Skip to main content

Choosing a CIDR for your Managed Nebula Network

The first decision you will face when setting up Managed Neubla is choosing a private IPv4 address range for the overlay network to use. Managed Nebula will assign IP addresses to the hosts you create within this range that you choose. There are a few requirements, as well as some factors you may want to consider before making your choice, since the range cannot be changed after it is created.

The first requirement is that the range you choose must be included in RFC 1918 Private Address Space or RFC 6598 Shared Address Space. This means it must be a range in one of the following:

  • 192.168.0.0/16
  • 172.16.0.0/12
  • 10.0.0.0/8
  • 100.64.0.0/10

Note the use of CIDR notation to specify the ranges, which must also be used when specifying the range for your Managed Nebula network.

The most important consideration for choosing a range is to find one that does not overlap with any existing IP addresses in use on your network. Furthermore, you will also want to avoid ranges which overlap with addresses commonly used in residential and small business routers, especially if you plan to use Managed Nebula on laptops which may need to connect from home and coffee shops. Likewise, cloud provider VPCs should be considered and those addresses avoided as well.

When choosing the size of your network range, it's important to consider the maximum number of devices you anticipate joining your Managed Nebula network. Smaller networks are less likely to conflict with other private address spaces, but as it is not currently possible to expand the network range after creation, you’ll want to allow some room for growth of your network as new devices are added.

Taking these factors into account, we suggest using a reasonable CIDR range in the carrier grade NAT space (CGNAT). CGNAT encompasses 100.64.0.0/10, i.e. IP addresses from 100.64.0.0 to 100.127.255.255.

Our default recommendation when creating a Managed Nebula network is 100.100.0.0/22. This provides up to 1,022 easily recognizable addresses. This default can be customized the first time you log in to your Defined Networking account on the “Define your network” page, but cannot be changed afterwards. The number of addresses and the start and end addresses of the range you choose will be displayed underneath the input field.