docs icon indicating copy to clipboard operation
docs copied to clipboard
verified publisher icon cloudposse

100.64.0.0/10 is routable address space

Open osterman opened this issue 6 years ago • 1 comments

It was raised by @Nuru that 100.64.0.0/10 is actually reserved address space. This also happens to be the kops default fornonMasqueradeCIDR: 100.64.0.0/10. So this has been in use for by kops as the default for around 2 years, and since a lot of people are using it, it should be reasonably well vetted and supported. Just be aware that it could be a bad idea to use it. The address is routable, and it routes to the carrier's NAT pool, so if it ever gets out of the cluster it will cause weird and potentially very hard-to-diagnose problems.

osterman avatar Apr 10 '19 20:04 osterman

My preferred CIDR is 172.24.0.0/13, which leaves 172.16.0.0/16 for naive users, 172.17.0.0/16 for Docker (it's default), and 172.18.0.0/16 for Docker Compose, and still gives kops 16 networks of 64k addresses each to use.

References:

  • https://tools.ietf.org/html/rfc6598
    • https://tools.ietf.org/html/rfc6598#section-4
  • https://github.com/kubernetes/kops/issues/2075
    • https://github.com/kubernetes/kops/issues/2075#issuecomment-371297643
  • https://github.com/oracle/mysql-operator/issues/190
  • https://github.com/kubernetes/kops/issues/1458
  • https://docs.docker.com/v17.09/engine/userguide/networking/#the-default-bridge-network

Nuru avatar Apr 10 '19 20:04 Nuru