Intro

I am working towards the AWS Advanced Networking Speciality certification and in the excellent course by Adrian Cantrill he goes through creating a subnetting plan for a Global AWS deployment. This inspired me to come up with my own example.

In this post, I will build an AWS subnetting plan for the Uber cloud company Stratus Labs which includes both IPv4 and BYO IPv6 addressing.

Requirements

The following high-level requirements define the current and future needs for the next 18-24 months.

  • 4x AWS Accounts.
  • 4x Regional Deployments.
  • 4x VPCs Per Region.
  • 4x Availability Zones per VPC.
  • 4x Application Tiers per Availability Zone.
  • Each application Tier will have no more than 200 hosts per subnet.

Supernets

To cover the IP Addressing needs, we will utilize the following blocks of IP addresses.

IPv4 Supernet IPv6 Supernet
10.0.0.0/9 2001:db8::/44
Note
In this post I am using the IPv6 block 2001:0DB8::/32 which is assigned for documentation purposes.

Accounts

We will assign a /12 for IPv4 and a /48 for IPv6 addresses in each account.

The following table lists the supernets per-account.

Account Account IPv4 Supernet Account IPv6 Supernet
1 10.16.0.0/12 2001:db8:1::/48
2 10.32.0.0/12 2001:db8:2::/48
3 10.48.0.0/12 2001:db8:3::/48
4 10.64.0.0/12 2001:db8:4::/48
Note
In this mythical example, I am starting from 10.16.0.0/12 and 2001:db8:1::/48 to avoid previously allocated IPs from the 10.0.0.0/12 and 2001:db8::/48 ranges.

Regions

For each Region we will assign a /15 for IPv4 and a /52 for IPv6. This will allow us to assign a /18 and a /56 respectively to 4x VPCs Per-Region.

The following diagram shows the Supernet breakdown Per-VPC for each Region in Account 1.

blog/aws-subnet-plan-example/aws-vpc-subnetting-1.png
Note
For berevity, I will only breakdown the 1st account further to suit our needs. Keep in mind, the other accounts follow the same process.

The following table list the Supernet breakdown Per-VPC for each Region in Account 1.

Region Region IPv4 Supernet Region IPv6 Supernet VPC VPC IPv4 Supernet VPC IPv6 Supernet
1 10.16.0.0/15 2001:db8:1::/52 1 10.16.0.0/18 2001:db8:1::/56
1 10.16.0.0/15 2001:db8:1::/52 2 10.16.64.0/18 2001:db8:1:100::/56
1 10.16.0.0/15 2001:db8:1::/52 3 10.16.128.0/18 2001:db8:1:200::/56
1 10.16.0.0/15 2001:db8:1::/52 4 10.16.192.0/18 2001:db8:1:300::/56
2 10.18.0.0/15 2001:db8:1:1000::/52 1 10.18.0.0/18 2001:db8:1:1000::/56
2 10.18.0.0/15 2001:db8:1:1000::/52 2 10.18.64.0/18 2001:db8:1:1100::/56
2 10.18.0.0/15 2001:db8:1:1000::/52 3 10.18.128.0/18 2001:db8:1:1200::/56
2 10.18.0.0/15 2001:db8:1:1000::/52 4 10.18.192.0/18 2001:db8:1:1300::/56
3 10.20.0.0/15 2001:db8:1:2000::/52 1 10.20.0.0/18 2001:db8:1:2000::/56
3 10.20.0.0/15 2001:db8:1:2000::/52 2 10.20.64.0/18 2001:db8:1:2100::/56
3 10.20.0.0/15 2001:db8:1:2000::/52 3 10.20.128.0/18 2001:db8:1:2200::/56
3 10.20.0.0/15 2001:db8:1:2000::/52 4 10.20.192.0/18 2001:db8:1:2300::/56
4 10.22.0.0/15 2001:db8:1:3000::/52 1 10.22.0.0/18 2001:db8:1:3000::/56
4 10.22.0.0/15 2001:db8:1:3000::/52 2 10.22.64.0/18 2001:db8:1:3100::/56
4 10.22.0.0/15 2001:db8:1:3000::/52 3 10.22.128.0/18 2001:db8:1:3200::/56
4 10.22.0.0/15 2001:db8:1:3000::/52 4 10.22.192.0/18 2001:db8:1:3300::/56

Availability Zones

For each Availability Zone we will assign a /21 for IPv4 and a /60 for IPv6. This will allow us to assign a /24 and a /64 respectively to 4x Subnets Per-AZ.

The following diagram shows the Subnets allocated for each Availability Zone in VPC 1 in Region 1.

blog/aws-subnet-plan-example/aws-vpc-subnetting-2.png

The following table lists the Subnets allocated for each Availability Zone in VPC 1 in Region 1.

AZ AZ IPv4 Supernet AZ IPv6 Supernet IPv4 Subnet IPv6 Subnet App Tier
A 10.16.0.0/21 2001:db8:1::/60 10.16.0.0/24 2001:db8:1::/64 1
A 10.16.0.0/21 2001:db8:1::/60 10.16.1.0/24 2001:db8:1:1:/64 2
A 10.16.0.0/21 2001:db8:1::/60 10.16.2.0/24 2001:db8:1:2:/64 3
A 10.16.0.0/21 2001:db8:1::/60 10.16.3.0/24 2001:db8:1:3:/64 4
B 10.16.8.0/21 2001:db8:1:10::/60 10.16.8.0/24 2001:db8:1:10::/64 1
B 10.16.8.0/21 2001:db8:1:10::/60 10.16.9.0/24 2001:db8:1:11::/64 2
B 10.16.8.0/21 2001:db8:1:10::/60 10.16.10.0/24 2001:db8:1:12::/64 3
B 10.16.8.0/21 2001:db8:1:10::/60 10.16.11.0/24 2001:db8:1:13::/64 4
C 10.16.16.0/21 2001:db8:1:20::/60 10.16.16.0/24 2001:db8:1:20::/64 1
C 10.16.16.0/21 2001:db8:1:20::/60 10.16.17.0/24 2001:db8:1:21::/64 2
C 10.16.16.0/21 2001:db8:1:20::/60 10.16.18.0/24 2001:db8:1:22::/64 3
C 10.16.16.0/21 2001:db8:1:20::/60 10.16.19.0/24 2001:db8:1:23::/64 4
D 10.16.24.0/21 2001:db8:1:30::/60 10.16.24.0/24 2001:db8:1:30::/64 1
D 10.16.24.0/21 2001:db8:1:30::/60 10.16.25.0/24 2001:db8:1:31::/64 2
D 10.16.24.0/21 2001:db8:1:30::/60 10.16.26.0/24 2001:db8:1:32::/64 3
D 10.16.24.0/21 2001:db8:1:30::/60 10.16.27.0/24 2001:db8:1:33::/64 4

This gives us enough available IP addresses for each subnet per application tier with plenty of breathing room for future expansion.

Outro

When making a subnet plan, there are many variables that impact how subnets are broken down. Getting it right is often a thankless task, but pays dividents down the road.

Until next time. FLY Cloud Warriors, FLY!!!