How to validate an invalid CIDR block?
I have the following CIDR reserved for my VPC -> 10.0.0.0/22
What this tells me is that I have 10 bits leftover for my host ips or 1,024 addresses. I was attempting to compute the range of valid addresses, as Amazon asks for a valid IPv4 CIDR block when creating a new private subnet.
I figured 6/8 bits are taken from the 3rd octet and the last octet is all 0's, which leads me with an IP range of 10.0.0.0 -> 10.0.3.255.
As I come to the screen to actually pick my IPv4 CIDR block, I'm getting an "Invalid error", which is just validating that I don't understand how the math is actually working work. I typed in 10.0.2.1/28 which yields a Must be valid Ipv4 CIDR error.
My thought process:
This looked like it was in the range I had calculated and that I wanted my private subnet to reserve 16 IP addresses.
What am I doing wrong?
Answer
You are starting with a VPC 10.0.0.0/22. You are correct in that the valid addressing range is 10.0.0.0 -> 10.0.3.255.
Now you want to create a subnet from this VPC using /28 CIDR blocks. /28 means the last four bits are 0 to give you the range 0 -> 15. CIDR blocks must always begin on their own boundary. Examples for /28:
10.0.0.0 -> 10.0.0.15
10.0.0.16 -> 10.0.0.31
You tried to create a subnet with the CIDR block 10.0.2.1/28. This is invalid as it does not begin at offset 0 within the valid CIDR range for /28. You can create a valid subnet as 10.0.2.0/28 or 10.0.2.16/28, etc. Notice how the start of each subnet has the last four bits as 0.
A quick way to look at this is for any subnet, the host portion starts at 0 and ends in all ones.