Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ec2.VPC: incorrect subnet calculation #15682

Closed
nickpowpow opened this issue Jul 21, 2021 · 4 comments
Closed

Ec2.VPC: incorrect subnet calculation #15682

nickpowpow opened this issue Jul 21, 2021 · 4 comments
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2

Comments

@nickpowpow
Copy link

nickpowpow commented Jul 21, 2021
edited by njlynch
Loading

If you put a slightly incorrect (but valid) VPC CIDR in, subnets are calculated in an odd way

Reproduction Steps

self.vpc = ec2.Vpc(self,
            f"{kwargs['env']['region']}-vpc",
            max_azs=1,
            cidr=cidr_range,
            # configuration will create 1 subnet in a single AZ.
            subnet_configuration=[ec2.SubnetConfiguration(
                    subnet_type=ec2.SubnetType.ISOLATED,
                    name="Isolated",
                    cidr_mask=24
                    )
            ]
        )

If you use "10.100.0.0/16" for cidr_range, it generates the correct 10.100.0.0/24 subnet.
If you use "10.101.1.0/16" for cidr_range, it incorrectly also generates 10.100.0.0/24 subnet which errors in Cfn on deploy.

What did you expect to happen?

I would expect CDK to parse the first 16 bits of 10.101 and store that, and generate the next set of valid subnets.

What actually happened?

CDK does something weird and generates 10.100 from a 10.101.1/16 definition.

Environment

  • CDK CLI Version : latest
  • Framework Version: python3.9
  • OS : mac

This is 🐛 Bug Report
@nickpowpow nickpowpow added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Jul 21, 2021
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Jul 21, 2021
@njlynch
Copy link
Contributor

njlynch commented Jul 23, 2021
edited
Loading

Thanks for the report @nickpowpow .

This looks like documented behavior for the underlying CidrBlock class that has existed almost since day 1 of the CDK (introduced in #250).

aws-cdk/packages/@aws-cdk/aws-ec2/lib/network-util.ts

Lines 221 to 223 in 774b9ed

* If the given `cidr` or `ipAddress` is not the beginning of the block,
* then the next available block will be returned. For example, if
* `10.0.3.1/28` is given the returned block will represent `10.0.3.16/28`.

Given the central nature of this class, I don't think we would likely opt to change this behavior without good reason and likely a feature-flag opt-in.

Is this a blocker of any kind for you, or just an oddity/annoyance?

@njlynch njlynch added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jul 23, 2021
@nickpowpow
Copy link
Author

nickpowpow commented Jul 23, 2021 via email

@NGL321 NGL321 added p2 and removed needs-triage This issue or PR still needs to be triaged. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. labels Jul 24, 2021
@njlynch njlynch added the effort/medium Medium work item – several days of effort label Aug 6, 2021
@njlynch njlynch removed their assignment Aug 6, 2021
@bruuuuuuuce
Copy link

I am facing a similar issue when using a non-standard cidr range. I am creating a vpc with the cidr 10.23.73.0/18, and am telling cdk to generate a private subnet in my vpc with a mask of 20. The deploy is failing because its trying to set the subnet cidr to 10.23.144.0/20 which is not contained by 10.23.73.0/18.

My :twocents: on how to help developers with this

  • Allow developers to define explicit cidrs for their subnets. Its a little strange to define a vpc using a cidr, but define a subnet using a mask.
ec2.SubnetConfiguration(
     subnet_type=ec2.SubnetType.ISOLATED,
     name="Isolated",
     cidr="10.0.0.0/24"
)
  • Verify that the subnet cidrs are contained within the vpc's cidr when building the template. Would be nice for this to fail at synth rather than on deploy.

@github-actions
Copy link

github-actions bot commented Dec 9, 2022

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Dec 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@njlynch @nickpowpow @NGL321 @bruuuuuuuce