By using AWS re:Post, you agree to the Terms of Use

CIDR for VPC creation on below use case


Attached is sample diagram. Thanks

I am new on AWS, Could someone have to verify it?

Create a VPC that should be able to accommodate 20000 IPs The network should be further subdivided into 8 Sub Networks, across 2 Availability Zones 2 Public Subnets ( 100 IPs every subnet) 2 Private Application Subnets ( 2000 IPs each subnet) 2 Private Database Subnets (500 IPs each subnet) 2 Private Middleware Subnets (1000 IPs each subnet)

Please suggest the correct CIDR. Could you please verify the attached diagram or let me is there any issue with that.

Appreciate your efforts.

1 Answers

You've calculated the CIDR ranges appropriately. However, that's a very large VPC. Having a lot of instances/containers in that VPC means a significantly large blast radius if things start to fail.

You might consider splitting the public and private subnets across a third Availability Zone. In the model you have, in order to survive a catastrophic failure of an AZ you need to have 100% of the capacity in a single AZ (meaning that you need to have 200% of your available capacity running at any one time). If you are working across three AZs then you only need to have 50% in each AZ (150% of your available capacity). It's less expensive to run in three AZs than it is in two.

Given the large scale at which you wish to operate I strongly recommend you reach out to your local AWS Solutions Architect to discuss this design.

answered 25 days ago
  • Thanks for brief explain and response, However /16 have lot of waste/extra IP, our requirement only 20000 across VCP. Then further subdivided into subnets as explained on main post. What is your thought for /17.

  • Given that you're using private IP address space, whether you use a /16 or /17 is going to depend on your expansion plans in the future. If you need to expand the VPC to accommodate more resources then a /16 is good. If you are planning on using additional VPCs then a /17 is probably the right thing. Again, I would talk with your local Solutions Architect.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions