Networking & Content Delivery

Visualize enterprise IP address management and planning with CIDR map

As organizations expand their cloud footprint, IP address management and planning grow increasingly complex. Without the ability to easily understand IP resources across the enterprise, network management tasks supporting business needs such as expansions, mergers, acquisitions, and service discontinuations can be time-consuming and challenging. For those critical networking tasks, a visualized map of your entire IPv4 and IPv6 landscape can simplify the complexity, quickly supporting business growth and agility in the cloud.

Figure 1: CIDR map in IPAM Resources page showing IPv4 pools and resources

Figure 1: CIDR map in IPAM Resources page showing IPv4 pools and resources

The CIDR map in Amazon Virtual Private Cloud (Amazon VPC) IP Address Manager (IPAM) visualizes enterprise-wide IP address allocations, expediting IPv4 and IPv6 resource management and planning. Instead of managing IP resources in a vast number of numeric CIDR notations alone, the visualization provides a consolidated view of your entire IP address allocation on a single page, allowing you to quickly gain insights into the address utilization, including the unassociated spaces.

This post explains how IPAM’s CIDR map eases IPv4 and IPv6 address management complexity, helping you to accelerate planning and decision-making as your organization scales its cloud presence.

Anatomy of CIDR map

Before going into the IP resources in the map, let’s understand the anatomy of the feature.

Figure 2: CIDR map with IPv4 grid showing 10.0.0.0/14 CIDR range

Figure 2: CIDR map with IPv4 grid showing 10.0.0.0/14 CIDR range

The CIDR map sits on top of the Resources page within the IPAM console. In Figure 2, the heading Resources within 10.0.0.0/14 before the map indicates that the visualization represents the resources within this IPv4 CIDR range, which filters out the rest of the ranges from the view. In this two-dimensional interactive visualization, rows represent network prefixes, and columns indicate starting IP addresses. The last row includes the prefix itself and all the smaller IP address ranges (with smaller prefixes) within that prefix range. For example, if the last row prefix is ≥ /20, it means the row represents resources associated with /20 CIDRs and below, down to /32 for IPv4.

Figure 3: CIDR map with IPv6 grid showing 2001:db8:1234::/54 CIDR range

Figure 3: CIDR map with IPv6 grid showing 2001:db8:1234::/54 CIDR range

Identical to the IPv4 map, the only differences in the IPv6 map are the IP address unit and prefix ranges, as shown in Figure 3.

Figure 4: Example IPv4 resources on CIDR map

Figure 4: Example IPv4 resources on CIDR map

The resources associated with the CIDRs shown in Figure 4 are VPCs, subnets, and pools. The resource CIDRs have states or statuses represented in colors. Dark gray Occupied represents a CIDR associated with a resource. Red Overlapping highlights an overlapping CIDR in which the IP address range is used by two or more resources. Light gray Available indicates an unassociated and free space. And, blue IPAM pool CIDR shows a pool that you created.

Under a pool, CIDRs with additional colors appear to indicate that they are managed by IPAM. Green shows the compliant and nonoverlapping CIDRs, and the brown indicates the noncompliant CIDRs that may need your attention. Dark gray Occupied, which is a CIDR that is ignored by IPAM, and red Overlapping, which is also an overlap, can also exist under a pool. You can find out more about the colors from the IPAM documentation: Monitor CIDR usage by resource

Managing IP resources with CIDR map

In the following examples, we will go over how to use the CIDR map to understand your IPv4 resources, implement pools, and manage networks as business needs change. IPv6 experience is identical. To view the IPv6 CIDR map, select a public scope and then select IPv6 from the dropdown menu in Resources.

Before visualizing your resources, you must create an IPAM in a Region. To get started, read Managing IP pools across VPCs and Regions using Amazon VPC IP Address Manager. It may take some time for IPAM to import resources into the CIDR map. Once the IPAM is up and running, go to Resources in IPAM.

First holistic view of your enterprise IP resources

When you provision VPCs using IPAM, it automatically allocates the next available address space without requiring you to manually input a CIDR. In the following example, however, VPCs were created before setting up IPAM. For those VPCs created before setting up IPAM, IPAM automatically imports them to the CIDR map.

Figure 5: A single consolidated block in 0.0.0.0/0 CIDR range

Figure 5: A single consolidated block in 0.0.0.0/0 CIDR range

In Figure 5, a single red block is in 0.0.0.0/0, the entire IPv4 range. When you hover over the block, the visualization shows that the red block is made of 46 VPCs in this example. From here, you can click on the red block to expand the resources and dive deeper.

Figure 6: Overlapping and occupied resources in 10.0.0.0/14 CIDR range

Figure 6: Overlapping and occupied resources in 10.0.0.0/14 CIDR range

Once you select the initial red block, the view zooms into the 10.0.0.0/14 range, revealing four smaller red blocks and several dark gray blocks within that range (Figure 6). These blocks made up the previous 8.0.0.0/6 block from Figure 5, and the red color is seeping through because of its importance. Again, a red block represents an overlapping CIDR associated with two or more resources. Dark gray Occupied represents a nonoverlapping CIDR associated with a single resource that is not part of an IPAM pool, meaning they are not managed by IPAM yet. Here, most of the VPCs are in the /20 and below range, except one 10.0.0.0/19 VPC. For further details, you can select a block to go deeper into the range.

The visualization provides a scalable, comprehensive overview of your entire IP resource landscape, even before establishing any pools. In real-world scenarios, IPAM seamlessly ingests and arranges vast quantities of resources, graphically flagging potential conflicts to deliver a holistic, at-a-glance perspective.

Working with overlaps

Figure 7: Multiple overlapping VPCs on IPv4 CIDR map

Figure 7: Multiple overlapping VPCs on IPv4 CIDR map

Overlapping IP ranges can cause network conflicts and inefficiencies, leading to potential downtime if left unnoticed. In this example, My first VPC overlaps with four store VPCs, and its IP range is adjacent to store5-vpc, which overlaps with store6-vpc. If the IP addresses were presented solely in CIDR notation, My first VPC might seem to be the only overlap contributor at first. However, the CIDR map clearly shows that there are two sets of overlapping VPCs.

Figure 8. Multiple overlapping VPCs on IPv6 CIDR map

Figure 8. Multiple overlapping VPCs on IPv6 CIDR map

With IPv6 CIDR notation in hexadecimal representation, understanding whether the store6-vpc overlaps with My first IPv6 VPC is even more challenging without visualization.

The CIDR map saves troubleshooting time by providing a clear visual representation of the overlapping resources. If My first IPv6 VPC is unused, you can either contact the owner to request its deletion or mark the resource as ignored, which will display it in dark gray.

Planning for pools

When you are ready to create pools, you can use the CIDR map to quickly see whether your existing CIDR allocations match the resources rendered in the map.

Figure 9: Discovered resources under IP address allocated to main

Figure 9: Discovered resources under IP address allocated to main

From your existing IP address allocations, you can compare whether the actual IP resources align with the allocations visually. In this case, you are comparing main with the resources under it.

Figure 10: Newly created empty regional pools under main pool

Figure 10: Newly created empty regional pools under main pool

In this example, two Regional pools, us-east-1-pool and us-west-2-pool with two CIDRs, are created under the main-pool. Your company operates physical stores, but you have not created those store pools yet to import the occupied resources. Thus, the resources are still in dark gray, meaning they are not yet managed by the pools in IPAM.

Figure 11: Discovered resources imported into store pools turned into compliant and nonoverlapping resources

Figure 11: Discovered resources imported into store pools turned into compliant and nonoverlapping resources

After creating the first two store pools (store1-pool and store2-pool) with the pool settings set to allow automatic import of discovered resources, the VPCs under those pools turn green, indicating that they are managed by IPAM and are also compliant and nonoverlapping CIDRs. If a pool will be used to allocate CIDRs to resources such as VPCs, it is recommended that you allow automatic import.

Creating the store3 pool in 10.1.0.0/17 requires an investigation because each store must have six VPCs in this example, yet only four are in the pool range indicated by the two dark gray blocks showing 2 VPCs in each.

Figure 12. Planning for store3 pool

Figure 12. Planning for store3 pool

To investigate, looking into the us-west-2-pool range can help. Here, two VPCs in the middle of the visualization are separated from the rest of the VPCs and are not under the store3 allocation, which is 10.1.0.0/17. If you cannot move those VPCs into the allocated range, splitting the pool into two is an option.

Figure 13: store3-pool with two allocated CIDRs

Figure 13: store3-pool with two allocated CIDRs

Once the store3-pool is split into two /18s instead of one /17, all six VPCs are in green, compliant, and nonoverlapping.

The CIDR map can help guide you when creating pools and allow you to quickly identify if existing CIDR allocations align with the discovered resources. This visual aid streamlines troubleshooting and facilitates splitting or adjusting pools as needed to accommodate resources, ensuring an organized and conflict-free IP address allocation across your AWS environment.

Finding unallocated IP addresses

Figure 14: Unallocated empty spaces on IPv4 CIDR map

Figure 14: Unallocated empty spaces on IPv4 CIDR map

Businesses can expand rapidly, requiring additional pools to create new VPCs. In this example, you are in the 10.0.0.0/14 range. The CIDR map quickly shows where the unallocated CIDRs are, regardless of whether those are under the main or Regional pools or completely outside the existing pools. In the map, you can easily identify the following unallocated CIDRs: 10.1.64.0/18 and 10.1.192.0/18 under the us-west-2-pool, 10.2.128.0/17 under the main-pool and 10.3.0.0/17, which does not belong to any pool.

Figure 15: Unallocated empty spaces on IPv6 CIDR map

Figure 15: Unallocated empty spaces on IPv6 CIDR map

The same applies to the IPv6 unallocated CIDRs in Figure 15, it’s easy to spot the empty spaces and quickly view the corresponding IPv6 CIDR notations.

Unallocated IP ranges are particularly valuable as organizations rapidly expand their network footprint. The CIDR map enables easy identification of these unutilized spaces, facilitating efficient IP address management practices.

Conclusion

The CIDR map provides organizations with a comprehensive and intuitive approach to managing their IPv4 and IPv6 resources across their cloud footprint. By representing IP addresses visually instead of through numeric CIDR notations, the CIDR map simplifies the complexity of enterprise-wide IP address management and planning. With this interactive visualization, organizations can gain a holistic view of their entire allocated IP address space, enabling them to quickly comprehend usage patterns, identify overlapping or unassociated IP ranges, and make informed decisions about resource allocation as their cloud presence expands. Together with IPAM, the CIDR map empowers organizations to proactively manage their IP resources, ensuring efficient utilization and minimizing administrative overhead, ultimately supporting seamless growth and agility in the cloud.

To learn more about the CIDR map, visit IPAM in the AWS Management Console.

About the authors

Simon Kim

Simon is a Senior User Experience Designer and Researcher at AWS, obsessed with creating intuitive and engaging visualizations for compute and networking services. He is passionate about delivering memorable experiences that bring happiness to customers. In his spare time, Simon loves to explore design concepts where none have gone before, experimenting with strange and extreme ideas to bring back surprising innovations.

Hemanth Vemulapalli

Hemanth is a Solutions Architect at AWS specializing in migrations with over 12 years of industry experience. He helps organizations seamlessly transition their workloads to the AWS cloud. As a trusted advisor, he leverages deep technical expertise to design and implement innovative solutions that drive business transformation. In his spare time, Hemanth like to binge TV, hike, run, and spend evenings with his family.