mahidhar
I have a VPC with CIDR 10.0.0.0/16. For a /28 subnet, why does a CIDR need to have to be a multiple of 16. Why cant I have 10.0.1.17/28 or 10.0.1.15/28 if I want to have an IP starting with say 10.0.1.17. Why does it have to be in counts of 16. like 10.0.1.16/28 or 10.0.1.32/28
1 Answers
Tom Kringstad
The answer lies in how the IP addresses are represented in binary form. To learn more I really suggest starting by reading the following Wiki article: Classless Inter-Domain Routing and then playing around with a tool like that offered at http://cidr.xyz/
Thanks for a quick response. I had gone through the links. 10.0.1.17 can also be represented in binary as well. So why cant I start a subnet with 10.0.1.17 if I just need 16 IPs.
Keep in mind that IP addressing is zero-based. i.e. The following are both valid CIDR blocks with 16 IP addresses. 10.0.1.0/28, 10.0.1.16/28. In your example, 10.0.1.17 would be the first IP address in the 10.0.1.16/28 address block.
Go in to the VPC console and create a new VPC with 10.0.0.0/16 CIDR block. Then try creating a subnet with 10.0.1.17/28 address block. You’ll get an error message. Change it to a 10.0.1.16/28 address block and you’ll have success.
Play a bit more with the tool at http://cidr.xyz. Enter 10.0.1.16/28, then change to 10.0.1.17/28, 10.0.1.18/28, etc. You’ll see the network mask stays the same, and that the network address for 10.0.1.17/28 is 10.0.1.16/28.