# IP Subnetting

Something you need to know first: Binary Odometer

10.1.1.254 + 1 = 10.1.1.255
10.1.1.255 + 1 = 10.1.2.0
10.1.2.0 + 1 = 10.1.2.1

in reverse:

10.1.2.0 – 1 = 10.1.1.255

## Example 1

172.16.35.123/20 or 172.16.35.123 with the mask 255.255.240.0

### Quick Method

Figure out the subnets:

First subnet = 172.16.32.0

Next subnet = 172.16.48.0

172.16.32.0 + 1 = 172.16.32.1`

Last host = Broadcast – 1
`172.16.47.255 - 1 = 172.16.47.254`

### Subnetting

• Class A subnetting (255.0.0.0) support 1677214 (2^24) host per network, that way too much
• Class B subnetting (255.255.0.0) support 16382 (2^16) host per network, that way too much
• Class C subnetting (255.255.255.0) support 254 (2^8) host, more likely we subnet down to at least 254 hosts or even further

If you subnetting a network only has 2 hosts, you can subnet with (255.255.255.254) or CIDR as /31

### Network, host number

• Networks: 2^(network bits)
• one allocate for the subnet
• one allocate for the broadcast
• Hosts: 2^(host bits) – 2

### Subnetting to be short

1. “stealing” or “taking away” bits from the host portion of an address, and
2. allocating those bits to network portion

## Example 2

Origin network 10.128.192.0/18 need at least 30 subnets as many hosts as possible

1. draw the line with /18 to split network and host
2. 2^5 > 30, need 5 subnet bit, draw the line to split subnet and host
3. network/subnet portion is 8+8+7=23 bits, host portion is 32-23=9 bits
• First subnet: 10.128.192.0/23
• Second subnet: 10.128.194.0/23
• Last subnet: 10.128.254.0/23

## 第一次開發選服就烙賽

### 18.12.07 確定接下案子

• 我希望這是一個開源專案，如果要開源，會有資安上須考量的風險，加上呱吉是公眾人物，容易成為箭靶
• 短期會有高流量，分散式部署是必要的；自己沒有實際維運過分散系統，大概知道是怎麼做，但沒把握
• 重點是前端視覺與使用者體驗，但自己頂多做後端，前端雖然會寫，但根本在標準之下

## 使用 Cloud Build 搭配 Helm 改善雲端部署

1. 須根據環境 (staging, production…) 去套用不同的設定及環境變數，整合不易
2. secret 常是手動新增，如 cloudsql-proxy 的憑證，時間久了常忘記該 secret 是幹麻用的，及整個服務重新部署也會卡在這個手動步驟

1. 一鍵部署、移除
2. 可根據不同的環境採用不同變數，有幾種可行的作法
3. 可根據彈性的判斷式生成設定檔
4. chart 的版本控制 (Release)

1. 有個叢集
2. Client 端安裝 Helm ， Server 端安裝 Tiller
3. 叢集有 RBAC ，可以關閉 RBAC ，或給 Tiller 權限：
• `helm init`預設使用的服務帳戶是`default`
• 叢集的`default`服務帳戶綁定`cluster-admin`叢集角色

Helm 有提供 dependency 的功能，可以透過以下指令來部署全部的 subchart：

### 透過 Cloud Build 部署

1. Build 該映像檔並推至專案的 Container Registry
2. 參考 example 來新增流程，如`helm install``helm upgrade`
3. 若 RBAC 是啟用的狀態，須要給 Cloud Build 操作叢集的權限
• Cloud Build 的服務帳戶綁定`roles/container.admin`角色及`cluster-admin`叢集角色，請參考相關指令