Home › Forums › AWS › AWS Certified Advanced Networking – Specialty › VPC with private addressing – additional CIDR block
-
VPC with private addressing – additional CIDR block
staceybonso-TD updated 3 years, 8 months ago 3 Members · 4 Posts -
Hi again 🙂
I am confused about the correct answers given to this question:
###############################
45. QUESTION
Category: ANS – Design and Implement Hybrid IT Network Architectures at Scale
A large multinational organization has an existing VPC with a 10.0.0.0/16 primary CIDR block. All of the 65,531 usable IP addresses were already used. The Network Engineer has been assigned to associate new secondary CIDR blocks to scale out the VPC size.
Which of the following blocks can the Administrator associate to the existing VPC? (Select TWO.)
172.16.0.0/16
192.168.0.0/16
34.17.0.0/16
10.0.0.0/8
100.77.0.0/16
#############################
The proposed answers by the system are: 34.17.0.0/16 and 100.77.0.0/16. I quote:
==================
Conversely, if your primary CIDR block is in the 10.0.0.0/8 range then you are restricted to associate CIDR blocks from other RFC 1918* ranges (172.16.0.0/12 and 192.168.0.0/16).
Hence, the correct answers are:
34.17.0.0/16
100.77.0.0/16
==================
I think this is clearly wrong. Since the existing CIDR block (10.0.0.0/16) is part of RFC 1918, we could only use additional CIDR blocks covered by RFC 1918.
This would mean : 192.168.0.0/16 and 172.16.0.0/16
Am I missing something obvious?
Thank you for this very useful tool to prepare for the certifications!
-
Hello Rafa,
Thanks for posting your question.
Since your primary CIDR block resides within the 10.0.0.0/16 IPv4 range, you can’t add CIDR blocks from other RFC 1918* ranges (172.16.0.0/12 and 192.168.0.0/16). However, you are permitted to add any publicly routable IPv4 CIDR block (non-RFC 1918), hence the answer:
- 34.17.0.0/16
- 100.77.0.0/16
You can refer to this table from AWS documentation for more information.
I hope this helps and let us know if you have any other clarifications.
Regards,
Carlo
- This reply was modified 3 years, 8 months ago by Carlo-TutorialsDojo.
-
Hi Carlo
Thanks for the clarification. I also did what I should have done before posting (test with an actual VPC).
If I may suggest a modification to the text, I would change “you are restricted to” and write instead “you are restricted from”. Or, perhaps just say “can’t” as in your clarification.
(I’m not a native English speaker, but I’m married to one 😉 )
Cheers
Rafa
-
Thank you for the suggestion, Rafa. This is well-noted. 🙂
-
Log in to reply.