Calculate CIDR subnet block with terraform

This is the first article in the terraform CDK series. Let's directly deep dive into it.

CIDR Block (Classless Inter-domain Routing)

While creating a VPC in AWS, it requires the IP CIDR block i.e the range of IP addresses to be allocated to this VPC. It has the format “10.0.0.0/16”.

Assuming that most of us know the IP address format, I am going forward with the CIDR block notation.

  • CIDR is an industry-standard.
  • Each IP Segment i.e the number between the dots is of eight bits which makes the entire segment of 32 bits.
  • Let us take the IP address 10.0.0.0 and represent it in binary
0000 1010 . 0000 0000 . 0000 0000 . 0000 0000

Consider the CIDR block 10.0.0.0/16. The number “16” here denotes that any IP address in the range of this CIDR block must consist of the first “16” bits exactly similar.

  • Since the first 16 bits have to remain unchanged, it still has remained with 16 bits to take any value.
  • Let’s calculate the range of IP addresses in the provided CIDR block 10.0.0.0/16
Remaining bits = 32 - number after the "/" in cidr prefix
= 32 - 16
= 16

Total number of ip addresses in the cidr block
= 2 ^ remaining bits
= 2 ^ 16
= 65536

Calculates a subnet address within a given IP network address prefix:

The cidrsubnet function provided by terraform requires three arguments

  1. CIDR prefix - should be present in a CIDR notation, as defined in RFC 4632 section 3.1.
  2. newbits - CIDR prefix will get extended by these many bits. If the CIDR prefix is ending with /16 and newbits provided is 4 then the CIDR prefix will get extended to /20 i.e. adding 4 bits to the 16 bits provided in the CIDR prefix.
  3. netnum - will be used to populate the additional bits in the prefix. This whole number value cannot contain bits greater than the newbits provided.

Let's consider an example:

CIDR block prefix: : ”10.0.0.0/16”

This can be represented in binary as follows:
0000 1010 . 0000 0000 . 0000 0000 . 0000 0000

The first 16 bits here represent the network and the remaining bits represent the hosts present in the range.

Let's assume, we want to create 3 sub-networks in the given range. We need to calculate the CIDR block for each subnet. For that, we can use cidrsubnet terraform function.

You can try it out in the terraform console. For that, you should have terraform installed on your machine.

We want each subnet to have 256 IP addresses in it.

The simple formula can help to decide newbits and netsome arguments for the cidrsubnet function.

Find out the value of x for 2^x= required number of IP addresses in each subnet (here 256).

For the above case it will be:

2^x = 256
 x = 8

newbits = 32 - number after the "/" in the cidr prefix - x
= 32 - 16 - 8
= 8

netsum = the subnet number we want
📔
In the above example, we are getting the subnet("10.0.0.0/24") for netsum = 0 and the second subnet("10.0.1.0/24") for netsum = 1

To find out the total possible subnets that can be created in the given CIDR block use the formula:

Total subnets = size of cidr block / size of each subnet
= 65536 / 256
= 256

Hence, the netsum cannot be greater than total subnets - 1. For this case, it should not be greater than 255.

Kiran Kamalakar

Kiran Kamalakar

Design and development enthusiast.
Pune, India