All Products
Search

This Product

    Elastic Desktop Service:Plan a CIDR block

    Document Center

    Elastic Desktop Service:Plan a CIDR block

    Last Updated:Aug 08, 2025

    A CIDR block conflict can prevent you from creating an office network or provisioning the desired number of cloud computers, negatively impacting your Elastic Desktop Service experience. This topic provides instructions on how to plan your CIDR blocks to avoid these issues.

    Note

    An office network described in this topic was formerly known as a workspace. A basic office network corresponds to a basic workspace, and an advanced office network corresponds to a standard workspace.

    Scenarios

    • Plan a CIDR block when you create an Active Directory (AD) office network

      When you create an AD office network, you must attach the AD office network and your AD to a Cloud Enterprise Network (CEN) instance. In this case, you must plan a CIDR block in advance to prevent network conflicts between the virtual private cloud (VPC) of the office network and the CIDR block of the CEN instance.

    • Plan a CIDR block when you connect to a cloud computer over Alibaba Cloud VPC

      If you want to access a cloud computer over Alibaba Cloud VPC, you must use Express Connect Circuit, Smart Access Gateway (SAG), or VPN Gateway to connect the on-premises network to the cloud. In this case, you must plan a CIDR block in advance to prevent CIDR block conflicts.

    • Plan a CIDR block when you connect to a cloud computer over an internal network

      For example, if your business requires communication between an Elastic Compute Service (ECS) instance and a cloud computer, you must create a CEN instance to enable the mutual access of resources. In this case, plan the following CIDR blocks in advance: the VPC CIDR block of the ECS instance, the CIDR block of the office network in which the cloud computer resides, and the CIDR block of the transit router.

    Plan the CIDR block of an office network

    An office network VPC defines the network space for your cloud computers. It must be created manually, and its CIDR block cannot be changed after creation.

    You can use one of the following private CIDR blocks as the CIDR block of your office network VPC:

    CIDR block

    Valid subnet mask

    10.0.0.0

    12 - 24

    172.16.0.0

    12 - 24

    192.168.0.0

    16 - 24

    Examples

    For example, you want to access a cloud computer over Alibaba Cloud VPC and use Express Connect Circuit to connect your on-premises data center network to your office network VPC to enable communication between the on-premises data center and the office network.

    In this case, you can use the CIDR blocks that are described in the following table.

    Item

    CIDR block

    Office network VPC

    192.168.0.0/16

    On-premises data center network

    172.30.0.0/24

    Peer IP addresses that are configured on the virtual border router (VBR)

    • VPC side: 10.0.0.1/30

    • Data center side: 10.0.0.2/30

    • Subnet mask: 255.255.255.252

    Create the required number of cloud computers

    Cloud computers that reside in the same office network share the same VPC. When you create a cloud computer in the office network in the Elastic Desktop Service console, the system automatically assigns an IP address from the configured CIDR block to the cloud computer.

    Before you configure an office network VPC, take note of the following rules to ensure that you can create the required number of cloud computers in the office network VPC:

    • The larger the subnet mask's prefix (for example, /24 is larger than /16), the fewer IP addresses are available in the network, which limits the number of cloud computers you can create.

    • You cannot use any of the following CIDR blocks as the CIDR block of an office network VPC: 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, and 198.18.0.0/15.

      Note

      The CIDR blocks that you can use as the CIDR blocks of office network VPCs may vary. The CIDR blocks that are displayed in the Elastic Desktop Service console shall prevail.

    • The Elastic Desktop Service console displays the theoretical maximum number of available private IP addresses for a given CIDR block. However, because cloud computers may be deployed across different zones, some addresses are reserved for routing and high availability. To ensure you can create your desired number of cloud computers, we recommend choosing a CIDR block that provides at least twice the number of required IP addresses.

    Examples

    Note

    The following example shows how to plan a CIDR block and then create the required number of cloud computers. In actual business, the configurations that are displayed in the Elastic Desktop Service console shall prevail.

    For example, you want to create 190 cloud computers. To plan an IPv4 CIDR block, perform the following steps:

    1. Select an office network VPC.

      In this example, the CIDR block 10.0.0.0 is selected.

    2. Configure the subnet mask based on your business requirements.

      1. In this example, the subnet mask is set to 24. In this case, the number of available private IP addresses that are displayed in the Elastic Desktop Service console is 196.

        The value 196 indicates the maximum number of available private IP addresses. As noted previously, you should have at least twice the number of required IPs. In this case, you must adjust the subnet mask to provide more addresses.

      2. In this example, the subnet mask is reset to 23. The number of available IP addresses that are displayed in the Elastic Desktop Service console is 420. In this case, the number of available private IP addresses meets the requirement and you can create 190 cloud computers.

        Therefore, if you use the IPv4 CIDR block 10.0.0.0/23 as the CIDR block of your office network VPC, you can create the required number of cloud computers in the office network.