How to validate an invalid CIDR block?

Question

I have the following CIDR reserved for my VPC -> 10.0.0.0/22

What this tells me is that I have 10 bits leftover for my host ips or 1,024 addresses. I was attempting to compute the range of valid addresses, as Amazon asks for a valid IPv4 CIDR block when creating a new private subnet.

I figured 6/8 bits are taken from the 3rd octet and the last octet is all 0's, which leads me with an IP range of 10.0.0.0 -> 10.0.3.255.

As I come to the screen to actually pick my IPv4 CIDR block, I'm getting an "Invalid error", which is just validating that I don't understand how the math is actually working work. I typed in 10.0.2.1/28 which yields a Must be valid Ipv4 CIDR error.

My thought process:

This looked like it was in the range I had calculated and that I wanted my private subnet to reserve 16 IP addresses.

What am I doing wrong?

This two-part answer has a section that explains that and what the problem is, as well as all your IPv4 math. — Ron Maupin

John Hanley John Hanley · Accepted Answer · 2018-09-08T05:43:14

You are starting with a VPC 10.0.0.0/22. You are correct in that the valid addressing range is 10.0.0.0 -> 10.0.3.255.

Now you want to create a subnet from this VPC using /28 CIDR blocks. /28 means the last four bits are 0 to give you the range 0 -> 15. CIDR blocks must always begin on their own boundary. Examples for /28:

10.0.0.0 -> 10.0.0.15

10.0.0.16 -> 10.0.0.31

You tried to create a subnet with the CIDR block 10.0.2.1/28. This is invalid as it does not begin at offset 0 within the valid CIDR range for /28. You can create a valid subnet as 10.0.2.0/28 or 10.0.2.16/28, etc. Notice how the start of each subnet has the last four bits as 0.

A quick way to look at this is for any subnet, the host portion starts at 0 and ends in all ones.

How to validate an invalid CIDR block?

My thought process:

2 Answers