DEV Community

Cover image for AWS Networking: Understanding CIDR Notation
AWS Community Builders profile image Samia Khan
Samia Khan for AWS Community Builders

Posted on

AWS Networking: Understanding CIDR Notation

#aws #networking #devops #architecture

Having a solid grasp of networking fundamentals is essential to understanding complex AWS architectures. I first came across CIDR notation in my early days of working as a Network Engineer and it took me a while to wrap my head around it.

I've decided to revisit core networking concepts focusing particularly on how they apply in the AWS ecosystem, and where better to start than with refreshing my knowledge on a topic that was a pain to initially understand.

CIDR Calculation

An IPv4 address is a 32-bit number and each of those four decimal numbers is a group of 8 bits (an octet).

For example 10.1.3.0 is:

10 → 00001010 (8 bits)

1 → 00000001 (8 bits)

3 → 00000011 (8 bits)

0 → 00000000 (8 bits)

If you put them all together, you get a 32-bit binary string:

00001010 00000001 00000011 00000000

When it comes to CIDR notation, what we're trying to understand is how many of those bits are reserved for the network and how many are left for hosts. The way to calculate the number of addresses in a range is:
1: 32 - (CIDR prefix) = Host bits
2: 2^(Host bits) = Total IPs
3: Total IPs - 2 = Usable IPs

/8
32 - 8 = 24
2^24 = 16,777,216
Usable = 16,777,214

We subtract 2 because one IP is reserved for the network address and one for the broadcast address

A useful site to help you visualise this -> cidr.xyz

How does this relate to AWS?

When you create a new VPC it must be assigned a CIDR block which defines the IP address range that your subnets will be created from. For example you can create a VPC using 10.0.0.0/16 with /24 subnets inside it.

AWS reserves 5 IPs in every subnet so the usable count is actually:

/24 subnet → 251 usable (instead of 254).

/28 subnet → 11 usable (instead of 14).

The reserved addresses are:

  • Network address
  • VPC router
  • AWS DNS
  • Future use
  • Broadcast address

If you create a /28 subnet in AWS, you only get 11 usable IPs which might not be enough if you’re planning to launch multiple EC2 instances, a NAT Gateway, and other services in the same subnet.

AWS often recommends starting with /16 VPCs and then carving them into /24 or /20 subnets depending on your workload size.

Top comments (0)