Explore Developer Center's New Chatbot! MongoDB AI Chatbot can be accessed at the top of your navigation to answer all your MongoDB questions.

Learn why MongoDB was selected as a leader in the 2024 Gartner® Magic Quadrant™
MongoDB Developer
Atlas
plus
Sign in to follow topics
MongoDB Developer Centerchevron-right
Developer Topicschevron-right
Productschevron-right
Atlaschevron-right

CIDR Subnet Selection for MongoDB Atlas

Jay Gordon2 min read • Published Jan 10, 2022 • Updated Sep 23, 2022
Atlas
Facebook Icontwitter iconlinkedin icon
Rate this tutorial
star-empty
star-empty
star-empty
star-empty
star-empty

Introduction

One of the best features of MongoDB Atlas is the ability to peer your host VPC on your own Amazon Web Services (AWS) account to your Atlas VPC. VPC peering provides you with the ability to use the private IP range of your hosts and MongoDB Atlas cluster. This allows you to reduce your network exposure and improve security of your data. If you chose to use peering there are some considerations you should think about first in selecting the right IP block for your private traffic.

Host VPC

The host VPC is where you configure the systems that your application will use to connect to your MongoDB Atlas cluster. AWS provides your account with a default VPC for your hosts You may need to modify the default VPC or create a new one to work alongside MongoDB Atlas.
MongoDB Atlas requires your host VPC to follow the RFC-1918 standard for creating private ranges. The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:
  • 10.0.0.0 - 10.255.255.255 (10/8 prefix)
  • 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
  • 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Don't overlap your ranges!
The point of peering is to permit two private IP ranges to work in conjunction to keep your network traffic off the public internet. This will require you to use separate private IP ranges that do not conflict.
AWS standard states the following in their "Invalid VPC Peering" document:
You cannot create a VPC peering connection between VPCs with matching or overlapping IPv4 CIDR blocks.
Cannot create a VPC peering connection between VPCs with matching or overlapping IPv4 CIDR blocks
Cannot create a VPC peering connection between VPCs with matching or overlapping IPv4 CIDR blocks

MongoDB Atlas VPC

When you create a group in MongoDB Atlas, by default we provide you with an AWS VPC which you can only modify before launching your first cluster. Groups with an existing cluster CANNOT MODIFY their VPC CIDR block - this is to comply with the AWS requirement for peering. By default we create a VPC with IP range 192.168.248.0/21. To specify your IP block prior to configuring peering and launching your cluster, follow these steps:
  1. Sign up for MongoDB Atlas and ensure your payment method is completed.
  2. Click on the Network Access tab, then select Peering. You should see a page such as this which shows you that you have not launched a cluster yet:
    Create new peering connection
    Create new peering connection
  3. Click on the New Peering Connection button. You will be given a new "Peering Connection" window to add your peering details. At the bottom of this page you'll see a section to modify "Your Atlas VPC"
    Modify your Atlas VPC
    Modify your Atlas VPC
  4. If you would like to specify a different IP range, you may use one of the RFC-1918 ranges with the appropriate subnet and enter it here. It's extremely important to ensure that you choose two distinct RFC-1918 ranges. These two cannot overlap their subnets:
    Choose two distinct RFC-1918 ranges
    Choose two distinct RFC-1918 ranges
  5. Click on the Initiate Peering button and follow the directions to add the appropriate subnet ranges.

Conclusion

Using peering ensures that your database traffic remains off the public network. This provides you with a much more secure solution allowing you to easily scale up and down without specifying IP addresses each time, and reduces costs on transporting your data from server to server. At any time if you run into problems with this, our support team is always available by clicking the SUPPORT link in the lower left of your window. Our support team is happy to assist in ensuring your peering connection is properly configured.

Facebook Icontwitter iconlinkedin icon
Rate this tutorial
star-empty
star-empty
star-empty
star-empty
star-empty
Related
Tutorial

Fullstack Application Development with AWS Amplify, AppSync, and MongoDB Atlas


Dec 12, 2024 | 3 min read
Article

Using Atlas Data Federation to Control Access to Your Analytics Node


Aug 28, 2024 | 9 min read
Tutorial

How to Develop a Web App With Netlify Serverless Functions and MongoDB


Aug 30, 2024 | 6 min read
Tutorial

How to Improve LLM Applications With Parent Document Retrieval Using MongoDB and LangChain


Dec 13, 2024 | 15 min read
Table of Contents
  • Introduction