Classless Inter Domain Routing Made Easy

Introduction :
One day I was working with VPC (Virtual Private Cloud) inside AWS(Amazon Web Services), where I had a need to calculate the CIDR notation of an IP address and subnet combinations.
I had to use online tools to calculate the Subnets and CIDR every time when I was working with VPC, but I found it interesting that how the network get  broken into different small Networks. So, finally I decided why not to learn CIDR Methods, and then calculate it by my own side instead of using tools every time.
But the questions that striked in my mind were:
  • What is CIDR ?
  • How CIDR Came into Picture ?
  • What CIDR do ?
For Understanding CIDR – (Classless Inter-Domain Routing) few thing need to be cleared before :

1. IP Addresses
2. Structure of IP Address
3. Internet Protocol Address Types
4. Classes
5. Network Mask
6. Subnetting

IP Address –

It is the Address of the Computer, Laptop, Printers or even of the Mobile Sets.
Everyone has some Address, so as these devices also have an Internet Protocol Address (IP Address), also called as Logical Address.
In a Network there are many Computers …
A Network is a group of two or more Computers Linked Together.
So When there are Many Computers in a Network, We need to uniquely identify each Computer, so there IP ADDRESS works as an Unique Identifier for Computers and Other Devices.
For Example : There are Twin Sisters, How we are going to Identify them differently  
By their Name that are unique for each of them.
Here Name of the Girls are the IP Addresses that will be unique and the two Girls are the two Devices.

Structure of IP Address –

Now the Question is How do an IP Address looks like??
IP ADDRESS is made up of 32-Bit – = (8+8+8+8=32 Bits)
A bit (short for binary digit) is the smallest unit of data in a computer.
Binary Conversion for 192 :
192 :    128      64       32      16           8      4          2         1
              1        1         0         0           0       0          0         0
          Bit 1    Bit 2    Bit 3   Bit 4     Bit 5    Bit 6   Bit 7     Bit 8    – Total Bit = 8
128+64 = 192
So, 0’s for Other and 1 for the Number whose sum will be 192
Binary Conversion for 168 :
168 :    128      64       32         16       8           4         2          1
             1          0         1           0        1           0         0          0
           Bit 1    Bit 2    Bit 3   Bit 4     Bit 5    Bit 6   Bit 7     Bit 8 – Total Bit = 8
Binary Conversion for 33 :
  33 :   128        64       32        16       8           4         2          1
             0          0         1           0        0           0         0          1
           Bit 1    Bit 2    Bit 3   Bit 4     Bit 5    Bit 6   Bit 7     Bit 8 – Total Bit = 8
Binary Conversion for 10 :
10 :     128       64       32         16       8          4          2          1
             0          0         0           0        1           0         1          0
           Bit 1    Bit 2    Bit 3   Bit 4     Bit 5    Bit 6   Bit 7     Bit 8 – Total Bit = 8 – total of 32 Bit.
Dotted Decimal Notation : In dot form 4 Sections are called as OCTETS – Vendor Neutral Term for Bytes.
Let a IP Be :
Inside a Network : 200.10.20 – will remain same and 30 will be unique for each.

Type of IP Address –

  1. Assignment Method
  2. Classes : 1) Classful
                    2) Classless
  3. Public / Private
  4. Version

Assignment Methods :

Assignment Method is method that defines how to assign an IP address to a Device.
IP Address can be assigned in two ways
1) Static IP Address
Static IP Address is the IP Address in which configuration is done Manually and is used in small networks.
2) Dynamic IP Address
Dynamic IP Address is the IP Address in which the configuration is done by the Computer Interface or by the Host Interface – DHCP (Dynamic Host Configuration Protocol)
— Configuration is Automatic–

Classes :

classes define that in an IP, How much part will be for Network and How much is for Host.
There are 2 types of classes in IP Addressing :
  1. Classful
  2. Classless
CLASSFUL : IP Address are divided into 5 Classes;
Class A : 0 – 126                         N.H.H.H              Assigned for Large Organization
127                                               N.H.H.H             Assigned for the Loopback
Class B : 128 – 191                     N.N.H.H              Assigned for Medium Companies
Class C : 192 – 223                     N.N.N.H              Assigned for Small Organizations
Class D : 224 – 239                                                 Assigned for Multicasting
Class E : 240 – 255                                                 Assigned for Experimental Purpose

CLASSLESS : Classless addressing is an  IP address where a subnet mask does not define its class.  Subnet mask can be anywhere between bit 0 and bit 31.
Range of Class A IP Address : –
Network ID : 8 Bit
Host ID : 24 Bit (8+8+8)
  • IP Address begins with 0,First Bit will always be Zero
  • 7 Remaining Bits in Network part : Only 128 Possible class A Network
  • 24 Bits in Local Part : Over 16 million hosts per Class A Network
  • All class A network parts are assigned or reserved.
Network ID(N)
Host ID(H)
Host ID(H)
Host ID(H)
0                     7 8                                                                31
0NNNNNNN       .      HHHHHHHH     .      HHHHHHHH   .         HHHHHHHH
In Binary :
Class A starts from : 00000000.00000000.00000000.00000000
Class A ends at      : 01111111.11111111.11111111.11111111
In Decimal :
Class A IP Address is from to
Number of Networks : 2^7 = 128
Number of Hosts : 2^24
SOME EXCEPTIONS IN CLASS A : Cannot be assigned to host : For Self check – Represent Default Network or M : For Self check – Represent Default Network or My IP : Loop Back Address Range : solve NIC Problem : Loop Back Address Range : solve NIC Problem

Range of Class B IP Address : –
Network ID : 16 Bit(8+8)
Host ID : 16 Bit (8+8)
  • First two Bit will always be One and Zero
  • 14 Bits in Network part – Over 16,000 possible Class B Network
  • 16 Bits in Local Part  – Over 65,000 possible Hosts
Network ID(N)
Network ID(N)
Host ID(H)
Host ID(H)
0                                        15 | 16                                                    31
10NNNNNN          .     NNNNNNNN     . HHHHHHHH       . HHHHHHHH
In Binary :
Class B starts fr0m : 10000000.00000000.00000000.00000000
Class B ends at        : 10111111.11111111.11111111.11111111
In Decimal :
Class B IP Address is from to
Number of Networks : 2^14
Number of Hosts : 2^16
SOME EXCEPTIONS IN CLASS B : Cannot be assigned to host
169.254.X.X : Reserved for APIPA (Automatic Private IP Address) – Host take IP Automatically ifit doesn’t get any DHCP Server in the Network.

Range of Class B IP Address : –
Network ID : 24 Bit(8+8+8)
Host ID : 8 Bit (8)
**Most Popular and Commonly Used**
  • First three Bit will always be One,One and Zero
  • 21 Bits in Network part – Over 2 Million  possible Class C Network
  • 8 Bits in Local Part  – Only  256 possible Hosts per class C Network
Network ID(N)
Network ID(N)
Network ID(N)
Host ID(H)
0                                                                        23 | 24                             31
110NNNNN            .    NNNNNNNN   .      NNNNNNNN     .      HHHHHHHH
In Binary :
Class C starts from : 1100000.00000000.00000000.00000000
Class C ends at        : 11011111.11111111.11111111.11111111
In Decimal :
Class C IP Address is from to
Number of Networks : 2^21
Number of Hosts : 2^8

Range : –
IP Address begins with 1110

Used for Multicasting, Not defining networks.
  • Sending messages to group of hosts
  • just to one (Unicasting)
  • ALL HOSTS (Broadcasting)
  • Say to send a videoconference stream to a group of receivers
In Binary :
Class D starts from : 11100000.00000000.00000000.00000000
Class D end at        : 11101111.11111111.11111111.11111111
In Decimal :
Class D IP Address is from to – OSPF
All OSPF Routers address is used to send HELLO PACKETS – OSPF
All the routers address is used to send OSPF routing information to designated routers on a network segment. – The Routing Information Protocol (RIP) version 2 group address is used to send routing information to all RIP2-aware routers on a network segment. – EIGRP
used to send routing information to all EIGRP routers on a network segment. – Virtual Router Redundancy Protocol.


A public also called as  External IP address is the one that your ISP (Internet Service Provider) provides to identify your home network to the outside world. It is an IP address that is unique throughout the entire Internet.
When you’re setting up your router, if your ISP issued you a static IP address, you enter it into your router’s settings. For a dynamic IP address, you specify DHCP in your router’s network settings. DHCP is Dynamic Host Control Protocol. It tells your router to accept whatever public IP address your ISP issues.
Those who wanted not to connect through internet but they wanted to run their network on TCP/IP Protocol
Here came the concept of PRIVATE  IP
Just as your network’s public IP address is issued by your ISP, your router issues private (or internal) IP addresses to each network device inside your network. This provides unique identification for devices that are within your home network, such as your computer, your Slingbox, and so on.
Internet Protocol Address :
           Reserved IP Address :
  1. Addresses beginning with 127 are reserved for loopback and internal testing – Used for Self Testing that TCP/IP is properly working or not.
  2. XXX.0.0.0 reserved for Network Address
  3. XXX.255.255.255 reserved for Broadcast
  4. – First Address – Represent Local Network / Used for Default Routing
  5. – Broadcast
Example : Let a Class A IP Address be –
               Network Address –
               BroadCast Address –
 : Let a Class B IP Address be –
               Network Address –
               BroadCast Address –

I hope that gives you a good knowledge of IP Addresses and their classes.
Now, We can move on to what sub-netting is, in my next blog.
Please Follow this link to get on to sub-netting –
Classless Inter Domain Routing Made Easy (Cont..)

VPC per envrionvment versus Single VPC for all environments

This blog talks about the two possible ways of hosting your infrastructure in Cloud, though it will be more close to hosting on AWS as it is a real life example but this problem can be applied to any cloud infrastructure set-up. I’m just sharing my thoughts and pros & cons of both approaches but I would love to hear from the people reading this blog about their take as well what do they think.

Before jumping right away into the real talk I would like to give a bit of background on how I come up with this blog, I was working with a client in managing his cloud infrastructure where we had 4 environments dev, QA, Pre Production and Production and each environment had close to 20 instances, apart from applications instances there were some admin instances as well such as Icinga for monitoring, logstash for consolidating logs, Graphite Server to view the logs, VPN server to manage access of people.

At this point we got into a discussion that whether the current infrastructure set-up is the right one where we are having a separate VPC per environment or the ideal setup would have been a single VPC and the environments could have been separated by subnet’s i.e a pair of subnet(public private) for each environment

Both approaches had some pros & cons associated with them

Single VPC set-up


  1. You only have a single VPC to manage
  2. You can consolidate your admin app’s such as Icinga, VPN server.


  1. As you are separating your environments through subnets you need granular access control at your subnet level i.e instances in staging environment should not be allowed to talk to dev environment instances. Similarly you have to control access of people at granular level as well
  2. Scope of human error is high as all the instances will be on same VPC.

VPC per environment setup


  1. You have a clear separation between your environments due to separate VPC’s.
  2. You will have finer access control on your environment as the access rules for VPC will effectively be access rules for your environments.
  3. As an admin it gives you a clear picture of your environments and you have an option to clone you complete environment very easily.


  1. As mentioned in pros of Single VPC setup you are at some financial loss as you would be duplicating admin application’s across environments

In my opinion the decision of choosing a specific set-up largely depends on the scale of your environment if you have a small or even medium sized environment then you can have your infrastructure set-up as “All environments in single VPC”, in case of large set-up I strongly believe that VPC per environment set-up is the way to go.

Let me know your thoughts and also the points in favour or against of both of these approaches.

How to securely access your private app on cloud

One of the suggested practices in cloud administration is to always host your applications on a Virtual Private Cloud. Also, you should have a public subnet hosting the public facing apps, and a private subnet which hosts the private apps (like a database or a back-end service/app). To know more about why you need such kind of a setup, please read more about VPC.

This blog will talk about a scenario where you have multiple Virtual Private Clouds (hereafter referred to as VPC), and you need to access a private app hosted in one VPC from another VPC. An example of this scenario could be that you have a VPC for your staging environment and another VPC for production environment, then you’d like to sync the database from of production environment from the staging environment. In this case, it might not be straight forward to do this, as you might not be able to access the production database from outside the production VPC.

One of the solutions for this problem would be to first take a dump of the production database on one of the public facing machines in the production VPC, and then copy that dump to a public facing machine in the Staging VPC and finally applying this dump to the private database of Staging environment. This approach will work, but it would not be a perfect solution, as you have to copy the db dump between VPC’s.

A much better approach would be if you could directly connect to the production database from the Staging VPC & execute the dump & restore command, for that you need direct access of production database from staging environment. This approach is called port-forwarding. We configure port-forwarding at one of the public facing machines(NAT is the preferred one) in the production VPC in such a manner that if a request comes on this machine at port x it will be forwarded to port y on a private facing machine in the production VPC which is the database production in this case.

In the next blog I will talk about other alternate approaches that can be used to solve this problem.