Network CIDR setting in VPC

I'm not sure what is meant by "local network". Are you adding another range to your VPC? Are you connecting your VPC to somewhere else via VPN or Direct connect?

You can (pretty much) use any IP range in your VPC that you like although there are some restrictions: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-cidr-blocks.html but for most purposes, creating a VPC with a private IP address range as listed in RFC1918 is fine. That covers the 10.x, 172.16.x and 192.168.x ranges.

You can use the 100.64.x.x range but why do that if you don't have to. There's nothing specifically "wrong" about it - there are the same risks as with any other private (ish) IP range that you might choose a range that someone else is using and you want to communicate with them. Ref: https://en.wikipedia.org/wiki/Reserved_IP_addresses

Otherwise, choose an IP range that is private and doesn't conflict with any other network that you wish to communicate with.

Hi,

The ranges of IP addresses that you can use to avoid overlapping with publicly routable Internet addresses were defined as standard RFC1918.

See https://en.wikipedia.org/wiki/Private_network for all details.

To avoid any accessibility issues of public internet sites from your VPC, you should strictly adhere to the ranges of RFC1918.

(Note: for security purposes, I have seen folks using non-1918 ranges in their VPC to make them very private: all requests from the outside could never reach them because all Internet routers would divert the IP packets somewhere else. But, it was for very special use cases.)

Best,

Didier