How to pick AWS CIDR within the CIDR ranges of VPC?












3














When i try to add a new subnet with CIDR, i got this message



172.22.128.0/24 CIDR is not within the CIDR ranges of VPC



My current VPC is 172.22.130.0/28



Any help ?






amazon-web-services subnet amazon-vpc






share



























    3














    When i try to add a new subnet with CIDR, i got this message



    172.22.128.0/24 CIDR is not within the CIDR ranges of VPC



    My current VPC is 172.22.130.0/28



    Any help ?






    amazon-web-services subnet amazon-vpc






    share

























      3












      3








      3







      When i try to add a new subnet with CIDR, i got this message



      172.22.128.0/24 CIDR is not within the CIDR ranges of VPC



      My current VPC is 172.22.130.0/28



      Any help ?






      amazon-web-services subnet amazon-vpc






      share













      When i try to add a new subnet with CIDR, i got this message



      172.22.128.0/24 CIDR is not within the CIDR ranges of VPC



      My current VPC is 172.22.130.0/28



      Any help ?






      amazon-web-services subnet amazon-vpc




      amazon-web-services subnet amazon-vpc





      share












      share










      share



      share










      asked 5 hours ago









      omar jallohomar jalloh

      162




      162






















          2 Answers
          2






          active

          oldest

          votes


















          2














          The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.



          Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.



          For example:





          • Your VPC CIDR is 172.22.130.0/28 where /28 means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.



            That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.




          • Also because the minimum subnet size is /28 you can really create only one subnet in your /28 VPC and it has to have the same CIDR range, i.e. 172.22.130.0/28.



            That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.




          Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.



          In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:




          • Public A = 172.22.128.0/26 (in Availability zone a, e.g. ap-southeast-2a)

          • Public B = 172.22.128.64/26 (in AZ b, e.g. ap-southeast-2b)

          • Private A = 172.22.128.128/26 (in AZ a again)

          • Private B = 172.22.128.192/26 (in AZ b again)


          That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.



          If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:




          • VPC CIDR = 172.22.128.0/22

          • Public A = 172.22.128.0/24

          • Public B = 172.22.129.0/24

          • Private A = 172.22.130.0/24

          • Private B = 172.22.131.0/24


          For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances



          Hope that helps :)






          share|improve this answer





























            0














            The subnet you're trying to add is




            1. not within your VPC's IP range


            2. bigger than your VPC's IP range


            As such, you can't add it.



            Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.






            share|improve this answer





















            • Ok, any ideas what subnet range I can use?
              – omar jalloh
              5 hours ago






            • 2




              @omarjalloh You should delete the VPC and start over. A /28 is way too small for virtually any use case on AWS.
              – ceejayoz
              5 hours ago










            • You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
              – Tim
              4 hours ago











            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "2"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947971%2fhow-to-pick-aws-cidr-within-the-cidr-ranges-of-vpc%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            2














            The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.



            Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.



            For example:





            • Your VPC CIDR is 172.22.130.0/28 where /28 means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.



              That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.




            • Also because the minimum subnet size is /28 you can really create only one subnet in your /28 VPC and it has to have the same CIDR range, i.e. 172.22.130.0/28.



              That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.




            Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.



            In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:




            • Public A = 172.22.128.0/26 (in Availability zone a, e.g. ap-southeast-2a)

            • Public B = 172.22.128.64/26 (in AZ b, e.g. ap-southeast-2b)

            • Private A = 172.22.128.128/26 (in AZ a again)

            • Private B = 172.22.128.192/26 (in AZ b again)


            That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.



            If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:




            • VPC CIDR = 172.22.128.0/22

            • Public A = 172.22.128.0/24

            • Public B = 172.22.129.0/24

            • Private A = 172.22.130.0/24

            • Private B = 172.22.131.0/24


            For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances



            Hope that helps :)






            share|improve this answer


























              2














              The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.



              Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.



              For example:





              • Your VPC CIDR is 172.22.130.0/28 where /28 means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.



                That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.




              • Also because the minimum subnet size is /28 you can really create only one subnet in your /28 VPC and it has to have the same CIDR range, i.e. 172.22.130.0/28.



                That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.




              Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.



              In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:




              • Public A = 172.22.128.0/26 (in Availability zone a, e.g. ap-southeast-2a)

              • Public B = 172.22.128.64/26 (in AZ b, e.g. ap-southeast-2b)

              • Private A = 172.22.128.128/26 (in AZ a again)

              • Private B = 172.22.128.192/26 (in AZ b again)


              That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.



              If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:




              • VPC CIDR = 172.22.128.0/22

              • Public A = 172.22.128.0/24

              • Public B = 172.22.129.0/24

              • Private A = 172.22.130.0/24

              • Private B = 172.22.131.0/24


              For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances



              Hope that helps :)






              share|improve this answer
























                2












                2








                2






                The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.



                Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.



                For example:





                • Your VPC CIDR is 172.22.130.0/28 where /28 means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.



                  That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.




                • Also because the minimum subnet size is /28 you can really create only one subnet in your /28 VPC and it has to have the same CIDR range, i.e. 172.22.130.0/28.



                  That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.




                Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.



                In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:




                • Public A = 172.22.128.0/26 (in Availability zone a, e.g. ap-southeast-2a)

                • Public B = 172.22.128.64/26 (in AZ b, e.g. ap-southeast-2b)

                • Private A = 172.22.128.128/26 (in AZ a again)

                • Private B = 172.22.128.192/26 (in AZ b again)


                That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.



                If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:




                • VPC CIDR = 172.22.128.0/22

                • Public A = 172.22.128.0/24

                • Public B = 172.22.129.0/24

                • Private A = 172.22.130.0/24

                • Private B = 172.22.131.0/24


                For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances



                Hope that helps :)






                share|improve this answer












                The best start is to refer to VPC and Subnet Basics which explains the VPC addressing and sizing reqirements.



                Not sure if you are familiar with CIDR addressing? Essentially the bigger the number after / the less hosts and subnets you can fit inside such network.



                For example:





                • Your VPC CIDR is 172.22.130.0/28 where /28 means that out of the 32 bits in the IP address the first 28 bits are the network address (that part has to be the same for all resources in your VPC) and only the remaining 4 bits (= 32 - 28) can be used to address your instances.



                  That gives you at most 24 = 16 IP addresses in your subnet. With 5 IPs reserved by AWS you can only use 11 IP addresses.




                • Also because the minimum subnet size is /28 you can really create only one subnet in your /28 VPC and it has to have the same CIDR range, i.e. 172.22.130.0/28.



                  That effectively prevents you from placing your instances in multiple availability zones because subnets can not span across AZs.




                Much better practice is to allocate rather large CIDR blocks for your VPC. At least /24 but even larger if you can. Where larger means /22 or /20 or even /16. That will give you an opportunity to create subnets in multiple availability zones and create both private and public (DMZ) subnets.



                In your case you can allocate 172.22.128.0/24 to the VPC and then create 4 subnets inside the VPC:




                • Public A = 172.22.128.0/26 (in Availability zone a, e.g. ap-southeast-2a)

                • Public B = 172.22.128.64/26 (in AZ b, e.g. ap-southeast-2b)

                • Private A = 172.22.128.128/26 (in AZ a again)

                • Private B = 172.22.128.192/26 (in AZ b again)


                That will give you around 60 IP addresses in each subnet and you can have some hosts in Private subnets and some in Public, you can balance load across availability zones, etc.



                If you want to go one step higher and allocate 172.22.128.0/22 to your VPC the addressing then would be like this:




                • VPC CIDR = 172.22.128.0/22

                • Public A = 172.22.128.0/24

                • Public B = 172.22.129.0/24

                • Private A = 172.22.130.0/24

                • Private B = 172.22.131.0/24


                For the difference between Public and Private subnets refer to this answer: NAT gateway for ec2 instances



                Hope that helps :)







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered 1 hour ago









                MLuMLu

                6,33711638




                6,33711638

























                    0














                    The subnet you're trying to add is




                    1. not within your VPC's IP range


                    2. bigger than your VPC's IP range


                    As such, you can't add it.



                    Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.






                    share|improve this answer





















                    • Ok, any ideas what subnet range I can use?
                      – omar jalloh
                      5 hours ago






                    • 2




                      @omarjalloh You should delete the VPC and start over. A /28 is way too small for virtually any use case on AWS.
                      – ceejayoz
                      5 hours ago










                    • You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
                      – Tim
                      4 hours ago
















                    0














                    The subnet you're trying to add is




                    1. not within your VPC's IP range


                    2. bigger than your VPC's IP range


                    As such, you can't add it.



                    Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.






                    share|improve this answer





















                    • Ok, any ideas what subnet range I can use?
                      – omar jalloh
                      5 hours ago






                    • 2




                      @omarjalloh You should delete the VPC and start over. A /28 is way too small for virtually any use case on AWS.
                      – ceejayoz
                      5 hours ago










                    • You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
                      – Tim
                      4 hours ago














                    0












                    0








                    0






                    The subnet you're trying to add is




                    1. not within your VPC's IP range


                    2. bigger than your VPC's IP range


                    As such, you can't add it.



                    Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.






                    share|improve this answer












                    The subnet you're trying to add is




                    1. not within your VPC's IP range


                    2. bigger than your VPC's IP range


                    As such, you can't add it.



                    Side note: I didn't know AWS would even let you make a /28 VPC. You'll only have fourteen usable IPs in there.







                    share|improve this answer












                    share|improve this answer



                    share|improve this answer










                    answered 5 hours ago









                    ceejayozceejayoz

                    26.5k66389




                    26.5k66389












                    • Ok, any ideas what subnet range I can use?
                      – omar jalloh
                      5 hours ago






                    • 2




                      @omarjalloh You should delete the VPC and start over. A /28 is way too small for virtually any use case on AWS.
                      – ceejayoz
                      5 hours ago










                    • You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
                      – Tim
                      4 hours ago


















                    • Ok, any ideas what subnet range I can use?
                      – omar jalloh
                      5 hours ago






                    • 2




                      @omarjalloh You should delete the VPC and start over. A /28 is way too small for virtually any use case on AWS.
                      – ceejayoz
                      5 hours ago










                    • You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
                      – Tim
                      4 hours ago
















                    Ok, any ideas what subnet range I can use?
                    – omar jalloh
                    5 hours ago




                    Ok, any ideas what subnet range I can use?
                    – omar jalloh
                    5 hours ago




                    2




                    2




                    @omarjalloh You should delete the VPC and start over. A /28 is way too small for virtually any use case on AWS.
                    – ceejayoz
                    5 hours ago




                    @omarjalloh You should delete the VPC and start over. A /28 is way too small for virtually any use case on AWS.
                    – ceejayoz
                    5 hours ago












                    You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
                    – Tim
                    4 hours ago




                    You can use /16 to /28 in AWS. A /28 is appropriate for a up to about 9 servers, which is a valid use case for some rare needs. Consider a single server that never needs to scale, has no ELB, etc, and your IP address range has to integrate with a large corporate range without NAT.
                    – Tim
                    4 hours ago


















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Server Fault!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f947971%2fhow-to-pick-aws-cidr-within-the-cidr-ranges-of-vpc%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    -

                    Popular posts from this blog

                    濃尾地震

                    Image
                    濃尾地震 『岐阜市街大地震之図』 歌川国利画 本震 発生日 1891年(明治24年)10月28日 発生時刻 6時38分50秒(JST) 震央 日本 岐阜県本巣郡西根尾村(現・本巣市) 北緯35度35分 東経136度20分( 地図 ) 規模    マグニチュード(M)8.0 最大震度    震度7: 注1 福井県今立郡鯖江町、愛知県葉栗郡大田島村、東春日井郡勝川村 地震の種類 直下型地震 被害 死傷者数 死者7,273人、負傷者17,175人 注1:当時の震度階級では「激烈」 プロジェクト:地球科学 プロジェクト:災害 テンプレートを表示 濃尾地震 (のうびじしん)は、1891年(明治24年)10月28日に濃尾地方で発生した、日本史上最大の内陸地殻内地震。「 美濃・尾張地震 (みの・おわりじしん)」とも呼ばれている。辛卯の年に発生したことから 辛卯震災 と呼んでいる報告書もある。 目次 1 概要 1.1 震源断層 2 被害 3 各地の震度 4 前兆現象 5 報道 6 学術的な意義 7 地震防災 8 脚注 9 関連項目 10 外部リンク 概要 濃尾地震発生当時の根尾谷断層 濃尾地震を引き起こした根尾谷断層 写真中央を斜めに走る段差が根尾谷断層 濃尾地震は、1891年10月28日6時38分50秒に発生した。震源は、岐阜県本巣郡西根尾村(現・本巣市)、北緯35度35分、東経136度20分付近。河角廣 (1951) は岐阜市付近(北緯35.6度、東経136.6度)に震央を仮定し規模 M K = 7.0 を与え [1] 、マグニチュードは M = 8.4 に換算されているが、明治・大正期の地震については0.5程度大きく見積もられているとされる [2] 。また、震央距離と震度との関係など当時のデータから後にM8.0 [3] とも推定される。アメリカ地質調査所 (USGS) でも8.0としている [4] 。「根尾谷断層帯」が活動した典型的な内陸地殻内地震(いわゆる直下型地震)であり、これは記録が残っている日本の内陸
                    Read more

                    How to rewrite equation of hyperbola in standard form

                    Image
                    2 $begingroup$ I was wondering about this question: $$ 9 x ^ 2 -4y^2-72x=0 $$ What is the step-by-step process of writing such an equation which, in this case, has the graph of a hyperbola in standard form? Please excuse me for my messy equation. As I am relatively new to Mathematics Stack Exchange, I do not know how to insert superscripts. Thank you ahead of time! calculus conic-sections share | cite | improve this question edited 2 hours ago Key Flex 8,637 6 12 33 asked 2 hours ago
                    Read more

                    No ethernet ip address in my vocore2

                    Image
                    0 I just flashed my vocore2u with openwrt 18.06.1, and plug it with an ethernet cable to access network while setting up wireless access-point for my phone. The AP is working and connected to the network, but the ip in my phone is in the subnet of another router. And there's no ip assigned to my vocore2 so I cannot ssh into it. After connecting to vocore2 with serial terminal, ping 8.8.8.8 is also failed. How can I make my vocore2 gain ip from the router and setting up the network well? root@OpenWrt:/etc/config# ifconfig apcli0 Link encap:Ethernet HWaddr BA:D8:12:07:01:71 inet6 addr: fe80::b8d8:12ff:fe07:171/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 erro
                    Read more