使用 terraform cidrsubnet 配置子网 [英] Configure subnets using terraform cidrsubnet
问题描述
我正在尝试使用 Terraform 支持的 cidrsubnet 函数创建两个子网.我拥有的 VPC cidr 是10.32.0.0/16".我正在尝试拥有子网 10.32.1.0/27 和 10.32.3.0/27.为了实现这一点,我在获取 cidrsubnet 功能时遇到了一些麻烦.到目前为止我所拥有的是:
I am trying to create two subnet using the cidrsubnet function that Terraform supports. The VPC cidr I have is "10.32.0.0/16". I am trying to have subnets 10.32.1.0/27 and 10.32.3.0/27. I am having some trouble getting the cidrsubnet function in order to achieve this. What I have so far is:
cidrsubnet(10.32.0.0/16, 11, netnum???)
我不明白 netnum 需要什么值才能获得我想要的值.对这部分功能的任何解释都会有所帮助.我已尝试阅读有关此功能的文档,但似乎有限.
I do not understand what value I need for the netnum in order to get the value I want. Any explanation on this part of the function would be helpful. I've tried reading the documentation on this function, but it seems limited.
推荐答案
文档部分 网络掩码和子网 试图提供足够的信息来理解这个函数与 IP 地址约定的关系,并提到 Unix 命令 ipcalc 作为一种可视化方式表示您的 CIDR 网络掩码.
The documentation section Netmasks and Subnets tries to give enough information to understand how this function relates to IP address conventions, and mentions the Unix command ipcalc as a way to visualize how your CIDR netmasks are represented.
让我们看看 ipcalc 如何描述您的起始前缀和您的两个预期子网前缀:
Let's see how ipcalc describes both your starting prefix and your two intended subnet prefixes:
$ ipcalc 10.32.0.0/16
Address: 10.32.0.0 00001010.00100000. 00000000.00000000
Netmask: 255.255.0.0 = 16 11111111.11111111. 00000000.00000000
Wildcard: 0.0.255.255 00000000.00000000. 11111111.11111111
=>
Network: 10.32.0.0/16 00001010.00100000. 00000000.00000000
HostMin: 10.32.0.1 00001010.00100000. 00000000.00000001
HostMax: 10.32.255.254 00001010.00100000. 11111111.11111110
Broadcast: 10.32.255.255 00001010.00100000. 11111111.11111111
Hosts/Net: 65534 Class A, Private Internet
$ ipcalc 10.32.1.0/27
Address: 10.32.1.0 00001010.00100000.00000001.000 00000
Netmask: 255.255.255.224 = 27 11111111.11111111.11111111.111 00000
Wildcard: 0.0.0.31 00000000.00000000.00000000.000 11111
=>
Network: 10.32.1.0/27 00001010.00100000.00000001.000 00000
HostMin: 10.32.1.1 00001010.00100000.00000001.000 00001
HostMax: 10.32.1.30 00001010.00100000.00000001.000 11110
Broadcast: 10.32.1.31 00001010.00100000.00000001.000 11111
Hosts/Net: 30 Class A, Private Internet
$ ipcalc 10.32.3.0/27
Address: 10.32.3.0 00001010.00100000.00000011.000 00000
Netmask: 255.255.255.224 = 27 11111111.11111111.11111111.111 00000
Wildcard: 0.0.0.31 00000000.00000000.00000000.000 11111
=>
Network: 10.32.3.0/27 00001010.00100000.00000011.000 00000
HostMin: 10.32.3.1 00001010.00100000.00000011.000 00001
HostMax: 10.32.3.30 00001010.00100000.00000011.000 11110
Broadcast: 10.32.3.31 00001010.00100000.00000011.000 11111
Hosts/Net: 30 Class A, Private Internet
在ipcalc 的符号中,二进制表示中的空格表示地址的网络部分和主机部分之间的边界.我们可以看到,正如您在示例中所展示的,两个期望的结果在网络部分中的位比基地址多 11 位.
In ipcalc's notation a space in the binary representation shows the boundary between the network part and the host part of the address. We can see that, as you showed in your example, the two desired results have 11 more bits in the network part than the base address has.
让我们以其中一个为例来弄清楚netnum"是什么.将会.我们将使用 10.32.1.0/27,然后将地址"放入基地址和子网地址并排排列,这样我们可以更清楚地看到区别:
Let's just use one of these as an example to figure out what the "netnum" will be. We'll use 10.32.1.0/27, and let's put the "address" line from the base address and the subnet address next to each other so we can see the difference more clearly:
Address: 10.32.0.0 00001010.00100000. 00000000.00000000
Address: 10.32.1.0 00001010.00100000.00000001.000 00000
netnum 的值是在第二种情况下由这 11 个额外的二进制数字表示的数字:00000001000.该二进制数的十进制等效值为 8,因此该二进制数的 netnum 将为 8,我们可以通过从 terraform 控制台cidrsubnet 来确认代码>提示:
The value for netnum is the number represented by those eleven additional binary digits in the second case: 00000001000. The decimal equivalent of that binary number is 8, so the netnum for this one would be 8, which we can confirm by calling cidrsubnet from the terraform console prompt:
> cidrsubnet("10.32.0.0/16", 11, 8)
"10.32.1.0/27"
为了概括这一点,请注意,在 IP 地址中第三个十进制数字上方的二进制表示中,仅代表网络号的一部分:在 00000001.000 中,我们可以看到有三个二进制数字属于第四个八位组.因为第四个二进制位代表八位的个数,所以一般规则是要找到将为第三个八位字节提供特定值的 netnum,您需要将该值乘以八.8 的三倍是 24,所以如果我们将 netnum 设置为 24,那么我们会得到你想要的另一个前缀:
To generalize this, notice that in the binary representation above the third decimal number in the IP address represents only a part of the network number: in 00000001.000 we can see that there are three binary digits that belong to the forth octet. Because the fourth binary place represents the number of eights, the general rule is that to find the netnum that will give a particular value for the third octet you'll need to multiply that value by eight. Three times eight is 24, so if we set netnum to 24 then we'll get the other prefix you wanted:
> cidrsubnet("10.32.0.0/16", 11, 24)
"10.32.3.0/27"
话虽如此,值得注意的是,这种特殊的寻址方案是浪费"的.地址空间的一部分.如果您将最后三位始终设置为零,那么实际上您只有 8 位的网络编号,因此您只能拥有 256 个网络.如果您想利用网络编号空间的所有 11 位(2,048 个网络),您需要从零开始您的网络编号并从那里正常向上计数,这将密集地占用您的所有网络空间:
With that said, it's worth noting that this particular addressing scheme is "wasting" part of the address space. If you leave those last three bits always set to zero then in practice you only have eight bits worth of network numbers, and so you can only have 256 networks. If you want to make use of all eleven bits of the network number space (2,048 networks) you'll need to start your network numbering at zero and count upwards normally from there, which will then occupy all of your network space densely:
> cidrsubnet("10.32.0.0/16", 11, 0)
"10.32.0.0/27"
> cidrsubnet("10.32.0.0/16", 11, 1)
"10.32.0.32/27"
> cidrsubnet("10.32.0.0/16", 11, 2)
"10.32.0.64/27"
> cidrsubnet("10.32.0.0/16", 11, 3)
"10.32.0.96/27"
> cidrsubnet("10.32.0.0/16", 11, 4)
"10.32.0.128/27"
> cidrsubnet("10.32.0.0/16", 11, 5)
"10.32.0.160/27"
> cidrsubnet("10.32.0.0/16", 11, 6)
"10.32.0.192/27"
> cidrsubnet("10.32.0.0/16", 11, 7)
"10.32.0.224/27"
> cidrsubnet("10.32.0.0/16", 11, 8)
"10.32.1.0/27"
因为传统的 IP 地址表示法是从 0 到 255 的四个十进制数字,所以上面的计数可能看起来有悖常理,但在底层二进制表示法中,这只是正常从零开始计数,这样可以避免跳过网络编号 0到 7、9 到 15 等等.
Because the conventional IP address notation is as four decimal numbers from 0 to 255, the counting above may seem counter-intuitive, but in the underlying binary notation this is just normal counting up from zero, which avoids skipping over network numbers 0 through 7, 9 through 15, etc.
如果您正在为一组子网创建系统化的网络寻址计划,每个子网都有特定的特定用途,您可能会发现使用 hashicorp/subnets/cidr 模块,它只需要使用的位数为每个网络编号并自行计算合适的 netnum 值:
If you are creating a systematic network addressing plan for a set of subnets that each have a particular identified purpose, you might find it helpful to use the higher level of abstraction offered by the hashicorp/subnets/cidr module, which just takes the number of bits to use for numbering each network and calculates suitable netnum values itself:
module "subnets" {
source = "hashicorp/subnets/cidr"
version = "1.0.0"
base_cidr_block = "10.32.0.0/16"
networks = [
{
name = "first",
new_bits = 11
},
{
name = "second",
new_bits = 11
},
]
}
上面会产生一个像这样的 network_cidr_blocks 映射:
The above would produce a network_cidr_blocks map like this:
{
first = "10.32.0.0/27"
second = "10.32.0.32/27"
}
您可以在配置的其他地方编写 module.subnets.network_cidr_blocks.first 来获取第一个地址.假设你选择有意义的名字而不是我做作的第一个"名字.和第二",这将使您的配置的其余部分更易于阅读,因为未来的读者不需要记住每个 IP 地址范围代表什么.
Elsewhere in your configuration you can write module.subnets.network_cidr_blocks.first to get the first address. Assuming you pick meaningful names rather than my contrived "first" and "second", that will tend to make the rest of your configuration easier to read because future readers won't need to memorize what each IP address range represents.
这篇关于使用 terraform cidrsubnet 配置子网的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
