- Newest
- Most votes
- Most comments
You've calculated the CIDR ranges appropriately. However, that's a very large VPC. Having a lot of instances/containers in that VPC means a significantly large blast radius if things start to fail.
You might consider splitting the public and private subnets across a third Availability Zone. In the model you have, in order to survive a catastrophic failure of an AZ you need to have 100% of the capacity in a single AZ (meaning that you need to have 200% of your available capacity running at any one time). If you are working across three AZs then you only need to have 50% in each AZ (150% of your available capacity). It's less expensive to run in three AZs than it is in two.
Given the large scale at which you wish to operate I strongly recommend you reach out to your local AWS Solutions Architect to discuss this design.
Relevant content
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Thanks for brief explain and response, However /16 have lot of waste/extra IP, our requirement only 20000 across VCP. Then further subdivided into subnets as explained on main post. What is your thought for /17.
Given that you're using private IP address space, whether you use a /16 or /17 is going to depend on your expansion plans in the future. If you need to expand the VPC to accommodate more resources then a /16 is good. If you are planning on using additional VPCs then a /17 is probably the right thing. Again, I would talk with your local Solutions Architect.