Understanding CIDR to IP Range Conversion for AWS VPC Subnets

In AWS VPC, defining your IP address ranges using CIDR (Classless Inter-Domain Routing) is a critical step for creating efficient and scalable networks. Every VPC requires a CIDR block that determines its IP range, and subnets within the VPC divide this range for better organization and resource isolation.

In this guide, we’ll break down how to manually calculate CIDR to IP ranges and explain it with an example, ensuring clarity for AWS VPC subnet planning.

CIDR Basics for AWS VPC

CIDR notation defines an IP range in the format <IP Address>/<Prefix Length>.

• IP Address: Represents the starting point of the range.

• Prefix Length: Specifies the number of bits used for the network portion, with the remaining bits used for hosts.

For example, in AWS, a commonly used VPC CIDR block is 10.0.0.0/16, which provides 65,536 IP addresses.

Practical Example: Calculating IP Range for a Subnet in AWS

Let’s work with the CIDR block 3.58.1.97/13 to understand its IP range and significance in subnetting.

1. Convert the IP Address into Binary Break down the IP into its four octets and convert each to binary:

   • 3 = 00000011

   • 58 = 00111010

   • 1 = 00000001

   • 97 = 01100001

Binary representation:

    00000011.00111010.00000001.01100001

2. Determine the Network Bits (First 13 Bits)

   Since the prefix is /13, only the first 13 bits are reserved for the network portion, while the rest are for hosts:

    00000011.00111 | 010.00000001.01100001
   

3. Find the First IP in the Subnet

   • Retain the first 13 bits.

   • Set all the remaining bits to 0.

Binary:

    00000011.00111000.00000000.00000000

Each octet in an IP address is made up of 8 bits, and each bit can either be 0 or 1*. These bits represent powers of 2, starting from **128 down to 1**.*

| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |

1. Convert back to decimal:

   • 00000011 = 3

   • 00111000 = 56

   • 00000000 = 0

   • 00000000 = 0

First IP Address: 3.56.0.0

2. Find the Last IP in the Subnet

   • Retain the first 13 bits.

   • Set all the remaining bits to 1.

Binary:

    00000011.00111111.11111111.11111111

Convert back to decimal:

• 00000011 = 3

• 00111111 = 63

• 11111111 = 255

• 11111111 = 255

Last IP Address: 3.63.255.255

3. Number of Hosts in the Subnet
   In AWS, subnets must reserve 5 IP addresses (network, broadcast, and AWS reserved).
   Use the formula for total IPs in a subnet:

   2^Number of Host Bits

   2^19 = 524,288

   524,288 − 5 = 524,283 usable IP addresses.

Key Considerations for AWS VPC Subnetting

• Subnet Sizing: AWS recommends allocating subnets that fit your workload while leaving room for scaling.

• Non-Overlapping Ranges: Ensure no two subnets have overlapping CIDR ranges, as this can cause routing conflicts.

• Reserved IPs: AWS reserves the first four and the last IP in each subnet for specific purposes like the network address and DNS.

Common Mistakes and How to Avoid Them

• Why isn’t the next subnet 10.64.0.0?
  The calculation must consider the size of the previous subnet. For example, a /13 CIDR block already spans a large range (524,288 IPs), so the next block starts right after the last usable IP of the current range.

• Subnet Overlaps: Always double-check CIDR ranges to avoid overlap between VPC subnets, peered VPCs, or VPN CIDRs.

Understanding CIDR to IP range conversion is essential for AWS VPC planning. Manually calculating the range ensures accuracy and avoids misconfigurations.