AWS Subnet Plan Example
updated: 21st of March 2023
published: 3rd of February 2023
Intro
I am working towards the AWS Advanced Networking Speciality certification and in the excellent course by Adrian Cantrill he goes through creating a subnetting plan for a Global AWS deployment. This inspired me to come up with my own example.
In this post, I will build an AWS subnetting plan for the Uber cloud company Stratus Labs which includes both IPv4 and BYO IPv6 addressing.
Requirements
The following high-level requirements define the current and future needs for the next 18-24 months.
- 4x AWS Accounts.
- 4x Regional Deployments.
- 4x VPCs Per Region.
- 4x Availability Zones per VPC.
- 4x Application Tiers per Availability Zone.
- Each application Tier will have no more than 200 hosts per subnet.
Supernets
To cover the IP Addressing needs, we will utilize the following blocks of IP addresses.
| IPv4 Supernet | IPv6 Supernet |
|---|---|
| 10.0.0.0/9 | 2001:db8::/44 |
Accounts
We will assign a /12 for IPv4 and a /48 for IPv6 addresses in each account.
The following table lists the supernets per-account.
| Account | Account IPv4 Supernet | Account IPv6 Supernet |
|---|---|---|
| 1 | 10.16.0.0/12 | 2001:db8:1::/48 |
| 2 | 10.32.0.0/12 | 2001:db8:2::/48 |
| 3 | 10.48.0.0/12 | 2001:db8:3::/48 |
| 4 | 10.64.0.0/12 | 2001:db8:4::/48 |
Regions
For each Region we will assign a /15 for IPv4 and a /52 for IPv6. This will allow us to assign a /18 and a /56 respectively to 4x VPCs Per-Region.
The following diagram shows the Supernet breakdown Per-VPC for each Region in Account 1.
The following table list the Supernet breakdown Per-VPC for each Region in Account 1.
| Region | Region IPv4 Supernet | Region IPv6 Supernet | VPC | VPC IPv4 Supernet | VPC IPv6 Supernet |
|---|---|---|---|---|---|
| 1 | 10.16.0.0/15 | 2001:db8:1::/52 | 1 | 10.16.0.0/18 | 2001:db8:1::/56 |
| 1 | 10.16.0.0/15 | 2001:db8:1::/52 | 2 | 10.16.64.0/18 | 2001:db8:1:100::/56 |
| 1 | 10.16.0.0/15 | 2001:db8:1::/52 | 3 | 10.16.128.0/18 | 2001:db8:1:200::/56 |
| 1 | 10.16.0.0/15 | 2001:db8:1::/52 | 4 | 10.16.192.0/18 | 2001:db8:1:300::/56 |
| 2 | 10.18.0.0/15 | 2001:db8:1:1000::/52 | 1 | 10.18.0.0/18 | 2001:db8:1:1000::/56 |
| 2 | 10.18.0.0/15 | 2001:db8:1:1000::/52 | 2 | 10.18.64.0/18 | 2001:db8:1:1100::/56 |
| 2 | 10.18.0.0/15 | 2001:db8:1:1000::/52 | 3 | 10.18.128.0/18 | 2001:db8:1:1200::/56 |
| 2 | 10.18.0.0/15 | 2001:db8:1:1000::/52 | 4 | 10.18.192.0/18 | 2001:db8:1:1300::/56 |
| 3 | 10.20.0.0/15 | 2001:db8:1:2000::/52 | 1 | 10.20.0.0/18 | 2001:db8:1:2000::/56 |
| 3 | 10.20.0.0/15 | 2001:db8:1:2000::/52 | 2 | 10.20.64.0/18 | 2001:db8:1:2100::/56 |
| 3 | 10.20.0.0/15 | 2001:db8:1:2000::/52 | 3 | 10.20.128.0/18 | 2001:db8:1:2200::/56 |
| 3 | 10.20.0.0/15 | 2001:db8:1:2000::/52 | 4 | 10.20.192.0/18 | 2001:db8:1:2300::/56 |
| 4 | 10.22.0.0/15 | 2001:db8:1:3000::/52 | 1 | 10.22.0.0/18 | 2001:db8:1:3000::/56 |
| 4 | 10.22.0.0/15 | 2001:db8:1:3000::/52 | 2 | 10.22.64.0/18 | 2001:db8:1:3100::/56 |
| 4 | 10.22.0.0/15 | 2001:db8:1:3000::/52 | 3 | 10.22.128.0/18 | 2001:db8:1:3200::/56 |
| 4 | 10.22.0.0/15 | 2001:db8:1:3000::/52 | 4 | 10.22.192.0/18 | 2001:db8:1:3300::/56 |
Availability Zones
For each Availability Zone we will assign a /21 for IPv4 and a /60 for IPv6. This will allow us to assign a /24 and a /64 respectively to 4x Subnets Per-AZ.
The following diagram shows the Subnets allocated for each Availability Zone in VPC 1 in Region 1.
The following table lists the Subnets allocated for each Availability Zone in VPC 1 in Region 1.
| AZ | AZ IPv4 Supernet | AZ IPv6 Supernet | IPv4 Subnet | IPv6 Subnet | App Tier |
|---|---|---|---|---|---|
| A | 10.16.0.0/21 | 2001:db8:1::/60 | 10.16.0.0/24 | 2001:db8:1::/64 | 1 |
| A | 10.16.0.0/21 | 2001:db8:1::/60 | 10.16.1.0/24 | 2001:db8:1:1:/64 | 2 |
| A | 10.16.0.0/21 | 2001:db8:1::/60 | 10.16.2.0/24 | 2001:db8:1:2:/64 | 3 |
| A | 10.16.0.0/21 | 2001:db8:1::/60 | 10.16.3.0/24 | 2001:db8:1:3:/64 | 4 |
| B | 10.16.8.0/21 | 2001:db8:1:10::/60 | 10.16.8.0/24 | 2001:db8:1:10::/64 | 1 |
| B | 10.16.8.0/21 | 2001:db8:1:10::/60 | 10.16.9.0/24 | 2001:db8:1:11::/64 | 2 |
| B | 10.16.8.0/21 | 2001:db8:1:10::/60 | 10.16.10.0/24 | 2001:db8:1:12::/64 | 3 |
| B | 10.16.8.0/21 | 2001:db8:1:10::/60 | 10.16.11.0/24 | 2001:db8:1:13::/64 | 4 |
| C | 10.16.16.0/21 | 2001:db8:1:20::/60 | 10.16.16.0/24 | 2001:db8:1:20::/64 | 1 |
| C | 10.16.16.0/21 | 2001:db8:1:20::/60 | 10.16.17.0/24 | 2001:db8:1:21::/64 | 2 |
| C | 10.16.16.0/21 | 2001:db8:1:20::/60 | 10.16.18.0/24 | 2001:db8:1:22::/64 | 3 |
| C | 10.16.16.0/21 | 2001:db8:1:20::/60 | 10.16.19.0/24 | 2001:db8:1:23::/64 | 4 |
| D | 10.16.24.0/21 | 2001:db8:1:30::/60 | 10.16.24.0/24 | 2001:db8:1:30::/64 | 1 |
| D | 10.16.24.0/21 | 2001:db8:1:30::/60 | 10.16.25.0/24 | 2001:db8:1:31::/64 | 2 |
| D | 10.16.24.0/21 | 2001:db8:1:30::/60 | 10.16.26.0/24 | 2001:db8:1:32::/64 | 3 |
| D | 10.16.24.0/21 | 2001:db8:1:30::/60 | 10.16.27.0/24 | 2001:db8:1:33::/64 | 4 |
This gives us enough available IP addresses for each subnet per application tier with plenty of breathing room for future expansion.
Outro
When making a subnet plan, there are many variables that impact how subnets are broken down. Getting it right is often a thankless task, but pays dividents down the road.
Until next time. FLY Cloud Warriors, FLY!!!