Skip to main content

Choosing a CIDR for your Managed Nebula Network

To get started with Managed Neubla you'll need to choose a network range. When adding hosts to the network, they'll be assigned an IP address within this range. There are a few important requirements and factors to consider before making your choice, since the range cannot be changed once it is chosen (additional networks with different ranges can be created, but devices cannot communicate across networks).

Considerations

The range you choose must be part of the RFC 1918 Private Address Space or the RFC 6598 Shared Address Space. This means it must exist within one of the following ranges:

  • 192.168.0.0/16
  • 172.16.0.0/12
  • 10.0.0.0/8
  • 100.64.0.0/10

As above, the use of CIDR notation is used to specify the range for your Managed Nebula network.

When choosing the size of your network range, it's important to consider the maximum number of devices you anticipate joining your Managed Nebula network. Smaller networks are less likely to conflict with other private address spaces, but as it is not currently possible to expand the network range after creation, you should give yourself headroom to grow the network as additional devices are added in the future.

However, the most important thing to verify when choosing a network range is that it does not overlap with any existing IP space already in use in your existing networks, or you may encounter connectivity problems. Furthermore, you will also want to avoid ranges which overlap with addresses commonly used in residential and small business routers, especially if you plan to use Managed Nebula on laptops which may need to connect from home and coffee shops. Likewise, cloud provider VPCs should be considered and those addresses avoided as well.

Recommendations

Taking these factors into account, we suggest using a reasonably-sized CIDR range within the carrier grade NAT space (CGNAT). CGNAT encompasses 100.64.0.0/10 (i.e. IP addresses from 100.64.0.0 to 100.127.255.255) and its use is uncommon on residential routers and cloud networks.

Our default recommendation when creating a Managed Nebula network is 100.100.0.0/22. This provides up to 1,022 easily recognizable addresses. This default can be customized the first time you log in to your Defined Networking account on the “Define your network” page, but cannot be changed afterwards. If you need to change the overlay IP address range used by your devices, you will need to create a second network in your account with the desired range and migrate them to that new network (network migration guide).

On this page