Before we dive into How to design AWS VPC and the 10 this to consider while setting up AWS VPC we need to have some basic understanding of what is Amazon Webservices VPC (AWS VPC).
AWS VPC is a virtual network in Amazon Cloud that lets you launch AWS resources logically and in an isolated matter. You can define this virtual network and can have complete control over its defined IP ranges (CIDR) or subnets. To know more about IP address or CIDR ranges you can refer to my article “What is IP address or CIDR range? How do IP addresses work?”. For AWS VPC design the main things that should be taken into consideration are:
We need to Create a CIDR block
Classless Inter-Domain Routing (CIDR) is a method for allocating IP addresses and for IP routing. It was introduced in 1993 by The Internet Engineering Task Force to overcome the issues of previously used classful network addressing architecture on the internet. Further can be studied about CIDR block in Wikipedia.
CIDR notation is a compact representation of an IP address and its associated network mask. It specifies an IP address, a slash (/), and the number count of a network mask. For eg. In the IP address, 192.168.0.15 with a subnet mask of 255.255.255.0 can be represented by 192.168.0.15/24. Here /24 signifies the total number of 1’s bits in the routing mask (network mask). This Network address can be shown in binary format as follows:
11111111.11111111.11111111.00000000
Here the first 24 bits are represented by 1s which is the network address and the last 8 bits are 0s which are open for use. So we can divide this representation further into small subnets which are shown in the simple table below:
| Subnet | 1 | 2 | 4 | 8 | 16 | 32 | 64 | 128 | 256 |
| Host | 256 | 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
| Subnet Mask | /24 | /25 | /26 | /27 | /28 | /29 | /30 | /31 | /32 |
Point No 1: The allowed range of CIDR block in AWS VPC is between (/28 network mask (16 IP addresses ) to /16 network mask (65,536 IP addresses).
Point No 2: CIDR block of a subnet can be same as that of the block for the VPC (for a single subnet in the VPC)
Point No 3: In a subnet CIDR block, first 4 and the last IP address are reserved by AWS and cannot be used. For example, in a subnet with block 10.0.0.0/24, the following IP address are reserved:
10.0.0.0 – Network address, 10.0.0.1 – Reserved by AWS for the VPC router, 10.0.0.2 – Reserved by AWS for future, 10.0.0.256 – Network broadcast address.
Point No 4: The CIDR Block must not overlap with any existing CIDR block that’s associated with the VPC.
Point No 5: Existing CIDR block size cannot be increases or decreased.
Subnetting is required
A subnet is the Subset of the CIDR block or in other words, we are dividing the CIDR block into smaller networks that can be used in the VPC.
Point No 6: Each subnet must reside entirely within one Availability Zone (AZ) and cannot span zones.
Point No 7: If a Subnet’s traffic is routed for public access or towards the internet then it is called a public subnet.
Point No 8: If a Subnet’s traffic is not accessible to the public then it is called a private subnet.
Point No 9: A route table has to be associated with routing traffic between different subnets or an internet gateway.
Pont No 10: VPC endpoint can be associated in the VPC to communicate between different AWS resources such as S3 without accessing the public networks or internet.
For further ease, you can use the Subnet Calculator or CIDR calculator from the web to desirably sized subnets.
[…] 10 things to consider while setting up AWS VPC […]