Docs Cloud Networking Choose CIDR Ranges Choose CIDR Ranges Choosing appropriate Classless Inter-Domain Routing (CIDR) ranges is essential for successful VPC peering between Redpanda and your cloud network. These guidelines provide general recommendations for choosing non-conflicting CIDR ranges. If you have a complex networking setup, work with a networking engineer to identify Redpanda CIDRs that won’t conflict with your existing VPCs. Prerequisites VPC or virtual network (VNet): Before setting up a peering connection in Redpanda Cloud, you must have another VPC or VNet to which Redpanda can connect. If you do not already have a network, create one in your cloud provider. Matching region: VPC peering connections can only be established between networks created in the same region. Redpanda Cloud does not support inter-region VPC peering connections. Consider adding an rp- prefix to the VPC or VNet name to indicate that it is for deploying a Redpanda cluster. Supported IP address ranges Redpanda Cloud uses private IPv4 address spaces for cluster CIDRs. These ranges are designed for internal networks and cannot be accessed directly from the internet. Choose a CIDR from one of the following RFC 1918 ranges: 10.0.0.0/8 - Provides addresses from 10.0.0.0 through 10.255.255.255 172.16.0.0/12 - Provides addresses from 172.16.0.0 through 172.31.255.255 192.168.0.0/16 - Provides addresses from 192.168.0.0 through 192.168.255.255 For BYOC (Bring Your Own Cloud) clusters, Redpanda also supports the RFC 6598 Carrier-Grade NAT (CGNAT) address space: 100.64.0.0/10 - Provides addresses from 100.64.0.0 through 100.127.255.255 Redpanda’s network infrastructure will only route traffic within these RFC 1918 and RFC 6598 address spaces. Redpanda does not route packets to other IP spaces. Traffic from public IP addresses or other private ranges outside these specifications are blocked by design. What are CIDRs? The following CIDR ranges are a critical part of Redpanda’s BYOC configuration: Your existing (client) VPC/VNet CIDR Your Redpanda cluster CIDR It is important to ensure that these ranges do not overlap when setting up VPC peering. Choose the CIDR ranges To choose a range for Redpanda, you must know your VPC/VNet CIDR: In AWS, find it in the VPC area of the AWS Management Console, labeled IPv4 CIDRs. In Azure, find it in the Essentials view of your virtual network, labeled Address space. In GCP, find it in the Details view of your VPC, labeled Internal IP Ranges. You can check which IPs this range encompasses by using either the ipcalc command in your terminal or the CIDR calculation tool. For example, if your client’s CIDR range is 10.0.0.0/20, run: ipcalc 10.0.0.0/20 The output should look similar to the following: Address: 10.0.0.0 00001010.00000000.0000 0000.00000000 Netmask: 255.255.240.0 = 20 11111111.11111111.1111 0000.00000000 Wildcard: 0.0.15.255 00000000.00000000.0000 1111.11111111 => Network: 10.0.0.0/20 00001010.00000000.0000 0000.00000000 HostMin: 10.0.0.1 00001010.00000000.0000 0000.00000001 HostMax: 10.0.15.254 00001010.00000000.0000 1111.11111110 Broadcast: 10.0.15.255 00001010.00000000.0000 1111.11111111 Hosts/Net: 4094 Class A, Private Internet Note the values for HostMin (10.0.0.1) and HostMax (10.0.15.254). These are the minimum and maximum values of the range of 4,094 IPs that this CIDR covers. The number of IPs is governed by the suffix: /16 contains 65534 IPs, /21 contains 2046, /24 contains 254, and so on. For private networks, this number can range from 8 (which contains 16777214 IPs) to 30 (which contains 2). The Redpanda CIDR requires a block size between /16 and /20. Example Assume that your client’s CIDR range is 10.0.0.0/20. Your Redpanda range cannot overlap with it; if it does, VPC peering will not work. A limited set of examples that work with 10.0.0.0/20 are 10.8.0.0/20, 10.0.16.0/20, or 10.1.0.0/20. Ranges like 10.0.0.6/20, 10.0.8.0/20, or 10.0.1.7/20 would not work. You can use ipcalc to check for overlapping IPs. Multi-VPC/VNet example If you have many IP ranges allocated in a complex system, work with a network engineer who can help with IP allocation. Your Redpanda CIDR cannot overlap with any of your existing VPCs/VNets, nor can it overlap with the VPC/VNet you want to peer with. Assume that the following example ranges are in use: 10.0.0.0/20 10.8.0.0/20 10.0.35.8/20 10.0.16.8/20 A Redpanda CIDR that would work (and not overlap) with any of them is 10.8.48.8/20 Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution 🎉 Thanks for your feedback! Network Design and Ports BYOC