Types of Subnets
Public Subnet: Traffic is routed to an internet gateway. Private Subnet: No route to the internet gateway. VPN-Only Subnet: No route to the internet gateway, but traffic is routed to a virtual private gateway for a VPN connection. VPC and CIDR Blocks
Master Address Range: VPC is created with a CIDR block ranging from /16 to /28. CIDR Block Immutability: Once the VPC is created, the CIDR block cannot be changed. Cannot create additional CIDR blocks that overlap with existing ones. Cannot create additional CIDR blocks in a different RFC 1918 range. Reserved IPs: The first 4 and the last 1 IP addresses in a subnet are reserved. Subnet Creation and Characteristics
AZ Specific: Subnets are created within Availability Zones (AZs) and must reside entirely within one AZ. Default Route Table: New subnets are always associated with the default route table. Isolation: Availability Zones are designed to be isolated from failures in other AZs but are connected with low latency, high throughput, and highly redundant networking. Types: Can create private, public, or VPN subnets. 1:1 Mapping: Subnets map 1:1 to AZs and cannot span across AZs. Internet Gateway and IPv6
Internet Gateway: Only one internet gateway can be attached to a custom VPC. IPv6 Addresses: All IPv6 addresses are public and allocated by AWS. Recommended IP Ranges
RFC 1918 Private IP Ranges: 10.0.0.0 – 10.255.255.255 (/8 prefix) 172.16.0.0 – 172.31.255.255 (/12 prefix) 192.168.0.0 – 192.168.255.255 (/16 prefix) Publicly Routable CIDR Block: Possible but not recommended. CIDR Block Rules
Allowed Block Size: Between a /28 netmask and /16 netmask. Non-Overlapping Subnets: CIDR blocks of the subnets within a VPC cannot overlap. Reserved IP Addresses in Subnets: For example, in a subnet with CIDR block 10.0.0.0/24: 10.0.0.0: Network address. 10.0.0.1: Reserved by AWS for the VPC route. 10.0.0.2: Reserved by AWS. 10.0.0.3: Reserved by AWS for future use. 10.0.0.255: Network broadcast address (broadcast not supported).
Subnets and Subnet Sizing