This topic provides answers to some frequently asked questions about CIDR blocks.
What is CIDR?
Classless Inter-Domain Routing (CIDR) is a method for allocating IP address and IP routing. Compared with the old system based on classes (Class A, Class B, Class C, ...), CIDR is a more efficient method to allocate IP addresses. For example, the IP addresses from 10.203.96.0 to 10.203.127.255 translate into the following CIDR block:
10.203.0110 0000.0000 0000 to 10.203.0111 1111.1111 1111, or 10.203.96.0/19.
When you create a VPC or a vSwitch, you must specify one or more CIDR blocks for the VPC.
What is a customer CIDR block?
By default, a VPC uses 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 100.64.0.0/10, and the CIDR block of the VPC for private network communication. An ECS instance or elastic network interface (ENI) can access the Internet in the following scenarios: The ECS instance is assigned a public IP address, the ECS instance or ENI is associated with an elastic IP address (EIP), or DNAT IP mapping is configured for the ECS instance or ENI. In the preceding cases, when the ECS instance or ENI accesses CIDR blocks other than the preceding ones, the requests are forwarded to the Internet through the public IP address.
You must set the destination of a request to the customer CIDR block of the VPC to which the ECS instance or ENI belongs in the following scenario: You want the request to be forwarded based on the route table of a private network. The private network can be a VPC or a hybrid cloud built with VPN, Express Connect, or CEN. Then, requests that point to the customer CIDR block are forwarded based on the route table instead of the public IP address.
For example, ECS 1 is assigned a public IP address. When ECS 1 accesses the Alibaba Cloud International site (106.11.XX.XX), requests are automatically forwarded through the public IP address. If you want requests to be forwarded to ECS 2 before they are forwarded to the Internet, perform the following operation: Specify 106.11.XX.XX/24 as the customer CIDR block of the VPC to which ECS 1 belongs.Then, the public IP address of ECS 2 is used to access the Internet.
How do I configure a customer CIDR block?
You can configure a customer CIDR block when you create a VPC or for an existing VPC. You can perform the following operations based on one of these two scenarios:
- Call the CreateVpc operation to configure a customer CIDR block for a new VPC. For more information, see CreateVpc.
- Configure the customer CIDR block of an existing VPC by using the console. Make sure
that the VPC uses a custom CIDR block as the IPv4 CIDR block.
After you configure a customer CIDR block for the VPC, the customer CIDR block is displayed on the details page of the VPC.
How do I specify a CIDR block for a VPC?
You can specify 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, or their subnets as the private CIDR block of the VPC. You can also specify a custom CIDR block. The subnet mask must be 8 to 24 bits in length.
For more information, see Create and manage a VPC.
How do I specify a CIDR block for a vSwitch?
- The CIDR block of the vSwitch must fall within the CIDR block of the VPC to which the vSwitch belongs.
- The subnet mask of the vSwitch must be 16 to 29 bits in length.
- The CIDR block that you specify cannot be the same as or a subset of the CIDR blocks of the existing vSwitches.
- The CIDR block that you specify cannot be the same as the destination CIDR blocks of the routes in the VPC.
- The CIDR block that you specify cannot contain the destination CIDR blocks of the routes in the VPC. However, the CIDR block that you specify can be a subset of the destination CIDR blocks of the routes in the VPC.
For more information, see Work with vSwitches.