How to validate an invalid CIDR block?

Asked 8/9, 2018 at 5:16 Answered 3/4, 2019 at 15:44

Solved amazon-web-services networking ip subnet vpc

I have the following CIDR reserved for my VPC -> 10.0.0.0/22

What this tells me is that I have 10 bits leftover for my host ips or 1,024 addresses. I was attempting to compute the range of valid addresses, as Amazon asks for a valid IPv4 CIDR block when creating a new private subnet.

I figured 6/8 bits are taken from the 3rd octet and the last octet is all 0's, which leads me with an IP range of 10.0.0.0 -> 10.0.3.255.

As I come to the screen to actually pick my IPv4 CIDR block, I'm getting an "Invalid error", which is just validating that I don't understand how the math is actually working work. I typed in 10.0.2.1/28 which yields a Must be valid Ipv4 CIDR error.

My thought process:

This looked like it was in the range I had calculated and that I wanted my private subnet to reserve 16 IP addresses.

What am I doing wrong?

Caricature answered 8/9, 2018 at 5:16 Comment(1)

This two-part answer has a section that explains that and what the problem is, as well as all your IPv4 math. – Jibe 3/4, 2019 at 15:48

You are starting with a VPC 10.0.0.0/22. You are correct in that the valid addressing range is 10.0.0.0 -> 10.0.3.255.

Now you want to create a subnet from this VPC using /28 CIDR blocks. /28 means the last four bits are 0 to give you the range 0 -> 15. CIDR blocks must always begin on their own boundary. Examples for /28:

10.0.0.0 -> 10.0.0.15

10.0.0.16 -> 10.0.0.31

You tried to create a subnet with the CIDR block 10.0.2.1/28. This is invalid as it does not begin at offset 0 within the valid CIDR range for /28. You can create a valid subnet as 10.0.2.0/28 or 10.0.2.16/28, etc. Notice how the start of each subnet has the last four bits as 0.

A quick way to look at this is for any subnet, the host portion starts at 0 and ends in all ones.

Grouchy answered 8/9, 2018 at 5:43 Comment(4)

Ah, that was the key I was missing that they needed to begin on their own boundary. Thanks a lot for writing this up. – Caricature 8/9, 2018 at 5:54

I'm not quite sure I understand what you mean by "Notice how the start of each subnet has the last four bits as 0". You just mean this one address? 10.0.0.0 – Caricature 8/9, 2018 at 6:30

For all of the examples that I showed, the last four bits (least significant bits) are 0. Those bits are the host portion of the subnet. – Grouchy 8/9, 2018 at 6:38

If you convert 10.0.2.16 to hex 0A.00.02.10, the last octet (0x10) has the bit pattern 0001 0000. The last four bits are zeros. The upper valid address in hex is 0A.00.02.1F. Notice how the last four bits are all ones. – Grouchy 8/9, 2018 at 6:43

I just want you to tell you the rules to choose CIDR block as follows:

All the IP address should be in contigious.
The number of IP's you can get is in the power of 2ⁿ
First IP address in the block should be evenly divisible by the size of block i.e. (2ⁿ).

Third point is important as well as related to second point.

10.0.2.1/28 - It is not the proper CIDR block ID.

As 3rd point here not followed.

Pastoral answered 3/4, 2019 at 15:44 Comment(0)

My thought process:

Recommended topics

Hot tags