In the AWS cloud you are provided RFC 1918 address space to host your applications. Let’s say AWS you have a 10.0.0.0/24 as your starting subnet and you need to create new subnets as your service grows, changes, etc.
First, some review on IP addresses, octets and bit places.
Each IP address is 4 octets, 8 bits each, and separated by a period. We convert each octet into binary as follows.
The last row shows the bit markings for the decimal value of 10 in octet 1 and of course we repeat this for each octet so we’ll have a string of 32 digits (4 octets times 8 bits) of zeroes and ones. Finally, this string of 32 digits is separated into network and host with a network mask that is represented in a “/number” format. A “/24” means that 24 of the 32 digits represents the network number, leaving 8 bits for the hosts.
Back to our example of 10.0.0.0/24, this means we have a network mask of 24 bits, IE the network is represented by the first 24 bits and the hosts get the last 8 bits.
Let’s say have a 3 tier application and want to have a separate subnet for each tier due to network access control list (NACL) policies. Create the subnets.
First thing, remember this is binary so that means we are dealing in powers of 2. That is, we cannot create only 3 subnets, but it must be 2, 4, 8, 16, etc. In this case, we will have to create 4 subnets but just leave one unused.
To create 4 subnets, we must use the formula 2x = subnets-needed and since we need 4 subnets, we know that X is 2. This means we take 2 bit places from the hosts and give it to the network. For illustration purposes, that’s in purple below.
The final step is to create the 4 subnets and these can only be created by using the bit places that we just took, those highlighted in purple.
- Octet 1 stays the same – its decimal value is 10.
- Octet 2 stays the same – its decimal value is 0.
- Octet 3 stays the same – its decimal value is 0.
- Octet 4 is where the magic occurs. By creating the unique binary combinations for those two bit places, we create the 4 subnetworks.
The 4 subnetworks created are 10.0.0.0/26, 10.0.0.64/26, 10.0.0.128/26 and 10.0.0.192/26. The 3-tier application can now have a separate subnet per tier with 1 subnet left over for future requests.
A little later, the DevOps team asks you, the AWS administrator, for a couple subnets and you remember that you have an “extra” subnet and they can just split that one up as needed.
The DevOps team receives the 10.0.0.192/26 and must subnet that into 2 networks – one for the test team and one for the developer team. Since its 2 subnets needed, 2x = 2 means that X is 1 – we only need 1 bit from the host side added to the network side. I show that bit place added to the subnet in blue for illustration purposes.
The DevOps team now has two networks. 10.0.0.192/27 and 10.0.0.224/27 and can use them however they want.
The trick comes down to knowing how many bit places are needed to create the subnets required and each bit you add to the subnet increases the number of subnets by a power of 2.