Why is a /24 the smallest IP range that can be used with BYOIP?

Lecture de 4 minute(s)
Niveau du contenu : Avancé
4

Migrating IP ranges to AWS

There are a few common questions in this space when customers are migrating their public IP addresses to AWS. This process is known as Bring Your Own IP address - hence BYOIP.

First is: I have a /24 and I want to use it across multiple regions - can I do that? The second is: I have a range that is smaller than /24, can I migrate that to AWS? The short answer to both of those question is "no" but to find out why we need to dig a little deeper into IP addressing and how things are done on the internet - because this isn't something that AWS controls.

Let's pick apart the /24 part of the question. IPv4 addresses are 32 bits long. You've probably seen an IP address that looks like 172.16.54.195 which comes with a subnet mask of 255.255.255.0. This is a private IP address but it works the same for public IP addresses (those used on the internet) so I'm going to use this here as an example. The IP address and the subnet mask are both 32 bits - the subnet mask lets us determine which part of the IP address is the network and which part is the node on the network. Both of these are important to the computer that we assign the IP address to.

For this example, only the subnet mask is of interest - and if we converted it to binary we would see that the first 24 bits of the subnet mask are "ones" and the last 8 bits are "zeroes". To put it another way - each number (separated by full stops) is 8 bits - so 255.255.255 is eight times 3 which equals 24. That can also be written as /24. Sometimes you might see this same IP address written as 172.16.54.195/24 which is exactly the same thing, just a different notation.

From this we can see that a /16 mask (which means the subnet mask is 255.255.0.0) is different (and is a larger network) to (say) a /28 mask (which would be 255.255.255.240) which is a smaller network. A /16 means there are 65,536 possible addresses on each network; a /24 means there are 256 addresses on each network; and a /28 means there are 16 addresses on each network.

The important thing here is that by convention a /24 is the smallest IP range that is advertised on the internet. This is a human decision and not a limitation of the protocol that is used (BGP). The reason for this decision is that it is a balance between the size of the networks advertised and the number of network advertised. The smallest network that can be advertised is 256 addresses (because a /24 allows for 256 addresses on each network). Larger networks can be advertised too, this is merely the smallest one.

If the limit was smaller it would mean that more networks could be advertised. This would have an impact on the amount of memory used in routers across the world to store the internet routing table. If the limit was changed to /25 (allowing networks of 128 addresses) then potentially the amount of memory required in every device that had the internet routing table would double. That's not quite true - there are always larger networks advertised and summarisation happens but it would still be a significant jump. So /24 is a compromise that everyone accepts when connected to the internet.

So how does this affect BYOIP? It means that the smallest range that AWS can advertise on your behalf to the internet is a /24 - a single network of 256 addresses. If a customer owned a smaller range (say, a /26 - 64 addresses) there would be no way for AWS to advertise that to the internet because it smaller than the minimum size that is allowed.

This also applies to multi-region: Each IP range can only be advertised from a single region. And because a /24 is the smallest network that can be advertised we can't split it into smaller networks and advertise them from different regions because the internet won't allow that. Note that in this case, Global Accelerator may be able to help by using a tool called Anycast.

3 Commentaires

Thanks for your article. I think there is also a more technical reason to this /24 limit, related to reverse DNS. When a /24 or more is assigned, the associated reverse DNS zones are also assigned. These reverse DNS zones have a fixed size of a /24.

a répondu il y a 2 ans

While the DNS reverse lookup decision is related to this, it has no bearing on the original choice for a /24 when using BGP for public network advertisements on the internet. The reverse lookup zones have a fixed size of /24 because if they were any larger you could potentially have a reverse lookup zone with multiple owners (because it crosses multiple /24 network boundaries).

profile pictureAWS
EXPERT
a répondu il y a 2 ans

Hi, My short answer regarding why /24 is the smallest IPv4 range you can bring to AWS is that, regardless of any cloud provider, all the ISPs have BGP policies which accept smallest IPv4 as /24 anything smaller than this is not accepted over eBGP from peers even if accepted not re-advertised with proper tagging. This is not a protocol limitation rather the agreement among ISP and NSPs. I hope that helps

a répondu il y a un an