while creating an AWS VPC, you are asked to provide a CIDR block for your VPC or a CIDR block for the different subnets within your availability zone. Have you ever wondered what that is?

This article gives a broad overview of how you can use the power of Subnetting to create CIDR blocks for your VPC

Prerequisites

This article focuses on a general view of subnetting but it will be a bonus if you know about AWS VPC, how it works and the other terms listed below

• Regions

• Availability Zones

• IPv4 and 1Pv6 addresses

• Private and Public Subnets

What is Subnetting

Subnetting in literal terms means creating chunks or subnetworks (subnets) from a network(net). Consider a case where a business startup with fewer employees, it will be easier to manage all employees but as the company grows to a bigger population of employees, there is a need to divide those employees into different departments each performing their distinct function. With this approach, it becomes easier to manage and improves accountability.

The same in a computer network, in a network there could be numerous network-enabled devices(computers, smartphones, printers, servers, etc.)connected within it and it becomes difficult to manage how they communicate with each other over the network but with subnets, each subnet will consist of a group of devices that need to communicate directly with each other frequently, Devices in the same subnet can communicate easily without having to involve devices in other subnets.

In AWS, Subnetting is a crucial part of creating a VPC(Virtual Private Network)

Purpose of Subnetting in AWS Cloud

Generally, Subnetting has lots of benefits in networking and also in AWS Cloud. I will be explaining some of them below.

• Network Segementation

  While creating a virtual private Cloud in AWS, we segment the large network into smaller parts(subnets) where each of these parts is associated with an availability zone allowing you to distribute resources across it to improve redundancy and fault tolerance.

• Public and Private Subnets

  Within the network, you may want some to have direct access to another network(internet) or you might just prefer to have them confined to your network to ensure security for sensitive resources. With subnetting in AWS, you can create public and private subnets where the former have direct access to the internet and the latter does not.

• Security Groups and Network ACLs

  When you have different resources and you need to control the inbound and outbound traffic to the created resources. eg a web server, a database server, etc. AWS subnets allow you to create custom rules to allow specific traffic access in and out of your resource.

• Resource allocation

  You can allocate specific IP address ranges to each subnet based on your requirements. Subnetting enables efficient use of IP address space and prevents IP address exhaustion.

  There is No subnetting without IP addresses, Subnet Mask and CIDR blocks

IP Addresses

In your phone contacts, which is like a diary where you store all the phone numbers of people, with their phone numbers you can quickly call, chat or text them. In the same approach, every network-enabled device (smartphones, computers, smartwatches, etc.) connected to a network have a specific address that they use to communicate with other network-enabled devices within the network and outside of the network(internet), and this unique identifier/address is referred to as "IP ADDRESS". You could use the command line, your phone settings, or this URL to check out your device's IP address.

• they are groups of random numbers separated by 3 dots

• and fall within the range of 0 - 255

• where each of the numbers is referred to as an OCTET.

How do I get an IP address?

When you connect your device (computer, smartphone, etc.) to a network, such as a home Wi-Fi network, hotspot, corporate LAN, etc. it sends a DHCP(Dynamic Host Configuration Protocol) request to the network which assigns IP addresses to the different devices connected to it. also, some networks may use static IP addressing, where IP addresses are manually configured on each device, rather than being dynamically assigned by a DHCP server.

From this diagram the router is the network that all the other devices are connected to, from the router's network, valid IP addresses are generated for the connected devices and I will explain how this happens.

What are Subnet Masks?

Subnet Mask is a 32-bit value used in IPv4 networking to determine which part of an IP address represents the Network ID(network bits/network portion) and which part represents the Host ID(host bits/host portion). The network ID here refers to the network address to be connected to, while Host ID refers to the devices connected to that network.

Subnet masks also tell us

• the number of available hosts that can be in a given network.

• how big our network is.

• How many addresses are there?

From the diagram below, you will notice that each of the devices connected to the router has similar first three parts (network ID ) while the last part changes(host ID). This means that they are all connected to a similar network which in this case is the router network with a network address or IP address of (192.168.1.0).

a cheat trick!! whenever you have a subnet mask having the number "255",it means within the IP address, the octet directed at that subnet mask is in the network portion.

Now that we have established that the host ID or number changes, it means that we can generate multiple IP addresses for the connected devices from that network. The next question should be how many available IP addresses can be assigned to a network.

IP Address Classes

IP address Classes are a method of defining the structure of IP addresses and allocating them to different types of networks.

+-------------+----------------+---------------+
| IP Class    | Range of Values | Default Subnet|
|             |                |    Mask       |
+-------------+----------------+---------------+
| Class A     | 0.0.0.0 -      | 255.0.0.0     |
|             | 126.255.255.255|               |
+-------------+----------------+---------------+
| Class B     | 128.0.0.0 -    | 255.255.0.0   |
|             | 191.255.255.255|               |
+-------------+----------------+---------------+
| Class C     | 192.0.0.0 -    | 255.255.255.0 |
|             | 223.255.255.255|               |
+-------------+----------------+---------------+
| Class D     | 224.0.0.0 -    | N/A           |
|             | 239.255.255.255|               |
+-------------+----------------+---------------+
| Class E     | 240.0.0.0 -    | N/A           |
|             | 255.255.255.255|               |
+-------------+----------------+---------------+

• Class A addresses were primarily intended for large networks, with the knowledge of subnets you have gotten up to this point, we can see that the first octet for class A is for the network ID while the rest of the octet is the Host ID which means we can change each of host ID to random numbers within the range "0 - 225" to help generate Valid IP address. That will give you lots of valid IP addresses!!!

• Class B was designed for medium-sized networks and you can get valid IP addresses by tweaking the last two octets.

• Class C was intended for small networks and it is the most used network in our homes and smaller organization.

• Class D is used for multicast groups.

• Class E addresses were reserved for experimental purposes and research.

With the rapid growth of the internet and the exhaustion of IPv4 addresses, CIDR was introduced to allow more efficient allocation of IP addresses without strict class boundaries. As a result, IP address classes are no longer commonly used in modern networking.

What are CIDR blocks?

CIDR (Classless Inter-Domain Routing) blocks are a way to represent and allocate IP addresses in a flexible and efficient manner. with this classless routing, network administrators have more flexibility in IP address allocation by specifying an IP address alongside the subnet mask.

CIDR uses variable-length subnet masks to divide IP address space into smaller subnets, eg 192.168.1.0/24.

Number of available IP addresses that can be assigned to a Network

To answer the initial question asked when we discussed IP Addresses, The question needs us to find out how many possible devices can connect to a network(our router, VPC, etc.) we will follow the steps below to get our answer.

IP Address in Matrix Format and Decimal format

From Matrix to Decimal

First, we have to learn how to convert our given IP address(decimal) to its matrix format(binary) and vice versa

each octet = 8 bits

total bits in an IP Address = 32 bits

2^7 = 128 (we raised to the power of 7 rather than 8 because we started from index 0)

For each of the conversions, we will be using our powers of 2

Given Matrix Format = 11000000.10101000.00000001.00010101
using the following steps for the conversion
for the first octet = 11000000

a. write out your powers of 2
   1    1   0   0   0  0  0  0 (first octet)
   128  64  32  16  8  4  2  1(powers of 2^n where n is from 0 to 7)

b. using 1 as "on" and 0 as "off", calculate the total number of 
   "on" present in your octet
   1    1   0   0   0  0  0  0 
   128  64  32  16  8  4  2  1 
   128 + 64 = 192

repeat the same steps for the other octets
2nd octet = 1    0   1   0   1  0  0  0 
            128  64  32  16  8  4  2  1 
             128 +   32 +    8 =   158

3rd octet =  0    0   0   0   0  0  0  1 
             128  64  32  16  8  4  2  1 
                                       1 

4th octet =  0    0   0   1   0  1  0  1 
             128  64  32  16  8  4  2  1 
                          16 +   4 +   1 = 21

c. Joining what we got from all the octets we will get "192.158.1.21"

From Matrix Format to Decimal

Given Decimal Format = 192.158.1.21
using the following steps for the conversion

a. Starting from the left,for each of the octet check if the 
   corresponding power of 2 can be subtracted from it, 
   if YES it's an "on" if NO it's an "off"

    1   1   0   0   0  0  0  0
   128  64  32  16  8  4  2  1 (powers of 2)
   192 - 128 = 64(that's a 1)
   64 - 64 = 0 (that's a 1)
   0 - 32 = gives a minus sign(that's a 0)
   0 - 16 = (that's a 0)
   0 - 8 = (that's a 0)
   0 - 4 = (that's a 0)
   0 - 2 = (that's a 0)
   0 - 1 = (that's a zero)

first octet(192) = 11000000
repeating this for the rest gives us back this = 11000000.10101000.00000001.00010101

Get the Number of Available Addresses

From our Binary Class, we can pick a random IP address from Class C "192.168.32.5" which has a default class subnet of "255.255.255.0" and use the previous conversion steps to convert the subnet to its matrix format

1. Converting all to matrix format
a. IP address(192.168.32.5) = 11000000.10101000.00100000.00000101
b. Default Subnet (255.255.255.0) = 11111111.11111111.11111111.00000000

2. From your subnet matrix, count number of 1's and 0's
    1's(network bits) = 24
    0's(host bit) = 8
3. Using the formular 2^number of 0's to get the number of available 
   addresses  2^8 = 256 available address.

4. Subtract 2(the network address and the broadcast address) from the 
   total

this means that the Network IP address provided has a total number of 254 valid IP address, meaning we can have 254 devices connected to the network.

to get more addresses, you can increase the number of host bits.

Practice :- CIDR Blocks

From our Initial Example above, we have our subnet mask in matrix format and its total number of 1's and 0's. With these, we can get our CIDR notation from it.

CIDR block is basically your IP address divided by the number of network bits present.

IP address(192.168.32.5) = 11000000.10101000.00100000.00000101
Default Subnet (255.255.255.0) = 11111111.11111111.11111111.00000000

From your subnet matrix, count number of 1's and 0's
    1's(network bits) = 24
    0's(host bit) = 8

CIDR block = 192.168.32.5/24

If we needed more Valid IP addresses than the 254 available, we can replace the network bits to host bits (changing 1's to 0's in the subnet matrix) starting from the right. thereby changing our CIDR block too.

Practice:- Creating Networks

Now you have an idea of how many possible hosts can be connected to your network, the CIDR blocks, we can now dive in more on generating IP addresses for the network(network address)

Problem Statement:- You are asked to use your power of subnetting, to create four networks for your four different VPCs using a Class C subnet mask, that has a starting IP address of "192.168.1.0" where each of your VPCs will have one network address, and for each of the network addresses, generate four valid IP addresses for the subnets within your VPC environment

Solution

• Get your Subnet Mask, in our context we were told to use a Class C subnet mask which is "255.255.255.0"

• Increment each of the powers of 2's we used initially by 2. We will be using that to solve this problem

      Powers of 2 : 128 64 32 16 8 4 2 1
      powers of 2 increment : 256 128 64 32 16 8 4 2
  

• Get the number of host bits needed for the required number of networks

        subnet mask = 255.255.255.0
        subnet mask matrix = 11111111.11111111.11111111.00000000
        using our powers of 2 increment= 256 128 64 32 16 8 4 2
        2^n = number of network address
        where n tells us the number of host bits we can hack to create 4 networks
        2^2 = 4 number of network address.
  

• Get the matrix Format and covert to decimal

  From the previous calculation, we will have to flip two of our host bits (n)starting from the right to get the required network address. then convert to binary using the steps explained previously on it

      IP address = 192.168.1.0
      subnet mask matrix = 11111111.11111111.11111111.00000000
      after flipping = 11111111.11111111.11111111.11000000
      convert subnet mask after flipping to binary = 255.255.255.192
  
      a) First network 
         IP address = 192.168.1.0
         Subnet Mask = 255.255.255.192
         CIDR Block = 192.168.1.0/26
  

• Find your increment, to get the subsequent network address we need to find our increment by getting the corresponding powers of 2 of our last network bits from the last octet with 1's.

      subnet mask of first network matrix = 11111111.11111111.11111111.11000000
      powers of 2 =         128 64 32 16 8 4 2 1
      last octet with 1's = 1    1  0  0 0 0 0 0
  
      therefore our increment is 64 because our last network bit within 
      the last octet with network bits fall on it
  

• Get the other networks by adding the increment

      first network = 192.168.1.0 - 192.168.1.63
      second network = 192.168.1.64 - 192.168.1.127
      third network = 192.168.1.128 - 192.168.1.191
      fourth network = 192.168.1.192 - 192.168.1.255
  
      with each of them having a subnet mask of = 255.255.255.192
      and a CIDR block of = 192.168.1.0/26
  

  With these ranges, you can get the number of host devices that can be connected to each network which is (64-2 = 62 usable IP addresses/host).

Finally, we have a table solution showing the VPC's four networks and four IP addresses for each subnet in the VPC.

Note that the lower bound of the ranges serves as your network address, while the upper bound serves as your Broadcast address so it cannot be used as an IP address for your host devices.

Conclusion

That was a whole about Subnetting, and I will advise you to take it one step at a time because it gets pretty much complicated when you don't fully understand the basics. For more Clarifications or Feedback, kindly use the comment section and I will reply to all your questions.