From b974fa9e7d617ed5913176262c59dedd9ab14564 Mon Sep 17 00:00:00 2001 From: Dorota Wojcik Date: Mon, 11 Dec 2023 18:11:08 +0100 Subject: [PATCH 1/8] CIDR guidelines --- docs/platform/howto/byoc/create-custom-cloud.rst | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/platform/howto/byoc/create-custom-cloud.rst b/docs/platform/howto/byoc/create-custom-cloud.rst index dfec92b2d9..a42b3e5261 100644 --- a/docs/platform/howto/byoc/create-custom-cloud.rst +++ b/docs/platform/howto/byoc/create-custom-cloud.rst @@ -472,11 +472,18 @@ In the **Create custom cloud** wizard, proceed as follows: * Region * CIDR - Aiven needs CIDR for the `CIDR block of the VPC `_ that will be created in your AWS account. + **CIDR** represents an IP address range of the BYOC VPC. It needs to be specified in the IaC template so that a `CIDR block of the VPC `_ can be created in your AWS account while deploying the template. Check `the AWS documentation on VPC CIDR blocks `_ for information on VPC CIDR blocks. - * Specify inbound rules with the CIDR block notation, for example: 200.1.2.3/32 (allowing 200.1.2.3 as a single address), 0.0.0.0/0 (allowing traffic from anywhere), or 100.1.0.0/16 (allowing traffic from 100.1..). - * To create VPC peerings with that VPC, choose a CIDR block that doesn't overlap with CIDR blocks of peer VPCs. - * Keep in mind that CIDR block needs be large enough so that, after splitting it into per-region subnets, each subnet has enough addresses to fit required services. + In the **CIDR** field, specify an IP address range for the BYOC VPC using a CIDR block notation, for example: ``10.0.0.0/16``, ``172.31.0.0/16``, or ``192.168.0.0/20``. + + Make sure an IP address range you use meets the following requirements: + * IP address range is within the private IP address ranges allowed in `RFC 1918 `_. + * CIDR block size doesn't excced the ``/24`` netmask. + + .. note:: + + * To create VPC peerings with your VPC, choose a CIDR block that doesn't overlap with CIDR blocks of peer VPCs. + * Keep in mind that CIDR block needs be large enough so that, after splitting it into per-region subnets, each subnet has enough addresses to fit required services. 2. Select **Next**. From 1de04d080797c25c21e40c7dfe440b9653de20c8 Mon Sep 17 00:00:00 2001 From: Dorota Wojcik Date: Mon, 11 Dec 2023 18:18:40 +0100 Subject: [PATCH 2/8] typo --- docs/platform/howto/byoc/create-custom-cloud.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/platform/howto/byoc/create-custom-cloud.rst b/docs/platform/howto/byoc/create-custom-cloud.rst index a42b3e5261..64bc3127ca 100644 --- a/docs/platform/howto/byoc/create-custom-cloud.rst +++ b/docs/platform/howto/byoc/create-custom-cloud.rst @@ -478,7 +478,7 @@ In the **Create custom cloud** wizard, proceed as follows: Make sure an IP address range you use meets the following requirements: * IP address range is within the private IP address ranges allowed in `RFC 1918 `_. - * CIDR block size doesn't excced the ``/24`` netmask. + * CIDR block size doesn't exceed the ``/24`` netmask. .. note:: From 6be69171f61f059d1f25c7416d5728c575d987d1 Mon Sep 17 00:00:00 2001 From: Dorota Wojcik Date: Mon, 11 Dec 2023 18:23:57 +0100 Subject: [PATCH 3/8] fix --- .github/vale/dicts/aiven.dic | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/vale/dicts/aiven.dic b/.github/vale/dicts/aiven.dic index 3d20117100..8b038fe4f9 100644 --- a/.github/vale/dicts/aiven.dic +++ b/.github/vale/dicts/aiven.dic @@ -160,6 +160,7 @@ MongoDB MySQL myhoard namespace/MS +netmask NodeJS nosqlbench npm From 3ccb90c2e09d65c2789ad7af71288fbd4a4c0ba8 Mon Sep 17 00:00:00 2001 From: Dorota Wojcik Date: Mon, 11 Dec 2023 18:30:37 +0100 Subject: [PATCH 4/8] fix --- docs/platform/howto/byoc/create-custom-cloud.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/platform/howto/byoc/create-custom-cloud.rst b/docs/platform/howto/byoc/create-custom-cloud.rst index 64bc3127ca..274ce257ba 100644 --- a/docs/platform/howto/byoc/create-custom-cloud.rst +++ b/docs/platform/howto/byoc/create-custom-cloud.rst @@ -472,18 +472,19 @@ In the **Create custom cloud** wizard, proceed as follows: * Region * CIDR - **CIDR** represents an IP address range of the BYOC VPC. It needs to be specified in the IaC template so that a `CIDR block of the VPC `_ can be created in your AWS account while deploying the template. Check `the AWS documentation on VPC CIDR blocks `_ for information on VPC CIDR blocks. + **CIDR** represents an IP address range of the BYOC VPC. It needs to be specified in the IaC template so that a `CIDR block of the VPC `_ can be created in your AWS account while deploying the template. Check `the AWS documentation on VPC CIDR blocks `_ for more information. In the **CIDR** field, specify an IP address range for the BYOC VPC using a CIDR block notation, for example: ``10.0.0.0/16``, ``172.31.0.0/16``, or ``192.168.0.0/20``. Make sure an IP address range you use meets the following requirements: + * IP address range is within the private IP address ranges allowed in `RFC 1918 `_. * CIDR block size doesn't exceed the ``/24`` netmask. .. note:: - * To create VPC peerings with your VPC, choose a CIDR block that doesn't overlap with CIDR blocks of peer VPCs. - * Keep in mind that CIDR block needs be large enough so that, after splitting it into per-region subnets, each subnet has enough addresses to fit required services. + * CIDR block needs be large enough so that, after splitting it into per-region subnets, each subnet has enough addresses to fit required services. + * If creating VPC peerings, make sure a CIDR block of your VCP doesn't overlap with CIDR blocks of peer VPCs. 2. Select **Next**. From 8ec9036612fcb32437eea30e1e48c331160c3130 Mon Sep 17 00:00:00 2001 From: Dorota Wojcik Date: Mon, 11 Dec 2023 19:52:44 +0100 Subject: [PATCH 5/8] removing AWS link --- docs/platform/howto/byoc/create-custom-cloud.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/platform/howto/byoc/create-custom-cloud.rst b/docs/platform/howto/byoc/create-custom-cloud.rst index 274ce257ba..82af94d14d 100644 --- a/docs/platform/howto/byoc/create-custom-cloud.rst +++ b/docs/platform/howto/byoc/create-custom-cloud.rst @@ -472,7 +472,7 @@ In the **Create custom cloud** wizard, proceed as follows: * Region * CIDR - **CIDR** represents an IP address range of the BYOC VPC. It needs to be specified in the IaC template so that a `CIDR block of the VPC `_ can be created in your AWS account while deploying the template. Check `the AWS documentation on VPC CIDR blocks `_ for more information. + **CIDR** represents an IP address range of the BYOC VPC. It needs to be specified in the IaC template so that a CIDR block of the VPC can be created in your AWS account while deploying the template. In the **CIDR** field, specify an IP address range for the BYOC VPC using a CIDR block notation, for example: ``10.0.0.0/16``, ``172.31.0.0/16``, or ``192.168.0.0/20``. From 23333fe01e671e7784b6bea16f3482fb02a21df6 Mon Sep 17 00:00:00 2001 From: Dorota Wojcik Date: Tue, 12 Dec 2023 11:19:52 +0100 Subject: [PATCH 6/8] review comments --- docs/platform/howto/byoc/create-custom-cloud.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/platform/howto/byoc/create-custom-cloud.rst b/docs/platform/howto/byoc/create-custom-cloud.rst index 82af94d14d..53cf11cdc6 100644 --- a/docs/platform/howto/byoc/create-custom-cloud.rst +++ b/docs/platform/howto/byoc/create-custom-cloud.rst @@ -472,19 +472,19 @@ In the **Create custom cloud** wizard, proceed as follows: * Region * CIDR - **CIDR** represents an IP address range of the BYOC VPC. It needs to be specified in the IaC template so that a CIDR block of the VPC can be created in your AWS account while deploying the template. + The **CIDR** block defines the IP address range of the VPC that Aiven creates in your AWS account. Any Aiven service created in your Aiven organization will be placed in the VPC and will get an IP address within this address range. In the **CIDR** field, specify an IP address range for the BYOC VPC using a CIDR block notation, for example: ``10.0.0.0/16``, ``172.31.0.0/16``, or ``192.168.0.0/20``. Make sure an IP address range you use meets the following requirements: * IP address range is within the private IP address ranges allowed in `RFC 1918 `_. - * CIDR block size doesn't exceed the ``/24`` netmask. + * CIDR block size is between ``/16`` (65536 IP addresses) and ``/24`` (256 IP addresses). .. note:: * CIDR block needs be large enough so that, after splitting it into per-region subnets, each subnet has enough addresses to fit required services. - * If creating VPC peerings, make sure a CIDR block of your VCP doesn't overlap with CIDR blocks of peer VPCs. + * Make sure the CIDR block of your BYOC VCP doesn't overlap with the CIDR blocks of VPCs you plan to peer your BYOC VPC with. You cannot change the BYOC VPC CIDR block after your custom cloud is created. 2. Select **Next**. From dd344c3d5425f3374f6838919f54d85871a7d348 Mon Sep 17 00:00:00 2001 From: Dorota Wojcik Date: Tue, 12 Dec 2023 11:48:20 +0100 Subject: [PATCH 7/8] review comments --- docs/platform/howto/byoc/create-custom-cloud.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/platform/howto/byoc/create-custom-cloud.rst b/docs/platform/howto/byoc/create-custom-cloud.rst index 53cf11cdc6..41d34f2698 100644 --- a/docs/platform/howto/byoc/create-custom-cloud.rst +++ b/docs/platform/howto/byoc/create-custom-cloud.rst @@ -484,6 +484,9 @@ In the **Create custom cloud** wizard, proceed as follows: .. note:: * CIDR block needs be large enough so that, after splitting it into per-region subnets, each subnet has enough addresses to fit required services. + + For example, using the maximum ``/24`` prefix length, you should have up to 16 IP addresses available, which might be enough for a few services, but can pose challenges during node replacements or maintenance upgrades, when you may need extra addresses. + * Make sure the CIDR block of your BYOC VCP doesn't overlap with the CIDR blocks of VPCs you plan to peer your BYOC VPC with. You cannot change the BYOC VPC CIDR block after your custom cloud is created. 2. Select **Next**. From dba93a5d2060a072c3512c16ae581434b5af478c Mon Sep 17 00:00:00 2001 From: Dorota Wojcik Date: Tue, 12 Dec 2023 17:13:07 +0100 Subject: [PATCH 8/8] review comments --- docs/platform/howto/byoc/create-custom-cloud.rst | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/docs/platform/howto/byoc/create-custom-cloud.rst b/docs/platform/howto/byoc/create-custom-cloud.rst index 41d34f2698..05c4f04f8e 100644 --- a/docs/platform/howto/byoc/create-custom-cloud.rst +++ b/docs/platform/howto/byoc/create-custom-cloud.rst @@ -472,22 +472,19 @@ In the **Create custom cloud** wizard, proceed as follows: * Region * CIDR - The **CIDR** block defines the IP address range of the VPC that Aiven creates in your AWS account. Any Aiven service created in your Aiven organization will be placed in the VPC and will get an IP address within this address range. + The **CIDR** block defines the IP address range of the VPC that Aiven creates in your AWS account. Any Aiven service created in the custom cloud will be placed in the VPC and will get an IP address within this address range. In the **CIDR** field, specify an IP address range for the BYOC VPC using a CIDR block notation, for example: ``10.0.0.0/16``, ``172.31.0.0/16``, or ``192.168.0.0/20``. - Make sure an IP address range you use meets the following requirements: + Make sure that an IP address range you use meets the following requirements: * IP address range is within the private IP address ranges allowed in `RFC 1918 `_. * CIDR block size is between ``/16`` (65536 IP addresses) and ``/24`` (256 IP addresses). + * CIDR block is large enough to host the desired number of services after splitting it into per-availability-zone subnets. - .. note:: + For example, the smallest ``/24`` CIDR block might be enough for a few services but can pose challenges during node replacements or maintenance upgrades if running low on available free IP addresses. - * CIDR block needs be large enough so that, after splitting it into per-region subnets, each subnet has enough addresses to fit required services. - - For example, using the maximum ``/24`` prefix length, you should have up to 16 IP addresses available, which might be enough for a few services, but can pose challenges during node replacements or maintenance upgrades, when you may need extra addresses. - - * Make sure the CIDR block of your BYOC VCP doesn't overlap with the CIDR blocks of VPCs you plan to peer your BYOC VPC with. You cannot change the BYOC VPC CIDR block after your custom cloud is created. + * CIDR block of your BYOC VCP doesn't overlap with the CIDR blocks of VPCs you plan to peer your BYOC VPC with. You cannot change the BYOC VPC CIDR block after your custom cloud is created. 2. Select **Next**.