Cidrsubnet to generate subnets

Terraform
1

Hi there,

I have a requirement to split a /24 vnet in azure into two subnets of size /25 and /26 respectively. the VNet IP range is 10.221.22.0/24 and i want the below subnets to be created with below address range:

sbx-subnet - 10.221.22.0/25
bastion subnet - 10.221.22.128/26

I am able to get the /25 using cidrsubnet(“10.221.22.0/24”, 1, 0) but for the .128/26 i am not sure the correct usage. I tried with below, but is giving error or different values:
cidrsubnet(“10.221.22.0/24”, 2, 8) → error saying the newbits has to be of higher value.
cidrsubnet(“10.221.22.0/22”, 4, 8) → this will result in 10.221.22.0/26

Kindly help me and provide the correct syntax for creating 10.221.22.128/26 out of 10.221.22.0/24.

thanks,
Jerald

2

Hi Jerald,

The cidrsubnet function takes a given existing prefix (/24 in this instance), applies an bitmask extended by the ‘number of additional bits’ (/25 = 1 additional bit, /26 2 additional bits) and then returns the ‘nth’ network.

So cidrsubnet(“10.221.22.0/24”, 1, 0) add an additional bit to the network bitmask, to create 2 new subnets (2^n=2 where n=number of additional bits=1) of 128 addresses (7 host bits = 2^7 = 128 addresses)
New subnets are therefore:

#0 - 10.221.22.0-127 as a.b.c.0hhhhhhh
#1 - 10.221.22.128-254 as a.b.c.1hhhhhhh

Consider your starting subnet 10.221.22.0/24 which can be represented as follows, with n showing the network part of the bitmap and h showing the host part:

nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh

You wish to further subnet this to get:

The first network of /25 (where a,b,c are the first octets of the network respectively, n are the additional subnet bits and h is the host range:
a.b.c.nhhhhh

and 1 network of /26 starting from 128 as start host address of that subnet.
a.b.c.nnhhhhhh

So there are two ways of doing this:

As you already have for the /25:
/25 = cidrsubnet("10.221.22.0/24", 1, 0)

And then for the /26. Ignore that you have calculated the /25 and just understand that you want the 3rd /26 subnet (as the first two /26 subnets 0-63 & 64-127 are the same range as your already reserved /25

/26 = cidrsubnet("10.221.22.0/24", 2, 2)

The second way, which is:

cidrsubnet(cidrsubnet("10.221.22.0/24", 1, 1), 1, 0)

In this second example you are taking the second network of the /25 (10.221.22.128-254):
a.b.c.1hhhhhhhh

and then feeding that network into another cidrsubnet to take the first network from the next additional but (/26):
a.b.c.11hhhhhh

Either are valid, but the second way explicitly shows that you are subnetting (to /26) a subnet (the second /25) of the original prefix range (The /24).

The second way would be the way you might illustrate it when working out a IP addressing scheme where you show you have allocated the first /25, and then further sub-netted the second /25:

CIDR sub-Network Number (s bits) Network Subnet Mask Range
/24 10.221.22.0 11111111.11111111.11111111.00000000 10.221.22.0-256
___↳/25 0 10.221.22.0 11111111.11111111.11111111.s000000 10.221.22.0-127
___↳/25 1 10.221.22.0 11111111.11111111.11111111.s000000 10.221.22.128-255
______↳/26 0 10.221.22.0 11111111.11111111.11111111.1s00000 10.221.22.128-191
______↳/26 1 10.221.22.0 11111111.11111111.11111111.1s00000 10.221.22.192-255
1 Like
3

Hi ExtelligenceIT,

Thanks a lot for the detailed explanation and solution. Apologies for delayed response, I was on vacation. I tried it today and it worked as expected.

Thanks again,
Jerald

1 Like
4

This topic was automatically closed 62 days after the last reply. New replies are no longer allowed.