AWS and Terraform - netnum in cidrsubnet functionBest practices when using TerraformDifferent environments for Terraform (Hashicorp)Is terraform destroy needed before terraform apply?API Gateway Mock Integration Fails with 500Is `terraform init` compulsory before every `terraform plan`?How to publish terraform provider as official terraform module?Terraform CIDR block for VPC not valid when using a variableStruggling to automate terraform WAFTerraform functions inside conditionsTerraform next available CIDR on AWS
Are semivowels pronounced differently than vowels?
"Best practices" for formulating MIPs
Go function to test whether a file exists
Did Winston Churchill praise Rolls-Royce engines?
What do you call the angle of the direction of an airplane?
Turing Machines: What is the difference between recognizing, deciding, total, accepting, rejecting?
When should we use dependency injection (C#)
Can the word "coexist" be used for more than two things/people/subjects/... etc?
3D nonogram – What's going on?
When you're given a degree sequence, what is the method to draw a graph which has that degree sequence?
Why is the saxophone not common in classical repertoire?
Term for a character that only exists to be talked to
How to widen the page
Who are the police in Hong Kong?
What is meaning of 4 letter acronyms in Roman names like Titus Flavius T. f. T. n. Sabinus?
Do human thoughts interact with matter?
Fine-tuning parameters for existing methods
Solving Equations with HeavisideTheta Functions
Finding integer database columns that may have their data type changed to reduce size
Should I hide my travel history to the UK when I apply for an Australian visa?
what is the meaning of "stock" dilution on the Massive Dev Chart Website?
SQL Server error 242 with ANSI datetime
What is a "tittering order"?
Do the 26 richest billionaires own as much wealth as the poorest 3.8 billion people?
AWS and Terraform - netnum in cidrsubnet function
Best practices when using TerraformDifferent environments for Terraform (Hashicorp)Is terraform destroy needed before terraform apply?API Gateway Mock Integration Fails with 500Is `terraform init` compulsory before every `terraform plan`?How to publish terraform provider as official terraform module?Terraform CIDR block for VPC not valid when using a variableStruggling to automate terraform WAFTerraform functions inside conditionsTerraform next available CIDR on AWS
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I have started to use Terraform recently and as part of the VPC configuration, I had some difficulties to understand the netnum in the cidrsubnet() function.
I investigated the Terraform documentation, it says that:
netnum(the third parameter) is a whole number that can be
represented as a binary integer with no more thannewbitsbinary
digits, which will be used to populate the additional bits added to
the prefix - still had some difficulties to understand it.
For example:
cidrsubnet("100.121.0.0/20", 8,64) --> 100.121.4.0/28
cidrsubnet("10.1.2.0/24", 4, 15) --> 10.1.2.240/28
Appreciate if you can explain the netnum parameter.
Many thanks,
Tal
terraform cidr
edited Mar 26 at 17:08
Martin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
asked Mar 25 at 17:38
Tal TaharTal Tahar
82 bronze badges
add a comment |
I have started to use Terraform recently and as part of the VPC configuration, I had some difficulties to understand the netnum in the cidrsubnet() function.
I investigated the Terraform documentation, it says that:
netnum(the third parameter) is a whole number that can be
represented as a binary integer with no more thannewbitsbinary
digits, which will be used to populate the additional bits added to
the prefix - still had some difficulties to understand it.
For example:
cidrsubnet("100.121.0.0/20", 8,64) --> 100.121.4.0/28
cidrsubnet("10.1.2.0/24", 4, 15) --> 10.1.2.240/28
Appreciate if you can explain the netnum parameter.
Many thanks,
Tal
terraform cidr
edited Mar 26 at 17:08
Martin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
asked Mar 25 at 17:38
Tal TaharTal Tahar
82 bronze badges
Run the function withnetnumincreasing from zero and I guess you will understand what it means ;-)
– StephenKing
Mar 25 at 18:04
I also suggest a more simple netmask, like10.0.0.0to play with (and identify patterns).
– StephenKing
Mar 25 at 18:04
blog.itsjustcode.net/blog/2017/11/18/…
– BMW
Mar 25 at 23:33
add a comment |
I have started to use Terraform recently and as part of the VPC configuration, I had some difficulties to understand the netnum in the cidrsubnet() function.
I investigated the Terraform documentation, it says that:
netnum(the third parameter) is a whole number that can be
represented as a binary integer with no more thannewbitsbinary
digits, which will be used to populate the additional bits added to
the prefix - still had some difficulties to understand it.
For example:
cidrsubnet("100.121.0.0/20", 8,64) --> 100.121.4.0/28
cidrsubnet("10.1.2.0/24", 4, 15) --> 10.1.2.240/28
Appreciate if you can explain the netnum parameter.
Many thanks,
Tal
terraform cidr
edited Mar 26 at 17:08
Martin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
asked Mar 25 at 17:38
Tal TaharTal Tahar
82 bronze badges
I have started to use Terraform recently and as part of the VPC configuration, I had some difficulties to understand the netnum in the cidrsubnet() function.
I investigated the Terraform documentation, it says that:
netnum(the third parameter) is a whole number that can be
represented as a binary integer with no more thannewbitsbinary
digits, which will be used to populate the additional bits added to
the prefix - still had some difficulties to understand it.
For example:
cidrsubnet("100.121.0.0/20", 8,64) --> 100.121.4.0/28
cidrsubnet("10.1.2.0/24", 4, 15) --> 10.1.2.240/28
Appreciate if you can explain the netnum parameter.
Many thanks,
Tal
terraform cidr
terraform cidr
edited Mar 26 at 17:08
Martin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
asked Mar 25 at 17:38
Tal TaharTal Tahar
82 bronze badges
edited Mar 26 at 17:08
Martin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
asked Mar 25 at 17:38
Tal TaharTal Tahar
82 bronze badges
edited Mar 26 at 17:08
Martin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
edited Mar 26 at 17:08
Martin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
edited Mar 26 at 17:08
Martin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
11.3k2 gold badges31 silver badges45 bronze badges
asked Mar 25 at 17:38
Tal TaharTal Tahar
82 bronze badges
asked Mar 25 at 17:38
Tal TaharTal Tahar
82 bronze badges
asked Mar 25 at 17:38
Tal TaharTal Tahar
82 bronze badges
82 bronze badges
Run the function withnetnumincreasing from zero and I guess you will understand what it means ;-)
– StephenKing
Mar 25 at 18:04
I also suggest a more simple netmask, like10.0.0.0to play with (and identify patterns).
– StephenKing
Mar 25 at 18:04
blog.itsjustcode.net/blog/2017/11/18/…
– BMW
Mar 25 at 23:33
add a comment |
Run the function withnetnumincreasing from zero and I guess you will understand what it means ;-)
– StephenKing
Mar 25 at 18:04
I also suggest a more simple netmask, like10.0.0.0to play with (and identify patterns).
– StephenKing
Mar 25 at 18:04
blog.itsjustcode.net/blog/2017/11/18/…
– BMW
Mar 25 at 23:33
Run the function with
netnum increasing from zero and I guess you will understand what it means ;-)– StephenKing
Mar 25 at 18:04
Run the function with
netnum increasing from zero and I guess you will understand what it means ;-)– StephenKing
Mar 25 at 18:04
I also suggest a more simple netmask, like
10.0.0.0 to play with (and identify patterns).– StephenKing
Mar 25 at 18:04
I also suggest a more simple netmask, like
10.0.0.0 to play with (and identify patterns).– StephenKing
Mar 25 at 18:04
blog.itsjustcode.net/blog/2017/11/18/…
– BMW
Mar 25 at 23:33
blog.itsjustcode.net/blog/2017/11/18/…
– BMW
Mar 25 at 23:33
add a comment |
1 Answer
1
active
oldest
votes
Using cidrsubnet requires familiarity with some network addressing concepts.
The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).
Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:
10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
network | host
The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.
The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:
$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet
This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.
While cidrhost allows calculating single host IP addresses,cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.
When we call cidrsubnet we also pass two additional arguments: newbits andnetnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:
10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
parent network | netnum | host
Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.
The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:
10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
parent network | netnum | host
To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string toipcalc to visualize it:
$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet
The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus usecidrhost function to calculate those host addresses by
providing it a value between 1 and 14:
> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254
For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.
(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)
answered Mar 26 at 17:08
Martin AtkinsMartin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.
– Tal Tahar
Mar 26 at 21:20
Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.
– Martin Atkins
Mar 26 at 22:26
No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.
– Tal Tahar
Mar 26 at 22:39
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55343594%2faws-and-terraform-netnum-in-cidrsubnet-function%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Using cidrsubnet requires familiarity with some network addressing concepts.
The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).
Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:
10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
network | host
The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.
The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:
$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet
This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.
While cidrhost allows calculating single host IP addresses,cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.
When we call cidrsubnet we also pass two additional arguments: newbits andnetnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:
10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
parent network | netnum | host
Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.
The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:
10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
parent network | netnum | host
To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string toipcalc to visualize it:
$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet
The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus usecidrhost function to calculate those host addresses by
providing it a value between 1 and 14:
> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254
For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.
(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)
answered Mar 26 at 17:08
Martin AtkinsMartin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.
– Tal Tahar
Mar 26 at 21:20
Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.
– Martin Atkins
Mar 26 at 22:26
No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.
– Tal Tahar
Mar 26 at 22:39
add a comment |
Using cidrsubnet requires familiarity with some network addressing concepts.
The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).
Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:
10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
network | host
The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.
The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:
$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet
This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.
While cidrhost allows calculating single host IP addresses,cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.
When we call cidrsubnet we also pass two additional arguments: newbits andnetnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:
10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
parent network | netnum | host
Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.
The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:
10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
parent network | netnum | host
To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string toipcalc to visualize it:
$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet
The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus usecidrhost function to calculate those host addresses by
providing it a value between 1 and 14:
> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254
For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.
(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)
answered Mar 26 at 17:08
Martin AtkinsMartin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.
– Tal Tahar
Mar 26 at 21:20
Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.
– Martin Atkins
Mar 26 at 22:26
No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.
– Tal Tahar
Mar 26 at 22:39
add a comment |
Using cidrsubnet requires familiarity with some network addressing concepts.
The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).
Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:
10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
network | host
The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.
The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:
$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet
This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.
While cidrhost allows calculating single host IP addresses,cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.
When we call cidrsubnet we also pass two additional arguments: newbits andnetnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:
10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
parent network | netnum | host
Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.
The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:
10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
parent network | netnum | host
To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string toipcalc to visualize it:
$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet
The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus usecidrhost function to calculate those host addresses by
providing it a value between 1 and 14:
> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254
For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.
(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)
answered Mar 26 at 17:08
Martin AtkinsMartin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
Using cidrsubnet requires familiarity with some network addressing concepts.
The most important idea is that an IP address (whether IPv4 or IPv6) is fundamentally constructed from binary digits, even though we conventionally represent it as either four decimal octets (for IPv4) or a sequence of 16-bit hexadecimal numbers (for IPv6).
Taking our example above of cidrsubnet("10.1.2.0/24", 4, 15), the function will first convert the given IP address string into an equivalent binary representation:
10 . 1 . 2 . 0
00001010 00000001 00000010 | 00000000
network | host
The /24 at the end of the prefix string specifies that the first 24
bits -- or, the first three octets -- of the address identify the network
while the remaining bits (32 - 24 = 8 bits in this case) identify hosts
within the network.
The CLI tool ipcalc is useful for
visualizing CIDR prefixes as binary numbers. We can confirm the conversion
above by providing the same prefix string to ipcalc:
$ ipcalc 10.1.2.0/24
Address: 10.1.2.0 00001010.00000001.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 10.1.2.0/24 00001010.00000001.00000010. 00000000
HostMin: 10.1.2.1 00001010.00000001.00000010. 00000001
HostMax: 10.1.2.254 00001010.00000001.00000010. 11111110
Broadcast: 10.1.2.255 00001010.00000001.00000010. 11111111
Hosts/Net: 254 Class A, Private Internet
This gives us some additional information but also confirms (using a slightly
different notation) the conversion from decimal to binary and shows the range
of possible host addresses in this network.
While cidrhost allows calculating single host IP addresses,cidrsubnet on the other hand creates a new network prefix within the given
network prefix. In other words, it creates a subnet.
When we call cidrsubnet we also pass two additional arguments: newbits andnetnum. newbits decides how much longer the resulting prefix will be in
bits; in our example here we specified 4, which means that the resulting
subnet will have a prefix length of 24 + 4 = 28 bits. We can imagine these
bits breaking down as follows:
10 . 1 . 2 . ? 0
00001010 00000001 00000010 | XXXX | 0000
parent network | netnum | host
Four of the eight bits that were originally the "host number" are now being
repurposed as the subnet number. The network prefix no longer falls on an
exact octet boundary, so in effect we are now splitting the last decimal number
in the IP address into two parts, using half of it to represent the subnet
number and the other half to represent the host number.
The netnum argument then decides what number value to encode into those
four new subnet bits. In our current example we passed 15, which is
represented in binary as 1111, allowing us to fill in the XXXX segment
in the above:
10 . 1 . 2 . 15 0
00001010 00000001 00000010 | 1111 | 0000
parent network | netnum | host
To convert this back into normal decimal notation we need to recombine the
two portions of the final octet. Converting 11110000 from binary to decimal
gives 240, which can then be combined with our new prefix length of 28 to
produce the result 10.1.2.240/28. Again we can pass this prefix string toipcalc to visualize it:
$ ipcalc 10.1.2.240/28
Address: 10.1.2.240 00001010.00000001.00000010.1111 0000
Netmask: 255.255.255.240 = 28 11111111.11111111.11111111.1111 0000
Wildcard: 0.0.0.15 00000000.00000000.00000000.0000 1111
=>
Network: 10.1.2.240/28 00001010.00000001.00000010.1111 0000
HostMin: 10.1.2.241 00001010.00000001.00000010.1111 0001
HostMax: 10.1.2.254 00001010.00000001.00000010.1111 1110
Broadcast: 10.1.2.255 00001010.00000001.00000010.1111 1111
Hosts/Net: 14 Class A, Private Internet
The new subnet has four bits available for host numbering, which means
that there are 14 host addresses available for assignment once we subtract
the network's own address and the broadcast address. You can thus usecidrhost function to calculate those host addresses by
providing it a value between 1 and 14:
> cidrhost("10.1.2.240/28", 1)
10.1.2.241
> cidrhost("10.1.2.240/28", 14)
10.1.2.254
For more information on CIDR notation and subnetting, see
Classless Inter-domain Routing.
(I added the above to Terraform's documentation for cidrsubnet in PR #20828; it should be reflected in the main Terraform docs after the next Terraform release.)
answered Mar 26 at 17:08
Martin AtkinsMartin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
answered Mar 26 at 17:08
Martin AtkinsMartin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
answered Mar 26 at 17:08
Martin AtkinsMartin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
answered Mar 26 at 17:08
Martin AtkinsMartin Atkins
11.3k2 gold badges31 silver badges45 bronze badges
11.3k2 gold badges31 silver badges45 bronze badges
Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.
– Tal Tahar
Mar 26 at 21:20
Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.
– Martin Atkins
Mar 26 at 22:26
No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.
– Tal Tahar
Mar 26 at 22:39
add a comment |
Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.
– Tal Tahar
Mar 26 at 21:20
Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.
– Martin Atkins
Mar 26 at 22:26
No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.
– Tal Tahar
Mar 26 at 22:39
Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.
– Tal Tahar
Mar 26 at 21:20
Many thanks for the explanation, I actually have background in networking. just didn't realise the netnum parameter have its own binary count no matter where it is placed.
– Tal Tahar
Mar 26 at 21:20
Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.
– Martin Atkins
Mar 26 at 22:26
Sorry, I didn't mean to make any judgement about what you do or do not know here; I originally wrote this content for inclusion in the Terraform docs (for a general audience) and just pasted it verbatim into here so you'd be able to see it prior to it being published in the Terraform manual.
– Martin Atkins
Mar 26 at 22:26
No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.
– Tal Tahar
Mar 26 at 22:39
No problem at all :) I think it is important to mention that some background is needed like you did. the explanation is perfect.
– Tal Tahar
Mar 26 at 22:39
add a comment |
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55343594%2faws-and-terraform-netnum-in-cidrsubnet-function%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Run the function with
netnumincreasing from zero and I guess you will understand what it means ;-)– StephenKing
Mar 25 at 18:04
I also suggest a more simple netmask, like
10.0.0.0to play with (and identify patterns).– StephenKing
Mar 25 at 18:04
blog.itsjustcode.net/blog/2017/11/18/…
– BMW
Mar 25 at 23:33