Skip to main content
Version: 2.3

IP Management

Configuring IP Address Range Allocations

Scope

To control the IP address ranges used to build workspace clusters, you can configure network assignments that allow Wayfinder to allocate non-overlapping network address ranges to each cluster built.

This is required for any of these scenarios:

  • Your workspace's clusters may need to be peered directly with each other.
  • You may want to peer workspace clusters to shared management networks, including the network that hosts Wayfinder itself.
  • You may want to peer workspace clusters to VPNs or direct connections to on-premise networks.

CLI Quick Reference

InstructionCLI Command
List existing network assignmentswf get assignablenetwork -w admin
Apply an assignable network yaml filewf apply -f PATH-TO-FILE.yaml
Edit a network assignmentwf edit assignablenetwork -w admin NAME

CIDR notation

Wayfinder uses CIDR (Classless Inter-Domain Routing) notation to describe networks.

This uses the format w.x.y.z/a (e.g. 10.0.0.0/8) to describe a network and size, where w.x.y.z defines the start address of the network range, and a describes how many significant bits are in that address.

A few examples:

  • 10.0.0.0/8: 10.0.0.0 - 10.255.255.255 available IPs: 16,777,216
  • 10.1.0.0/16: 10.1.0.0 - 10.1.255.255 available IPs: 65,536
  • 10.1.2.0/23: 10.1.2.0 - 10.1.3.255 available IPs: 512
  • 10.1.2.0/24: 10.1.2.0 - 10.1.2.255 available IPs: 256
  • 10.1.2.0/25: 10.1.2.0 - 10.1.2.127 available IPs: 128
  • 10.1.2.128/25: 10.1.2.128 - 10.1.2.255 available IPs: 128

Deciding network range(s) to allocate

First, you should consider how large each cluster network should be—the smallest supported is /24. You should also consider how many workloads and how much auto-scaling is likely to be needed by your workspaces to determine if this size is large enough.

AWS example

On AWS, Wayfinder splits the allocated range for a cluster into subnets for each availability zone and into public and private ranges. So a /24 gives:

  • 3 x /28 public subnets (11 usable IP addresses per AZ)
  • 3 x /26 private subnets (59 usable IP addresses per AZ)

The next consideration is how many workspaces, and how many clusters you are likely to want. You should allocate a network size that allows for this growth. Remember, you can always add more network ranges to Wayfinder if an existing range is fully allocated.

A /16 network assignment allows for 256 /24 clusters or 128 /23 clusters so is a good starting point.

If you are likely to want to peer your Wayfinder-managed infrastructure with existing networks (on cloud or on premise), ensure that the range you select is compatible with those existing networks, i.e, it is a range delegated by your organization's network team for Wayfinder to use. This will ensure these networks can be peered in the future.


Add a network allocation

You can add network allocations to AWS, GKE, and Azure clouds. When you add these allocations for a cloud provider, any new cluster plan or cluster created for that cloud provider has the option to auto-assign network ranges.

CloudSupported network types
EKSNodes
AKSNodes, Services
GKENodes, Services, Pods

You can add a range using the CLI or using Wayfinder's web interface.


Add using the CLI

To add a range from the CLI:

  1. (Optional) List existing network assignments:

    wf get assignablenetwork -w admin

  2. Prepare a .yaml file for an AssignableNetwork, such as the following:

    apiVersion: networks.appvia.io/v2beta1
    kind: AssignableNetwork
    metadata:
      name: eks
      namespace: wf-admin
    spec:
      provider: eks
      networks:
      - defaultMask: 21
        range: 10.20.0.0/16 # we should be able to fit 32 clusters in the range
        min: 21
        max: 24
        type: node
      provider: eks

  3. Apply the .yaml file using wf apply:

    wf apply -f PATH-TO-FILE.yaml

  4. (Optional) To edit a network assignment, run:

    wf edit assignablenetwork -w admin NAME

    See wf edit.


Add using Wayfinder's web interface

To add a range using Wayfinder's web interface

  1. Click Settings, navigate to Platform Setup > IP Address Ranges

  2. Click the cloud provider that you want to add a plan for, for example, Google Cloud Platform.

  3. Click Add network assignment button.

    Options for Network type differ based on which cloud you selected. The following example is for GKE network assignments.

    Set up an ip range

  1. For each network type (depending on your cloud), enter the required information as described in the table below, and then click Save.

    OptionDescription
    IP addressStart address of the network range
    NetmaskTotal size of the range to allocate from
    Smallest netmaskSmallest netmask/network size that can be chosen for a workspace cluster (counter-intuitively, this will have the highest number, for example /8)
    Default netmaskNetwork size that workspace clusters will use unless they manually request a specific range, must be equal to or larger than the minimum, and equal to or smaller than the maximum, for example /4
    Largest netmaskLargest network size that can be chosen for a workspace cluster (counter-intuitively, this will have the lowest number, for example /2)

Changing network allocations

Once a cluster is built, its network allocation is fixed. Changes made to network assignments only affect clusters built after the change is made.


Removing network allocations

If you remove all network allocations from a cloud provider, Wayfinder will not allocate networks when creating clusters. Therefore, any future clusters created will use the default IP ranges assigned in the cluster plan.

Last updated on 18 Jul 2023