AWS Subnet Plan Example

Updated: 2023-03-21

Published: 2023-02-03

Intro

I am working towards the AWS Advanced Networking Speciality certification and in the excellent course by Adrian Cantrill he goes through creating a subnetting plan for a Global AWS deployment. This inspired me to come up with my own example.

In this post, I will build an AWS subnetting plan for the Uber cloud company Stratus Labs which includes both IPv4 and BYO IPv6 addressing.

Requirements

The following high-level requirements define the current and future needs for the next 18-24 months.

  • 4x AWS Accounts.
  • 4x Regional Deployments.
  • 4x VPCs Per Region.
  • 4x Availability Zones per VPC.
  • 4x Application Tiers per Availability Zone.
  • Each application Tier will have no more than 200 hosts per subnet.

Supernets

To cover the IP Addressing needs, we will utilize the following blocks of IP addresses.

IPv4 SupernetIPv6 Supernet
10.0.0.0/92001:db8::/44
Note
In this post I am using the IPv6 block 2001:0DB8::/32 which is assigned for documentation purposes.

Accounts

We will assign a /12 for IPv4 and a /48 for IPv6 addresses in each account.

The following table lists the supernets per-account.

AccountAccount IPv4 SupernetAccount IPv6 Supernet
110.16.0.0/122001:db8:1::/48
210.32.0.0/122001:db8:2::/48
310.48.0.0/122001:db8:3::/48
410.64.0.0/122001:db8:4::/48
Note
In this mythical example, I am starting from 10.16.0.0/12 and 2001:db8:1::/48 to avoid previously allocated IPs from the 10.0.0.0/12 and 2001:db8::/48 ranges.

Regions

For each Region we will assign a /15 for IPv4 and a /52 for IPv6. This will allow us to assign a /18 and a /56 respectively to 4x VPCs Per-Region.

The following diagram shows the Supernet breakdown Per-VPC for each Region in Account 1.

Note
For berevity, I will only breakdown the 1st account further to suit our needs. Keep in mind, the other accounts follow the same process.

The following table list the Supernet breakdown Per-VPC for each Region in Account 1.

RegionRegion IPv4 SupernetRegion IPv6 SupernetVPCVPC IPv4 SupernetVPC IPv6 Supernet
110.16.0.0/152001:db8:1::/52110.16.0.0/182001:db8:1::/56
110.16.0.0/152001:db8:1::/52210.16.64.0/182001:db8:1:100::/56
110.16.0.0/152001:db8:1::/52310.16.128.0/182001:db8:1:200::/56
110.16.0.0/152001:db8:1::/52410.16.192.0/182001:db8:1:300::/56
210.18.0.0/152001:db8:1:1000::/52110.18.0.0/182001:db8:1:1000::/56
210.18.0.0/152001:db8:1:1000::/52210.18.64.0/182001:db8:1:1100::/56
210.18.0.0/152001:db8:1:1000::/52310.18.128.0/182001:db8:1:1200::/56
210.18.0.0/152001:db8:1:1000::/52410.18.192.0/182001:db8:1:1300::/56
310.20.0.0/152001:db8:1:2000::/52110.20.0.0/182001:db8:1:2000::/56
310.20.0.0/152001:db8:1:2000::/52210.20.64.0/182001:db8:1:2100::/56
310.20.0.0/152001:db8:1:2000::/52310.20.128.0/182001:db8:1:2200::/56
310.20.0.0/152001:db8:1:2000::/52410.20.192.0/182001:db8:1:2300::/56
410.22.0.0/152001:db8:1:3000::/52110.22.0.0/182001:db8:1:3000::/56
410.22.0.0/152001:db8:1:3000::/52210.22.64.0/182001:db8:1:3100::/56
410.22.0.0/152001:db8:1:3000::/52310.22.128.0/182001:db8:1:3200::/56
410.22.0.0/152001:db8:1:3000::/52410.22.192.0/182001:db8:1:3300::/56

Availability Zones

For each Availability Zone we will assign a /21 for IPv4 and a /60 for IPv6. This will allow us to assign a /24 and a /64 respectively to 4x Subnets Per-AZ.

The following diagram shows the Subnets allocated for each Availability Zone in VPC 1 in Region 1.

The following table lists the Subnets allocated for each Availability Zone in VPC 1 in Region 1.

AZAZ IPv4 SupernetAZ IPv6 SupernetIPv4 SubnetIPv6 SubnetApp Tier
A10.16.0.0/212001:db8:1::/6010.16.0.0/242001:db8:1::/641
A10.16.0.0/212001:db8:1::/6010.16.1.0/242001:db8:1:1:/642
A10.16.0.0/212001:db8:1::/6010.16.2.0/242001:db8:1:2:/643
A10.16.0.0/212001:db8:1::/6010.16.3.0/242001:db8:1:3:/644
B10.16.8.0/212001:db8:1:10::/6010.16.8.0/242001:db8:1:10::/641
B10.16.8.0/212001:db8:1:10::/6010.16.9.0/242001:db8:1:11::/642
B10.16.8.0/212001:db8:1:10::/6010.16.10.0/242001:db8:1:12::/643
B10.16.8.0/212001:db8:1:10::/6010.16.11.0/242001:db8:1:13::/644
C10.16.16.0/212001:db8:1:20::/6010.16.16.0/242001:db8:1:20::/641
C10.16.16.0/212001:db8:1:20::/6010.16.17.0/242001:db8:1:21::/642
C10.16.16.0/212001:db8:1:20::/6010.16.18.0/242001:db8:1:22::/643
C10.16.16.0/212001:db8:1:20::/6010.16.19.0/242001:db8:1:23::/644
D10.16.24.0/212001:db8:1:30::/6010.16.24.0/242001:db8:1:30::/641
D10.16.24.0/212001:db8:1:30::/6010.16.25.0/242001:db8:1:31::/642
D10.16.24.0/212001:db8:1:30::/6010.16.26.0/242001:db8:1:32::/643
D10.16.24.0/212001:db8:1:30::/6010.16.27.0/242001:db8:1:33::/644

This gives us enough available IP addresses for each subnet per application tier with plenty of breathing room for future expansion.

Outro

When making a subnet plan, there are many variables that impact how subnets are broken down. Getting it right is often a thankless task, but pays dividends down the road.

Until next time. FLY Cloud Warriors, FLY!!!