3

I am a programmer trying to get Rancher (Kubernetes) setup. Rancher's config file has a setting called service_cluster_ip_range.

It expects a CIDR notated subnet.

My network team gave me a "24" subnet. They told me that the IP address range I can use is 10.70.9.11 - 10.70.9.254.

As I understand things, when you say 10.70.9.0/24 you are referring to 10.70.9.1 - 10.70.9.254.

When I asked my network team if I could have addresses 1 - 10 as well I was told that they were reserved for network gear (and that the network would fail if they gave me those addresses).

So, my question is does CIDR deal with exclusions like this? Can you say something like 10.70.9.0/24 Exluding (.1 through .10) or something like that?

Or will have have to give up a bunch of addresses and do 10.80.9.128/25?

Vaccano
  • 78,325
  • 149
  • 468
  • 850
  • 1
    Added the ip range to a cidr-calculator (https://www.ipaddressguide.com/cidr), and it seems such a range can only be expressed through multiple cidr-values. – Tobb Jan 07 '20 at 22:16
  • Also, these IPs are actually virtual (iptables), and I think they might be internal to the cluster. I haven't been able to get to the bottom of it, but there is a chance that these IPs colliding with IPs used outside of the cluster won't be a problem. – Tobb Jan 07 '20 at 22:42
  • There is no standard notation that says "use this range but exclude some addresses". That said, many tools provide a way to limit the actual range of addresses allocated from the CIDR block. This isn't an answer because I don't know if Rancher provides such a facility. – larsks Jan 07 '20 at 23:05
  • service_cluster_ip_range is the IP range k8s will use for services. Each deployed service will get an address in that range. You don't have to setup external routing tables, etc. to allocate those addresses, that range is the address range k8s will allocate within the cluster. You can, and should select an address range completely separate from your valid network addresses. – Burak Serdar Jan 07 '20 at 23:09
  • I am pretty sure the short answer to can you do any exclusions in `service_cluster_ip_range` is no. But as Tobb mentioned, those addresses on the cluster will be an internal private network. The issue will be if something on the cluster needs to reach `10.70.9.1` - `10.70.9.10`. Maybe talk with your networking team with that information, because that address space is private and doesn't need to be externally routable, so maybe they could give you a bigger contiguous block on the other private blocks 172.16.x.x or 192.168.x.x – BenH Jan 07 '20 at 23:10
  • Why do you want to retain some IP addresses? – Shashank V Jan 08 '20 at 04:50

1 Answers1

3

You cannot express exclusions with CIDR notation. You can give up bunch of IP addresses by using /25 range.

Shashank V
  • 10,007
  • 2
  • 25
  • 41