- Newest
- Most votes
- Most comments
Technically you can have any CIDR range in a VpC even those outside of RFC1918.
However you should only use RFC1918 address space if you don’t want a headache.
You don’t need to bother with a default VPC. Best practice states not to use the default one anyhow.
Create a new VPC in a different region and peer with it.
Hi,
The valid networks to be used as CIDR blocks for private networks were initially defined by IETF in RCF1918:
This table comes from following Wikipedia page: https://en.wikipedia.org/wiki/Private_network It is an interesting read when you design a new large network,
You have to stick to those if you want to avoid overlap (and then routing issues) with IP adresses officially assigned to IANA to companies or organizations.
Best,
Didier
Ok, but how to make a default VPC with any of these CIDR blocks other than 172.31.0.0?
Hi, you can create default VPC with different CIDR block by using CLI create-default-vpc: see https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-default-vpc.html
But, as stated, in the page, "You cannot specify the components of the default VPC yourself". They are defined in page https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html section "Default VPC components".
It is not best practice to actively use the default VPC because as per above it is not under your control. You should rather create your own VPC with its IGW, route table, sec group, etc. to keep things under your full and sole control. (Changes to VPC defaults in the default VPC by AWS may affect your implementation)
I want to setup VPC peering between regions.
- Good use case when only two VPC are involved, when you find the need to connect more and more VPCs together, consider using the Transit Gateway to simplify management.
Both VPC shall have different CIDR.
- strongly recommended =)
I want to delete a default VPC in the second region and make a default one with a different CIDR, 172.30.0.0/16 for example.
- You can delete the default VPC.
- Create a new VPC with whatever range you want, so long as it's unique - you can use the console wizard to provision subnets and routing easily.
- There's no reason to then designate it as the default VPC within that region. The "default VPC" designation doesn't come with any benefits.
- The new VPC you create will have a VPC ID, reference it as needed in whatever is doing the provisioning.
New instances will automatically join the peering and have access to another region without a need to choose and setup their subnets IPs etc manually.
- Well, you'll have to configure the subnet routing tables the first time on both ends. Once new instances are provisioned to either VPC thereafter, they'll be able to communicate together provided you take care of the security groups and NACLs correctly.
Relevant content
- Accepted Answerasked 2 months ago
- Accepted Answerasked a year ago
- Accepted Answerasked a day ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Have you been able to resolve your issue? If so, would you select an answer that matched your issue to close out the thread?