Choose CIDR Ranges

Choosing appropriate Classless Inter-Domain Routing (CIDR) ranges is essential for successful VPC peering between Redpanda and your cloud provider. Redpanda uses RFC 1918 private IP address ranges, which are not accessible from the internet.

These guidelines provide general recommendations for choosing non-conflicting CIDR ranges. If you have a complex networking setup, work with a networking engineer to identify Redpanda CIDRs that won’t conflict with your existing VPCs.

Prerequisites

  • VPC or virtual network (VNet): Before setting up a peering connection in Redpanda Cloud, you must have another VPC or VNet to which Redpanda can connect. If you do not already have a network, create one in your cloud provider.

  • Matching region: VPC peering connections can only be established between networks created in the same region. Redpanda Cloud does not support inter-region VPC peering connections.

Consider adding an rp- prefix to the VPC or VNet name to indicate that it is for deploying a Redpanda cluster.

What are CIDRs?

The following CIDR ranges are a critical part of Redpanda’s BYOC configuration:

  • Your existing (client) VPC/VNet CIDR

  • Your Redpanda cluster CIDR

It is important to ensure that these ranges do not overlap when setting up VPC peering.

Choose the CIDR ranges

To choose a range for Redpanda, you must know your VPC/VNet CIDR:

  • In AWS, find it in the VPC area of the AWS Management Console, labeled IPv4 CIDRs.

  • In Azure, find it in the Essentials view of your virtual network, labeled Address space.

  • In GCP, find it in the Details view of your VPC, labeled Internal IP Ranges.

You can check which IPs this range encompasses by using either the ipcalc command in your terminal or the CIDR calculation tool. For example, if your client’s CIDR range is 10.0.0.0/20, run:

ipcalc 10.0.0.0/20

The output should look similar to the following:

Address:   10.0.0.0             00001010.00000000.0000 0000.00000000
Netmask:   255.255.240.0 = 20   11111111.11111111.1111 0000.00000000
Wildcard:  0.0.15.255           00000000.00000000.0000 1111.11111111
=>
Network:   10.0.0.0/20          00001010.00000000.0000 0000.00000000
HostMin:   10.0.0.1             00001010.00000000.0000 0000.00000001
HostMax:   10.0.15.254          00001010.00000000.0000 1111.11111110
Broadcast: 10.0.15.255          00001010.00000000.0000 1111.11111111
Hosts/Net: 4094                  Class A, Private Internet
bash

Note the values for HostMin (10.0.0.1) and HostMax (10.0.15.254). These are the minimum and maximum values of the range of 4,094 IPs that this CIDR covers. The number of IPs is governed by the suffix: /16 contains 65534 IPs, /21 contains 2046, /24 contains 254, and so on. For private networks, this number can range from 8 (which contains 16777214 IPs) to 30 (which contains 2).

The Redpanda CIDR requires a block size between /16 and /20.

Example

Assume that your client’s CIDR range is 10.0.0.0/20. Your Redpanda range cannot overlap with it; if it does, VPC peering will not work.

A limited set of examples that work with 10.0.0.0/20 are 10.8.0.0/20, 10.0.16.0/20, or 10.1.0.0/20.

Ranges like 10.0.0.6/20, 10.0.8.0/20, or 10.0.1.7/20 would not work. You can use ipcalc to check for overlapping IPs.

Multi-VPC/VNet example

If you have many IP ranges allocated in a complex system, work with a network engineer who can help with IP allocation. Your Redpanda CIDR cannot overlap with any of your existing VPCs/VNets, nor can it overlap with the VPC/VNet you want to peer with.

Assume that the following example ranges are in use:

  • 10.0.0.0/20

  • 10.8.0.0/20

  • 10.0.35.8/20

  • 10.0.16.8/20

A Redpanda CIDR that would work (and not overlap) with any of them is 10.8.48.8/20