Creating and configuring a Virtual Private Cloud (VPC) within AWS can be a simple or difficult process. It all very much depends on the complexity of your requirements. For example, how many subnets and hosts will you require? Will you be using one VPC or peering multiple VPCs together? Do you need to establish connectivity back to your on-premise network? Do you need internet connectivity for your Private instances? These and many more questions need to be asked and answered before you start to design your VPC infrastructure.
As a part of this process, you will need to understand VPC Subnet configurations and VPC routing to ensure you architect your solution correctly and efficiently.
This AWS Virtual Private Cloud: Subnets and Routing course looks and VPC Subnets and VPC Routing in detail, providing examples of both across different configurations and solutions and how to best implement your network design.
- VPC CIDR Blocks - This lecture focuses on the effect of subnetting your VPC CIDR Block
- Why Subnet your VPC - This lecture looks at some of the reasons why you may want to subnet your VPC, by looking at the advantages and benefits
- VPC Subnets - This lecture dives into at what a VPC Subnet looks like within the Management Console and its associated components such as Network Access Control Lists (NACLs)
- Public & Private Subnets - This lecture looks at the differences between both Public and Private subnets within a VPC
- VPC Peering: Subnet Considerations - This lecture focuses on some of the considerations when architecting your subnets in different VPC Peering configurations
- Flow Logs: VPC Subnets - This lecture dives into at what a VPC Subnet looks like within the Management Console and its associated components such as Network Access Control Lists (NACLs)
- Demonstration: Creating a VPC & Subnets - This lecture provides a demonstration on how to set up and configure a VPC with both Public and Private subnets
- Routing Fundamentals & Route Tables - This lecture introduces AWS routing and its Routing tables by breaking down all the components within it
- Routing Priorities - This lecture explains how the routing priorities are defined for overlapping routes within the same route table
- Routing: VPC Peering - This lecture looks are different routing configurations for multiple VPC peering scenarios
- Routing: VPN Connection via a Virtual Private Gateway - This lecture looks at routing configurations for virtual Private Gateways
- Routing: Internet Gateways & NAT Gateways - This lecture looks at the routing configurations for both IGWs and NAT Gateways and the dependencies involved
- Routing: VPC Endpoints - This lecture looks at the automatic routing configuration when creating a VPC Endpoint
Hello and welcome to this lecture. We'll actually be talking about subnetting and VPC subnets in detail.
Let me start by quickly talking about what is meant by subnetting. Subnetting is the process of splitting a CIDR block into smaller CIDR blocks within the same range by using different subnet masks.
There are many reasons why you would want to do this and I'll come on to these later in this lecture. Subnetting enables you to create smaller networks using a smaller CIDR range from your larger network IP address space. For example let's say you had a CIDR block range of 10.0.0.0/16. Which as itself gives you the following network details.
This is a large IP range to have as a single network as it allows for up to 65,534 hosts. To make better use of this range and to create smaller networks allowing segmentation within your network you could subnet the CIDR block into smaller CIDR ranges using a different subnet mask, such as /17 for each subnet.
This would provide you with two different subnets with CIDR block ranges of 10.0.0.0/17 and black 10.0.128.0/17 providing the same range of host addresses minus the network and broadcast addresses for each subnet of course. You can see this by comparing the HostMin and HostMax entries between the three CIDR blocks.
Should you require more than just the two subnets which is likely than you can obviously split the original CIDR block further giving you more than just the two subnets I listed. For example, if I wanted 16 different subnets than I could subnet the CIDR block 10.0.0.0/16 by using a subnet mask of /20 for each subnet which would provide me with the following subnets.
Again this will provide the same range of host addresses minus the network and broadcast addresses for each subnet. Let's now look at how the subnetting relates to your AWS VPC. When you create a VPC you are required to enter your VPC CIDR block range. This CIDR block range will encompass the entire IP address space that you can use within that VPC.
So you need to be sure that you set the correct mask allowing you to subnet the RP space into different networks should it be required. Whilst at the same time ensuring there are enough host IP addresses for your instances available within each subnet. As a result consideration must be put to your VPC CIDR block.
At this point it's important to point out that the maximum and minimum masks for your VPC CIDR block are /16 to /28. A /16 can provide you with 65,531 usable host addresses as one single subnet. A /28 will provide you with just 11 host addresses as one single subnet. In addition to the network and broadcast address of the subnet which can't be used for host addresses AWS reserves the first three host IP addresses of each subnet for internal AWS usage.
The first host address used is for the VPC router. The second address is reserved for AWS DNS and the third address is reserved for future use. Let's look at this as an example. Sticking with the AWS VPC CIDR block of 10.0.0.0/16 let's imagine we want to create 16 subnets. We would use a /20 mask for each subnet as previously mentioned.
In this scenario one of the 16 subnets would be detailed as follows. For this subnet the AWS reservations would be reserved as 10.0.32.1. And this would be for the VPC router as this is the first host address available in the subnet. 10.0.32.2 would be for the AWS DNS being the second available address. And thirdly 10.0.32.3 which would be reserved for any future use service or feature that may be used by AWS.
Which means your available host addresses for any instances would be from 10.0.32.4 through to 10.0.47.254 giving you a total of 4,091 usable host addresses. When allocating your VPC CIDR block range for your VPC it is mandatory to specify an IPv4 range, but you also choose to associate an IPv6 range to your VPC as well.
However when selecting an IPv6 you are not able to specify the range yourself but AWS will provide a /56 IPv6 CIDR block for you from their pool of IPv6 addresses. Once you have allocated a CIDR block range for your VPC you are then ready to begin creating different subnets within your VPC. If you need help with your IP addressing and subnet calculations there are a number of free IP and subnet calculators available on the internet that will quickly help you define your requirements.
We have now come to the end of this lecture. Next I will focus on why we should consider adding subnets to a VPC.
Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.
To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.
Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.
He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.
In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.
Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.