So, I am working to migrate from EC2 Classic to VPC (yeah, I know, long time in coming and this was an inherited platform).
I have created a VPC and when I go to turn on Classic Link, I get the following error:
The CIDR range of vpc-[id_here] overlaps with the Classic IP space
I looked and was not able to find a way to determine which IP Range(s) Classic uses. Is there a way to find out so I can make my VPC's not stomp all over it?
Thanks!
10.0.0.0/8 as documented here.
As in the comment above:
"VPCs that are in the 10.0.0.0/16 and 10.1.0.0/16 IP address ranges can be enabled for ClassicLink
Related
I am relatively new in AWS. I am trying some thing basic like this:
One Ubuntu instance is connected with a vSRX instance. Say Ubuntu instance eth1 ip is like 20.0.0.100 and vSRX corresponding interface ip is 20.0.0.101. Now I want to configure a loopback interface (its a virtual interface) inside the vSRX and assign a ip 99.99.99.99. Obviously this 99… network info is not available with AWS. My question is how can I build that knowledge in aws routing and make sure that to reach 99.99.99.99 go via 20.0.0.101 as next-hop? Is this possible?
Thanks in advance
I was thinking of creating a subnet in my VPC first with 99… network. But I unnecessary so not want to burn larger no of ip. And I believe /32 is not an acceptable CIDR in aws. And my journey stopped here. I am thinking of trying to configure CIDR of 99.99.99.96/29 but after that should I add that as local in route ? How could I specify that to reach 99 series go via a specific ip?
Originally asked on the AWS forums but I get the sense I won't hear back for quite some time, so I'm also posing my questions here:
I recently set up a Client VPN based on this guide. When connected I'm successfully able to access the internet as well as resources in a private subnet, so at this point I have a basic understanding of how all the parts fit together, except for one: the Client CIDR range. This concept gave me so much trouble that I think it stretched out the time-to-build by 2 days because of all the thrashing I did trying to connect it to the other concepts Client VPN involves. But it bugs me when I don't fully understand a thing so I have some questions about it:
Does the Range benefit at all from being in the same CIDR range as the VPC it's a part of, assuming it doesn't overlap with target network(s)? Why or why not?
Why does the Range need to be of size /22, while target networks can be as small as /27? Doesn't that imply 2^5 more clients could be attempting to access a resource in a VPC as there are available addresses in a given subnet?
In setting up security groups for the private subnet I noticed that I had to use rules based on the CIDR range of the target subnet client connections landed in, rather than the Client CIDR range - why is that?
As you can probably tell from my questions, I'm not a network administrator. I'm trying to understand that world at the same time I'm trying to spin up useful infrastructure. My guess is the answers to these questions are blindingly obvious to someone with experience in that area, but I just don't get it.
Here are my attempts at clarification:
So the range shouldn't overlap the VPC CIDR supernet (and individual subnets within the VPC) or you may get routing conflicts. So I'm not sure what you are referring to? Can you provide your configuration.
From what I can tell the /16 to /22 range is just something that is not technical restriction, probably because AWS hadn't had a chance to add a feature that would allow this to have more options. I'm assuming you want a smaller range? In Azure P2S VPN, there is not such restriction - their minimum pool is a /29.
SGs are applied to resources such as EC2s and not VPCs directly but in the inbound rules you can specific CIDRs directly - so I'm not sure what you are referring to... do you have the specific example you could share?
When setting up an EC2 instance AWS Console has a useful feature to find your current IP address complete with subnet mask for whitelisting. Here is the UI I'm sure we have all seen.
This is convenient when you are setting it up but if you need to white list a remote DEV's home WIFI or you are using cloudformation it is not longer convenient to get the IP address this way.
So, is there a convenient way to print out your IP address complete with the subnet mask (/) from your terminal? I have not found one.
If you're on linux or mac it's fairly simple to do a ip addr show or assign to a variable with IP_ADDR=$(ip addr show).
On windows, there's a PowerShell module you can use.
Invoke-WebRequest ifconfig.me/ip
though that prints out more than just the IP, you can always parse it.
Ok, I realized I did not understand CIDR notation and subnet masking.
Basically AWS requires CIDR notation and CIDR notation allows you to specify a range of addresses. It works out that the /32 means a range of 0 so the address is everything to the left of the /.
So, to whitelist a single IP you say myIP/32
I want to add multiple routable ip addresses to an ubuntu 14.04 GCP instance. What is the simplest method for achieving this?
Note: External IP addresses are disabled on my gcp instances.
Correct me if I am wrong, but the solution described in this post that uses gcloud routes seems to change the network and firewall configuration to add extra IP addresses to instances. I am looking for a different solution.
I would like to add IP addresses to instances without changing the networks or firewalls of a gcp project at all.
I would like to add random available IP addresses on the current network of a gcp instance and avoid manually assigning an IP address or IP address range to my instances?
I am really looking for a solution that is similar to openstacks nova add-fixed-ip command that does just this. You can find a description of nova add-fixed-ip here: https://ask.openstack.org/en/question/65198/how-to-assign-static-private-ip-address-to-a-running-guest-vm/
Using VirtualBox on 192.168.1.1, I get vms like 192.168.1.2 ... automatically.
kvm/virt-manager generates vms on the 192.168.122.0 subnet, with routing between 122.0 and 1.0.
AFAICT, my kvms can have addresses on the ..1.1 subnet if I configure a bridge properly.
I've yet to find a resource which says
'the minimal configuration to provide a
kvm instance on the same subnet as the host is:'
They may be saying that, but with terminology I'm not familiar with.
Any suggestions?
Thanks,
Kent
The minimum configuration is a configured bridge, as per here:
https://wiki.ubuntu.com/KvmWithBridge
After making these changes you should have a br0 interface with an IP address, and eth0 (or whatever your setup is) should not have an IP address. Then when creating a new VM use a shared device for the networking and specify br0.
Either a version change, or I overlooked it before:
'macvtap' options provide what I am looking for.
Thanks,
Kent