How to pick AWS CIDR within the CIDR ranges of VPC?
Clash Royale CLAN TAG#URR8PPP
When i try to add a new subnet in my VPC I get this message:
172.22.128.0/24CIDR is not within the CIDR ranges of VPC.
My current VPC CIDR is 172.22.130.0/28
Any help?
amazon-web-services subnet amazon-vpc
edited Jan 8 at 10:07
Bububu
1557
asked Jan 7 at 19:24
omar jallohomar jalloh
212
add a comment |
When i try to add a new subnet in my VPC I get this message:
172.22.128.0/24CIDR is not within the CIDR ranges of VPC.
My current VPC CIDR is 172.22.130.0/28
Any help?
amazon-web-services subnet amazon-vpc
edited Jan 8 at 10:07
Bububu
1557
asked Jan 7 at 19:24
omar jallohomar jalloh
212
add a comment |
When i try to add a new subnet in my VPC I get this message:
172.22.128.0/24CIDR is not within the CIDR ranges of VPC.
My current VPC CIDR is 172.22.130.0/28
Any help?
amazon-web-services subnet amazon-vpc
edited Jan 8 at 10:07
Bububu
1557
asked Jan 7 at 19:24
omar jallohomar jalloh
212
When i try to add a new subnet in my VPC I get this message:
172.22.128.0/24CIDR is not within the CIDR ranges of VPC.
My current VPC CIDR is 172.22.130.0/28
Any help?
amazon-web-services subnet amazon-vpc
amazon-web-services subnet amazon-vpc
edited Jan 8 at 10:07
Bububu
1557
asked Jan 7 at 19:24
omar jallohomar jalloh
212
edited Jan 8 at 10:07
Bububu
1557
asked Jan 7 at 19:24
omar jallohomar jalloh
212
edited Jan 8 at 10:07
Bububu
1557
edited Jan 8 at 10:07
Bububu
1557
edited Jan 8 at 10:07
Bububu
1557
1557
asked Jan 7 at 19:24
omar jallohomar jalloh
212
asked Jan 7 at 19:24
omar jallohomar jalloh
212
asked Jan 7 at 19:24
omar jallohomar jalloh
212
212
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.
Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.
For example:
Your VPC CIDR is
172.22.130.0/28where/28means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.
Also because the minimum subnet size is
/28you can really create only one subnet in your/28VPC and it has to have the same CIDR range, i.e.172.22.130.0/28.That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.
Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.
In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:
- Public A =
172.22.128.0/26(in Availability zone a, e.g. ap-southeast-2a) - Public B =
172.22.128.64/26(in AZ b, e.g. ap-southeast-2b) - Private A =
172.22.128.128/26(in AZ a again) - Private B =
172.22.128.192/26(in AZ b again)
That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.
If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:
- VPC CIDR =
172.22.128.0/22 - Public A =
172.22.128.0/24 - Public B =
172.22.129.0/24 - Private A =
172.22.130.0/24 - Private B =
172.22.131.0/24
For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances
Hope that helps :)
answered Jan 7 at 23:25
MLuMLu
7,20712040
Thank you so much! This really help!!
– omar jalloh
Jan 8 at 15:02
@omarjalloh I'm glad I could help :) If you're happy with the answer please upvote and accept it. Thanks!
– MLu
Jan 8 at 21:42
add a comment |
The subnet you're trying to add is
- not within your VPC's IP range
bigger than your VPC's IP range
As such, you can't add it.
Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.
answered Jan 7 at 19:29
ceejayozceejayoz
26.6k66390
Ok, any ideas what subnet range I can use?
– omar jalloh
Jan 7 at 19:42
2
@omarjalloh You should delete the VPC and start over. A/28is way too small for virtually any use case on AWS.
– ceejayoz
Jan 7 at 19:44
You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
– Tim
Jan 7 at 20:53
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947971%2fhow-to-pick-aws-cidr-within-the-cidr-ranges-of-vpc%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.
Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.
For example:
Your VPC CIDR is
172.22.130.0/28where/28means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.
Also because the minimum subnet size is
/28you can really create only one subnet in your/28VPC and it has to have the same CIDR range, i.e.172.22.130.0/28.That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.
Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.
In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:
- Public A =
172.22.128.0/26(in Availability zone a, e.g. ap-southeast-2a) - Public B =
172.22.128.64/26(in AZ b, e.g. ap-southeast-2b) - Private A =
172.22.128.128/26(in AZ a again) - Private B =
172.22.128.192/26(in AZ b again)
That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.
If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:
- VPC CIDR =
172.22.128.0/22 - Public A =
172.22.128.0/24 - Public B =
172.22.129.0/24 - Private A =
172.22.130.0/24 - Private B =
172.22.131.0/24
For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances
Hope that helps :)
answered Jan 7 at 23:25
MLuMLu
7,20712040
Thank you so much! This really help!!
– omar jalloh
Jan 8 at 15:02
@omarjalloh I'm glad I could help :) If you're happy with the answer please upvote and accept it. Thanks!
– MLu
Jan 8 at 21:42
add a comment |
The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.
Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.
For example:
Your VPC CIDR is
172.22.130.0/28where/28means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.
Also because the minimum subnet size is
/28you can really create only one subnet in your/28VPC and it has to have the same CIDR range, i.e.172.22.130.0/28.That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.
Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.
In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:
- Public A =
172.22.128.0/26(in Availability zone a, e.g. ap-southeast-2a) - Public B =
172.22.128.64/26(in AZ b, e.g. ap-southeast-2b) - Private A =
172.22.128.128/26(in AZ a again) - Private B =
172.22.128.192/26(in AZ b again)
That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.
If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:
- VPC CIDR =
172.22.128.0/22 - Public A =
172.22.128.0/24 - Public B =
172.22.129.0/24 - Private A =
172.22.130.0/24 - Private B =
172.22.131.0/24
For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances
Hope that helps :)
answered Jan 7 at 23:25
MLuMLu
7,20712040
Thank you so much! This really help!!
– omar jalloh
Jan 8 at 15:02
@omarjalloh I'm glad I could help :) If you're happy with the answer please upvote and accept it. Thanks!
– MLu
Jan 8 at 21:42
add a comment |
The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.
Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.
For example:
Your VPC CIDR is
172.22.130.0/28where/28means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.
Also because the minimum subnet size is
/28you can really create only one subnet in your/28VPC and it has to have the same CIDR range, i.e.172.22.130.0/28.That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.
Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.
In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:
- Public A =
172.22.128.0/26(in Availability zone a, e.g. ap-southeast-2a) - Public B =
172.22.128.64/26(in AZ b, e.g. ap-southeast-2b) - Private A =
172.22.128.128/26(in AZ a again) - Private B =
172.22.128.192/26(in AZ b again)
That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.
If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:
- VPC CIDR =
172.22.128.0/22 - Public A =
172.22.128.0/24 - Public B =
172.22.129.0/24 - Private A =
172.22.130.0/24 - Private B =
172.22.131.0/24
For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances
Hope that helps :)
answered Jan 7 at 23:25
MLuMLu
7,20712040
The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.
Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.
For example:
Your VPC CIDR is
172.22.130.0/28where/28means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.
Also because the minimum subnet size is
/28you can really create only one subnet in your/28VPC and it has to have the same CIDR range, i.e.172.22.130.0/28.That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.
Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.
In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:
- Public A =
172.22.128.0/26(in Availability zone a, e.g. ap-southeast-2a) - Public B =
172.22.128.64/26(in AZ b, e.g. ap-southeast-2b) - Private A =
172.22.128.128/26(in AZ a again) - Private B =
172.22.128.192/26(in AZ b again)
That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.
If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:
- VPC CIDR =
172.22.128.0/22 - Public A =
172.22.128.0/24 - Public B =
172.22.129.0/24 - Private A =
172.22.130.0/24 - Private B =
172.22.131.0/24
For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances
Hope that helps :)
answered Jan 7 at 23:25
MLuMLu
7,20712040
answered Jan 7 at 23:25
MLuMLu
7,20712040
answered Jan 7 at 23:25
MLuMLu
7,20712040
answered Jan 7 at 23:25
MLuMLu
7,20712040
7,20712040
Thank you so much! This really help!!
– omar jalloh
Jan 8 at 15:02
@omarjalloh I'm glad I could help :) If you're happy with the answer please upvote and accept it. Thanks!
– MLu
Jan 8 at 21:42
add a comment |
Thank you so much! This really help!!
– omar jalloh
Jan 8 at 15:02
@omarjalloh I'm glad I could help :) If you're happy with the answer please upvote and accept it. Thanks!
– MLu
Jan 8 at 21:42
Thank you so much! This really help!!
– omar jalloh
Jan 8 at 15:02
Thank you so much! This really help!!
– omar jalloh
Jan 8 at 15:02
@omarjalloh I'm glad I could help :) If you're happy with the answer please upvote and accept it. Thanks!
– MLu
Jan 8 at 21:42
@omarjalloh I'm glad I could help :) If you're happy with the answer please upvote and accept it. Thanks!
– MLu
Jan 8 at 21:42
add a comment |
The subnet you're trying to add is
- not within your VPC's IP range
bigger than your VPC's IP range
As such, you can't add it.
Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.
answered Jan 7 at 19:29
ceejayozceejayoz
26.6k66390
Ok, any ideas what subnet range I can use?
– omar jalloh
Jan 7 at 19:42
2
@omarjalloh You should delete the VPC and start over. A/28is way too small for virtually any use case on AWS.
– ceejayoz
Jan 7 at 19:44
You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
– Tim
Jan 7 at 20:53
add a comment |
The subnet you're trying to add is
- not within your VPC's IP range
bigger than your VPC's IP range
As such, you can't add it.
Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.
answered Jan 7 at 19:29
ceejayozceejayoz
26.6k66390
Ok, any ideas what subnet range I can use?
– omar jalloh
Jan 7 at 19:42
2
@omarjalloh You should delete the VPC and start over. A/28is way too small for virtually any use case on AWS.
– ceejayoz
Jan 7 at 19:44
You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
– Tim
Jan 7 at 20:53
add a comment |
The subnet you're trying to add is
- not within your VPC's IP range
bigger than your VPC's IP range
As such, you can't add it.
Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.
answered Jan 7 at 19:29
ceejayozceejayoz
26.6k66390
The subnet you're trying to add is
- not within your VPC's IP range
bigger than your VPC's IP range
As such, you can't add it.
Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.
answered Jan 7 at 19:29
ceejayozceejayoz
26.6k66390
answered Jan 7 at 19:29
ceejayozceejayoz
26.6k66390
answered Jan 7 at 19:29
ceejayozceejayoz
26.6k66390
answered Jan 7 at 19:29
ceejayozceejayoz
26.6k66390
26.6k66390
Ok, any ideas what subnet range I can use?
– omar jalloh
Jan 7 at 19:42
2
@omarjalloh You should delete the VPC and start over. A/28is way too small for virtually any use case on AWS.
– ceejayoz
Jan 7 at 19:44
You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
– Tim
Jan 7 at 20:53
add a comment |
Ok, any ideas what subnet range I can use?
– omar jalloh
Jan 7 at 19:42
2
@omarjalloh You should delete the VPC and start over. A/28is way too small for virtually any use case on AWS.
– ceejayoz
Jan 7 at 19:44
You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
– Tim
Jan 7 at 20:53
Ok, any ideas what subnet range I can use?
– omar jalloh
Jan 7 at 19:42
Ok, any ideas what subnet range I can use?
– omar jalloh
Jan 7 at 19:42
2
2
@omarjalloh You should delete the VPC and start over. A
/28 is way too small for virtually any use case on AWS.– ceejayoz
Jan 7 at 19:44
@omarjalloh You should delete the VPC and start over. A
/28 is way too small for virtually any use case on AWS.– ceejayoz
Jan 7 at 19:44
You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
– Tim
Jan 7 at 20:53
You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
– Tim
Jan 7 at 20:53
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947971%2fhow-to-pick-aws-cidr-within-the-cidr-ranges-of-vpc%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
