AWS and Terraform - netnum in cidrsubnet functionBest practices when using TerraformDifferent environments for Terraform (Hashicorp)Is terraform destroy needed before terraform apply?API Gateway Mock Integration Fails with 500Is `terraform init` compulsory before every `terraform plan`?How to publish terraform provider as official terraform module?Terraform CIDR block for VPC not valid when using a variableStruggling to automate terraform WAFTerraform functions inside conditionsTerraform next available CIDR on AWS

Are semivowels pronounced differently than vowels?

"Best practices" for formulating MIPs

Go function to test whether a file exists

Did Winston Churchill praise Rolls-Royce engines?

What do you call the angle of the direction of an airplane?

Turing Machines: What is the difference between recognizing, deciding, total, accepting, rejecting?

When should we use dependency injection (C#)

Can the word "coexist" be used for more than two things/people/subjects/... etc?

3D nonogram – What's going on?

When you're given a degree sequence, what is the method to draw a graph which has that degree sequence?

Why is the saxophone not common in classical repertoire?

Term for a character that only exists to be talked to

How to widen the page

Who are the police in Hong Kong?

What is meaning of 4 letter acronyms in Roman names like Titus Flavius T. f. T. n. Sabinus?

Do human thoughts interact with matter?

Fine-tuning parameters for existing methods

Solving Equations with HeavisideTheta Functions

Finding integer database columns that may have their data type changed to reduce size

Should I hide my travel history to the UK when I apply for an Australian visa?

what is the meaning of "stock" dilution on the Massive Dev Chart Website?

SQL Server error 242 with ANSI datetime

What is a "tittering order"?

Do the 26 richest billionaires own as much wealth as the poorest 3.8 billion people?



AWS and Terraform - netnum in cidrsubnet function


Best practices when using TerraformDifferent environments for Terraform (Hashicorp)Is terraform destroy needed before terraform apply?API Gateway Mock Integration Fails with 500Is `terraform init` compulsory before every `terraform plan`?How to publish terraform provider as official terraform module?Terraform CIDR block for VPC not valid when using a variableStruggling to automate terraform WAFTerraform functions inside conditionsTerraform next available CIDR on AWS






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















I have started to use Terraform recently and as part of the VPC configuration, I had some difficulties to understand the netnum in the cidrsubnet() function.



I investigated the Terraform documentation, it says that:




netnum (the third parameter) is a whole number that can be
represented as a binary integer with no more than newbits binary
digits, which will be used to populate the additional bits added to
the prefix - still had some difficulties to understand it.




For example:



cidrsubnet("100.121.0.0/20", 8,64) --> 100.121.4.0/28

cidrsubnet("10.1.2.0/24", 4, 15) --> 10.1.2.240/28


Appreciate if you can explain the netnum parameter.



Many thanks,



Tal






terraform cidr







share|improve this question
























  • Run the function with netnum increasing from zero and I guess you will understand what it means ;-)

    – StephenKing
    Mar 25 at 18:04











  • I also suggest a more simple netmask, like 10.0.0.0 to play with (and identify patterns).

    – StephenKing
    Mar 25 at 18:04











  • blog.itsjustcode.net/blog/2017/11/18/…

    – BMW
    Mar 25 at 23:33

















1















I have started to use Terraform recently and as part of the VPC configuration, I had some difficulties to understand the netnum in the cidrsubnet() function.



I investigated the Terraform documentation, it says that:




netnum (the third parameter) is a whole number that can be
represented as a binary integer with no more than newbits binary
digits, which will be used to populate the additional bits added to
the prefix - still had some difficulties to understand it.




For example:



cidrsubnet("100.121.0.0/20", 8,64) --> 100.121.4.0/28

cidrsubnet("10.1.2.0/24", 4, 15) --> 10.1.2.240/28


Appreciate if you can explain the netnum parameter.



Many thanks,



Tal






terraform cidr







share|improve this question
























  • Run the function with netnum increasing from zero and I guess you will understand what it means ;-)

    – StephenKing
    Mar 25 at 18:04











  • I also suggest a more simple netmask, like 10.0.0.0 to play with (and identify patterns).

    – StephenKing
    Mar 25 at 18:04











  • blog.itsjustcode.net/blog/2017/11/18/…

    – BMW
    Mar 25 at 23:33













1












1








1








I have started to use Terraform recently and as part of the VPC configuration, I had some difficulties to understand the netnum in the cidrsubnet() function.



I investigated the Terraform documentation, it says that:




netnum (the third parameter) is a whole number that can be
represented as a binary integer with no more than newbits binary
digits, which will be used to populate the additional bits added to
the prefix - still had some difficulties to understand it.




For example:



cidrsubnet("100.121.0.0/20", 8,64) --> 100.121.4.0/28

cidrsubnet("10.1.2.0/24", 4, 15) --> 10.1.2.240/28


Appreciate if you can explain the netnum parameter.



Many thanks,



Tal






terraform cidr







share|improve this question
















I have started to use Terraform recently and as part of the VPC configuration, I had some difficulties to understand the netnum in the cidrsubnet() function.



I investigated the Terraform documentation, it says that:




netnum (the third parameter) is a whole number that can be
represented as a binary integer with no more than newbits binary
digits, which will be used to populate the additional bits added to
the prefix - still had some difficulties to understand it.




For example:



cidrsubnet("100.121.0.0/20", 8,64) --> 100.121.4.0/28

cidrsubnet("10.1.2.0/24", 4, 15) --> 10.1.2.240/28


Appreciate if you can explain the netnum parameter.



Many thanks,



Tal






terraform cidr




terraform cidr






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Mar 26 at 17:08









Martin Atkins

11.3k2 gold badges31 silver badges45 bronze badges




11.3k2 gold badges31 silver badges45 bronze badges










asked Mar 25 at 17:38









Tal TaharTal Tahar

82 bronze badges




82 bronze badges












  • Run the function with netnum increasing from zero and I guess you will understand what it means ;-)

    – StephenKing
    Mar 25 at 18:04











  • I also suggest a more simple netmask, like 10.0.0.0 to play with (and identify patterns).

    – StephenKing
    Mar 25 at 18:04











  • blog.itsjustcode.net/blog/2017/11/18/…

    – BMW
    Mar 25 at 23:33

















  • Run the function with netnum increasing from zero and I guess you will understand what it means ;-)

    – StephenKing
    Mar 25 at 18:04











  • I also suggest a more simple netmask, like 10.0.0.0 to play with (and identify patterns).

    – StephenKing
    Mar 25 at 18:04











  • blog.itsjustcode.net/blog/2017/11/18/…

    – BMW
    Mar 25 at 23:33
















Run the function with netnum increasing from zero and I guess you will understand what it means ;-)

– StephenKing
Mar 25 at 18:04





Run the function with netnum increasing from zero and I guess you will understand what it means ;-)

– StephenKing
Mar 25 at 18:04













I also suggest a more simple netmask, like 10.0.0.0 to play with (and identify patterns).

– StephenKing
Mar 25 at 18:04





I also suggest a more simple netmask, like 10.0.0.0 to play with (and identify patterns).

– StephenKing
Mar 25 at 18:04













blog.itsjustcode.net/blog/2017/11/18/…

– BMW
Mar 25 at 23:33





blog.itsjustcode.net/blog/2017/11/18/…

– BMW
Mar 25 at 23:33












1 Answer
1






active

oldest

votes


















0














Using cidrsubnet requires familiarity with some network addressing concepts.



The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).



Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:



 10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
 network | host


The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.



The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:



$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet


This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.



While cidrhost allows calculating single host IP addresses,
cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.



When we call cidrsubnet we also pass two additional arguments: newbits and
netnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:



 10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
 parent network | netnum | host


Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.



The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:



 10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
 parent network | netnum | host


To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string to
ipcalc to visualize it:



$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet


The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus use
cidrhost function to calculate those host addresses by
providing it a value between 1 and 14:



> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254


For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.



(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)






share|improve this answer























  • Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.

    – Tal Tahar
    Mar 26 at 21:20











  • Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.

    – Martin Atkins
    Mar 26 at 22:26











  • No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.

    – Tal Tahar
    Mar 26 at 22:39










Your Answer






StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55343594%2faws-and-terraform-netnum-in-cidrsubnet-function%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














Using cidrsubnet requires familiarity with some network addressing concepts.



The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).



Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:



 10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
 network | host


The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.



The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:



$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet


This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.



While cidrhost allows calculating single host IP addresses,
cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.



When we call cidrsubnet we also pass two additional arguments: newbits and
netnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:



 10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
 parent network | netnum | host


Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.



The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:



 10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
 parent network | netnum | host


To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string to
ipcalc to visualize it:



$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet


The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus use
cidrhost function to calculate those host addresses by
providing it a value between 1 and 14:



> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254


For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.



(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)






share|improve this answer























  • Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.

    – Tal Tahar
    Mar 26 at 21:20











  • Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.

    – Martin Atkins
    Mar 26 at 22:26











  • No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.

    – Tal Tahar
    Mar 26 at 22:39















0














Using cidrsubnet requires familiarity with some network addressing concepts.



The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).



Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:



 10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
 network | host


The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.



The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:



$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet


This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.



While cidrhost allows calculating single host IP addresses,
cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.



When we call cidrsubnet we also pass two additional arguments: newbits and
netnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:



 10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
 parent network | netnum | host


Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.



The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:



 10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
 parent network | netnum | host


To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string to
ipcalc to visualize it:



$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet


The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus use
cidrhost function to calculate those host addresses by
providing it a value between 1 and 14:



> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254


For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.



(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)






share|improve this answer























  • Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.

    – Tal Tahar
    Mar 26 at 21:20











  • Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.

    – Martin Atkins
    Mar 26 at 22:26











  • No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.

    – Tal Tahar
    Mar 26 at 22:39













0












0








0







Using cidrsubnet requires familiarity with some network addressing concepts.



The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).



Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:



 10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
 network | host


The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.



The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:



$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet


This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.



While cidrhost allows calculating single host IP addresses,
cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.



When we call cidrsubnet we also pass two additional arguments: newbits and
netnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:



 10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
 parent network | netnum | host


Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.



The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:



 10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
 parent network | netnum | host


To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string to
ipcalc to visualize it:



$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet


The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus use
cidrhost function to calculate those host addresses by
providing it a value between 1 and 14:



> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254


For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.



(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)






share|improve this answer













Using cidrsubnet requires familiarity with some network addressing concepts.



The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).



Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:



 10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
 network | host


The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.



The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:



$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet


This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.



While cidrhost allows calculating single host IP addresses,
cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.



When we call cidrsubnet we also pass two additional arguments: newbits and
netnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:



 10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
 parent network | netnum | host


Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.



The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:



 10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
 parent network | netnum | host


To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string to
ipcalc to visualize it:



$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet


The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus use
cidrhost function to calculate those host addresses by
providing it a value between 1 and 14:



> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254


For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.



(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)







share|improve this answer












share|improve this answer



share|improve this answer










answered Mar 26 at 17:08









Martin AtkinsMartin Atkins

11.3k2 gold badges31 silver badges45 bronze badges




11.3k2 gold badges31 silver badges45 bronze badges












  • Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.

    – Tal Tahar
    Mar 26 at 21:20











  • Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.

    – Martin Atkins
    Mar 26 at 22:26











  • No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.

    – Tal Tahar
    Mar 26 at 22:39

















  • Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.

    – Tal Tahar
    Mar 26 at 21:20











  • Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.

    – Martin Atkins
    Mar 26 at 22:26











  • No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.

    – Tal Tahar
    Mar 26 at 22:39
















Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.

– Tal Tahar
Mar 26 at 21:20





Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.

– Tal Tahar
Mar 26 at 21:20













Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.

– Martin Atkins
Mar 26 at 22:26





Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.

– Martin Atkins
Mar 26 at 22:26













No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.

– Tal Tahar
Mar 26 at 22:39





No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.

– Tal Tahar
Mar 26 at 22:39








Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.







Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.



















draft saved

draft discarded
















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55343594%2faws-and-terraform-netnum-in-cidrsubnet-function%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Kamusi Yaliyomo Aina za kamusi | Muundo wa kamusi | Faida za kamusi | Dhima ya picha katika kamusi | Marejeo | Tazama pia | Viungo vya nje | UrambazajiKuhusu kamusiGo-SwahiliWiki-KamusiKamusi ya Kiswahili na Kiingerezakuihariri na kuongeza habari

Image
Pages using ISBN magic linksMbegu za lughaKamusiIsimu nenoKiarabukitabulughaKiswahilialfabetimaanaufafanuzimanenomuhtasarisarufividahizoalfabeti Kamusi Kutoka Wikipedia, kamusi elezo huru Jump to navigation Jump to search Kamusi za Kiswahili Kamusi ya Kiswahili-Kiswahili (kamusi wahidiya) Kamusi ya Kiswahili - Kiingereza (kamusi thania) Kamusi (kutoka neno la Kiarabu قاموس qamus ) ni kitabu ambacho kinaorodhesha maneno ya lugha yaliyokusanywa kutoka kwa watumiaji wa lugha fulani, kwa mfano lugha ya Kiswahili. Maneno hupangwa kwa mtindo wa alfabeti, hutoa maana, asili na ufafanuzi wa utumizi wa maneno na jinsi yanavyotumika au yanavyotamkwa. [1] Yaliyomo 1 Aina za kamusi 2 Muundo wa kamusi 2.1 1. Utangulizi wa kamusi 2.2 2. Matini ya kamusi 2.3 3. Sherehe ya kamusi 3 Faida za kamusi 4 Dhima ya picha katika kamusi 5 Marejeo 6 Tazama pia 7 Viungo vya nje Aina za kamusi | Kuna aina mbalimbali za kamusi ambazo ni: Kamusi wahidiya yaani ya l
Read more

Swift 4 - func physicsWorld not invoked on collision? The Next CEO of Stack OverflowHow to call Objective-C code from Swift#ifdef replacement in the Swift language@selector() in Swift?#pragma mark in Swift?Swift for loop: for index, element in array?dispatch_after - GCD in Swift?Swift Beta performance: sorting arraysSplit a String into an array in Swift?The use of Swift 3 @objc inference in Swift 4 mode is deprecated?How to optimize UITableViewCell, because my UITableView lags

Image
Strange use of "whether ... than ..." in official text Could a dragon use its wings to swim? Car headlights in a world without electricity How to avoid supervisors with prejudiced views? Is the offspring between a demon and a celestial possible? If so what is it called and is it in a book somewhere? Can I board the first leg of the flight without having final country's PR card? subequations: How to continue numbering within subequation? How do you define an element with an ID attribute using LWC? Relevant Part for a Badminton Serve What CSS properties can the br tag have? What are the unusually-enlarged wing sections on this P-38 Lightning? Why did early computer designers eschew integers? Is it a bad idea to plug the other end of ESD strap to wall ground? Magento 1.9 observer on only new product added ( no updated product ) Airplane gently rocking its wings during whole flight It is correct to match light sources with the same color temperat
Read more

Access current req object everywhere in Node.js ExpressWhy are global variables considered bad practice? (node.js)Using req & res across functionsHow do I get the path to the current script with Node.js?What is Node.js' Connect, Express and “middleware”?Node.js w/ express error handling in callbackHow to access the GET parameters after “?” in Express?Modify Node.js req object parametersAccess “app” variable inside of ExpressJS/ConnectJS middleware?Node.js Express app - request objectAngular Http Module considered middleware?Session variables in ExpressJSAdd properties to the req object in expressjs with Typescript

Image
What steps should I take to lawfully visit the United States as a tourist immediately after visiting on a B-1 visa? Would dual wielding daggers be a viable choice for a covert bodyguard? For a hashing function like MD5, how similar can two plaintext strings be and still generate the same hash? Using Newton's shell theorem to accelerate a spaceship Why doesn't sea level show seasonality? What prevents someone from claiming to be the murderer in order to get the real murderer off? Has anyone in space seen or photographed a simple laser pointer from Earth? What does (void *)1 mean Why does the U.S. tolerate foreign influence from Saudi Arabia and Israel on its domestic policies while not tolerating that from China or Russia? Modulus Operandi What's the point of having a RAID 1 configuration over incremental backups to a secondary drive? How to ask for a LinkedIn endorsement? Good resources for solving techniques (Metaheuristics, MILP, CP etc) How woul
Read more