-9

I have multiple VPC in my account and I created most of VPC using subnet 10.0.0.0/8 or 192.168.0.0/16 or 172.16.0.0/12 subnet blocks.

I am exhausted with my range due to not optimizing the IP address properly and adding a wrong route of 10.0.0.0/8 under a VPC. I got to know about this when I tried attempted to establish VPC peering between two different VPC of 10.0.0.0 subnet. I got to know later that I can use CIDR range 20.0.0.0/16 and 30.0.0.0/16 as private address in aws to create VPC. Also I created a VPC with CIDR 20.0.0.0/16 and it works.

How come aws can offer multiple IP range for private IP address to create VPC and multiple subnet under VPC? Can somebody help me to understand aws private IP range?

Is this something being virtual we can use any range of IP address as private address? How does this not affect connectivity from aws server to internet if we can choose any random CIDR as private IP address or there is some limit?

enter image description here

Sven
  • 97,248
  • 13
  • 177
  • 225
Pratap
  • 665
  • 6
  • 22
  • 3
    /8 covers 16 million IPs. /12 gives you over a million /16 covers 65 thousand. I doubt you've exhausted these ranges. – ceejayoz Apr 18 '16 at 13:51
  • 3
    Besides, I believe that a quick whois query for the ranges in question will prove interesting. – user Apr 18 '16 at 13:53
  • Yeah you doubt, but your doubt is correct. So how come aws gives private IP range from block 20 and 30 any idea? – Pratap Apr 18 '16 at 13:53
  • 2
    30.0.0.0/8 is a DoD Network. Not sure what you are doing but it can't be right. – Daniel Widrick Apr 18 '16 at 13:55
  • I can show you I have a CIDR with 20.0.0.0 and 30.0.0.0 and the people who marked my question can then explain me now. – Pratap Apr 18 '16 at 13:57
  • 3
    Everything bad you think will happen, will. If you use the 20.x.x.x range internally you will not be able to access off site 20.x.x.x resources. The rest of your question doesn't really make sense since the context is ridiculous. – Daniel Widrick Apr 18 '16 at 14:00
  • That is why I am asking how come aws gives such IP as VPC CIDR block? and Idiots around here marking my question down. – Pratap Apr 18 '16 at 14:01
  • 1
    AWS is perfectly willing to let you do stupid things. It's entirely possible and legal to use 20.0.0.0/16 as your internal IP range, but it's not a *good* idea. – ceejayoz Apr 18 '16 at 14:02
  • Yep those stupid things are possible but isn't it a flaw in aws or just being virtual I can pretend to be anything. – Pratap Apr 18 '16 at 14:04
  • 3
    @PratapSingh No, it's not a flaw in AWS. It's a flaw in the person setting it up. AWS isn't in the business of stopping you from doing dumb things. I can confirm that VPC will let you set up any CIDR block (as long as it's /16 or smaller), but it's not a *good idea* to do so. Just like it's not a good idea to run your personal blog on one of their `g2.8xlarge` instances, but you **can**. – ceejayoz Apr 18 '16 at 14:05
  • @ceejayoz When I mean I am exhausted for CIDR range means I have created VPC with all the range mentioned and not the IPs. – Pratap Apr 18 '16 at 14:07
  • 2
    @PratapSingh You're not exhausted. You can have multiple VPCs all with 10.0.0.0/16, as long as they don't need to inter-connect. That's the point of private IP spaces. – ceejayoz Apr 18 '16 at 14:08
  • I had added a wrong route info 10.0.0.0/8 that is how I got exhausted to create another VPC with CIDR and it created problem while attempting VPC peering – Pratap Apr 18 '16 at 14:09
  • 2
    Well, if you have to peer them, yes, you've gone and screwed up, and now you'll have to fix it. Using random public IP ranges **is not fixing it**. You'll need to start migrating to new, smaller VPCs within the private range that don't eat up so much of the private IP space. – ceejayoz Apr 18 '16 at 14:22
  • to make it short: what you do with your IP ranges is like using an Oracle Exadata cluster to store the session data of your website, you could do so but it's bad :) – Tom Apr 18 '16 at 16:14
  • Doesn't matter even if I use local ram of my pc to store the session cause the actual question was about the finding that on virtual you may create anything as it remains local to your VPC (virtual) but on internet that may change. So I am storing the session on my phone now. – Pratap Apr 18 '16 at 16:16
  • yes I was just kiding. Sorry but ceejayoz is right here, you should not use those ranges unless you really know what you do, as per rfc 1918. https://tools.ietf.org/html/rfc1918. IP addressing plan is something to be done carefully on AWS before creating VPCs as it can be hard to change later on. Lot of big companies have worldwide networks based on 10.0.0.0/8, which shows that you can achieve great things with this range – Tom Apr 18 '16 at 16:22
  • Yes I know about private IP address range so that's why it was confusing if there is such policy and standard then how come on aws we can create such CIDR block for vpc. And on AWS it is no where mentioned implicitly or explicitly that you can create or not such CIDR. If any genius can point me to AWS document URL where it is mentioned that why they have allowed such CIDR creation I will be really glad. But as it is not there this information should be somewhere right so I asked here. Thanks anyway @Tom – Pratap Apr 18 '16 at 16:31
  • 1
    The reason they allow this is that VPC, by design, is implemented in such a way that customers can use it as an extension of their own datacenter. As such, limiting IP numbering to RFC1918 subnets would exclude customers that want to use netblocks from their own IP allocation. – EEAA Apr 18 '16 at 17:48

0 Answers0