrifty solution.

1
amazon-ec2tcp-ipsubnetamazon-vpccidr
if you read Sqlbot answer carefully, you will notice it is 5 reserved IP, not 4.mootmoot
Thanks Mootmoot. Just so I understand, I say above: I require the use of 4 ips per subnet, 5 will be reserved by Amazon. Therefore, I need to allocate 9 ips per subnet (4 usable ips; + the 5 that will be reserved by Amazon).Ben Weaver
If you insist, the smaller VPC CIDR you should use should be /27. Then you can use CIDR/28 for your subnet. But there is little point of setting a tiny VPC CIDR. You just set tiny subnet /CIDR, not VPC/CIDR.mootmoot

1 Answers

0
votes

AWS VPC CIDR are not mutable! x 3

Unless you already have continuous-integration deployment/configuration that can rapidly deployed into VPC, better reserved space for expansion. Currently, the limit of VPC range from CIDR/16 to CIDR/28. You CANNOT use /29, in fact, there is 5 IP reserved : IP Subnet usage = 2 , AWS reserved = 3. Check out : VPC subnets

10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS for mapping to the Amazon-provided DNS.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.

For private subnet , there is nothing about "waste", AWS NOT charging you by allocating "too broad range", but you will face problem if you create tiny subnet (e.g. CIDR/28) and plan to expand, e.g. launching multiple SPOT instance, create multiple availability zone, etc. Then you will regret of assigning tiny subnet and run into grave problem of routing, worst, no room for expansion, and need to tear down the whole VPC.

So this is I will suggest so you use this simple setup so you don't regret in the and say you cannot launch multiple SPOT instance.

VPC CIDR : 10.0.0.0/18
subnet 1 : 10.0.1.0/26
subnet 2 : 10.0.1.64/26 
subnet 3 : 10.0.1.128/26 
subnet 4 : 10.0.1.192/26
# if you need AZ 
AZ subnet-1 : 10.0.2.0/26
AZ Subnet-2 : 10.0.2.64/26 .....

If you plan to create VPN from your intranet to AWS VPC later , then you must plan ahead and make sure your VPC CIDR and subnet doesn't conflict with your intranet CIDR IP range.

Nevertheless, you can do this. 

   VPC CIDR 10.0.0.0/27
   Subnet 1 : 10.0.0.0/28
   Subnet 2 : 10.0.0.16/28
   Subnet 3 : 10.0.0.32/28
   Subnet 4 : 10.0.0.48/28

NOTE : above setup give some spare space for multiple-AZ in different subnet, if you plan to use RDS. Nevertheless, it can be very confusing