Networking is the backbone of DevOps, AWS, and Kubernetes, and CIDR (Classless Inter-Domain Routing) is one of the most critical concepts. If you've ever been confused by subnet masks, IP ranges, AWS reserved IPs, or Terraform CIDR calculations, this guide will clear everything up!

By the end of this blog, you’ll understand:
✅ How CIDR works and how to calculate IP ranges manually
✅ AWS's reserved IPs—why they matter for VPC design
✅ Terraform's CIDR tricks—how to let infrastructure code do the hard work
✅ Best practices that even experienced engineers get wrong

🏗 CIDR 101: The Foundation of IP Addressing

At its core, CIDR (Classless Inter-Domain Routing) is just a compact way to define IP ranges. Instead of using old-school subnet masks (255.255.255.0), we use a prefix notation like this:

plaintextCopy code10.0.1.0/24

Here’s what’s happening:
🔹 10.0.1.0 → Network address
🔹 /24 → Subnet mask, meaning the first 24 bits define the network, and the rest are available for hosts.

That’s the theory, but how do we figure out how many IPs we actually get?

---

🔢 Manual CIDR Calculations (Because Terraform Won’t Always Save You)

Every IPv4 address is 32 bits, split into four octets (8 bits each):

plaintextCopy code11000000.10101000.00000001.00000000  →  192.168.1.0

Each bit can be 0 or 1, meaning each octet has 256 possible values (2⁸ = 256).

How Many IPs in a Subnet?

We calculate this using:

plaintextCopy codeTotal IPs = 2^(32 - subnet mask)

CIDR Cheat Sheet:

But wait... AWS reserves 5 IPs per subnet! So let’s address that next.

---

⚠️ AWS’s 5 Reserved IPs Per Subnet – Why They Matter

AWS automatically reserves 5 IP addresses per subnet, which means you never get the full range of usable IPs.

🔹 Example: 10.0.1.0/24
Total IPs = 256, but usable IPs = 251 because AWS keeps 5 IPs for itself.

---

🛠 CIDR Subnetting with Terraform (Automate the Madness)

Without Terraform: (Painful Manual Subnetting)

Say you need three /24 subnets inside a 10.0.0.0/16 VPC. You'd have to manually plan them:

plaintextCopy codeSubnet 1: 10.0.1.0/24
Subnet 2: 10.0.2.0/24
Subnet 3: 10.0.3.0/24

🚨 What if you need to scale? Or if a junior DevOps engineer messes up?

With Terraform: (Automated Subnetting with cidrsubnet())

Terraform does the hard work for you with cidrsubnet():

hclCopy codevariable "vpc_cidr" {
  default = "10.0.0.0/16"
}

output "subnet_1" {
  value = cidrsubnet(var.vpc_cidr, 8, 1)  # 10.0.1.0/24
}

output "subnet_2" {
  value = cidrsubnet(var.vpc_cidr, 8, 2)  # 10.0.2.0/24
}

Breaking it Down:

• Base CIDR: "10.0.0.0/16"

• Newbits: 8 (Takes /16 → /24)

• Index: 1, 2, 3... (Auto-calculates subnets)

🚀 Why use Terraform? No manual mistakes, no overlapping subnets, and future-proof networking.

---

🔥 Pro Tips for CIDR Planning in AWS

✅ Leave room for growth – Don't over-allocate IPs in the beginning.
✅ Avoid overlapping CIDRs – Especially in multi-account setups (AWS Transit Gateway hates this).
✅ Plan for AWS reserved IPs – Remember that you lose 5 IPs per subnet.
✅ Use Terraform’s cidrsubnet() – Automate everything; manual CIDR planning is error-prone.
✅ Think about private IP exhaustion – Large microservices architectures burn through private IPs fast.

---

🎯 Final Thoughts: CIDR is DevOps Gold

If you’re serious about AWS, Kubernetes, and Cloud Networking, CIDR isn’t just a topic—it’s a survival skill.

🔹 Understand subnetting manually first.
🔹 Remember AWS's 5 reserved IPs.
🔹 Use Terraform to automate subnet calculations.