Last active
October 9, 2018 01:19
-
-
Save kwilczynski/551ee616c2c688c0e177daedd030fef9 to your computer and use it in GitHub Desktop.
Amazon AWS - VPC network/subnet plan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
VPC Network (CIDR) Designation Region | |
=== ============== =========== ====== | |
1 10.100.0.0/16 Management Asia Pacific (Tokyo) | |
2 10.110.0.0/16 Production Asia Pacific (Tokyo) | |
3 10.120.0.0/16 Staging Asia Pacific (Tokyo) | |
Addressing scheme: | |
10.XXX.YYY.0/16 | |
| `------ Subnet (e.g. Public and/or Private) | |
`---------- VPC (e.g. Management, Production, etc.) | |
Note: VPC peering is NOT possible across AWS regions. | |
Subnet (CIDR) Designation Availability Zone | |
============= =========== ================= | |
10.XXX.1.0/24 Public 1 (DMZ) Asia Pacific (Tokyo) - A -. | |
10.XXX.2.0/24 Public 2 (DMZ) Asia Pacific (Tokyo) - B |- Public network (NAT, bastion, etc.) | |
10.XXX.3.0/24 Public 2 (DMZ) Asia Pacific (Tokyo) - C -' | |
10.XXX.10.0/24 Private 1 (Services) Asia Pacific (Tokyo) - A -. | |
10.XXX.20.0/24 Private 2 (Services) Asia Pacific (Tokyo) - B |- Web tier (front-end) | |
10.XXX.30.0/24 Private 3 (Services) Asia Pacific (Tokyo) - C _' | |
10.XXX.110.0/24 Private 4 (Persistence) Asia Pacific (Tokyo) - A -. | |
10.XXX.120.0/24 Private 5 (Persistence) Asia Pacific (Tokyo) - B |- Database tier (back-end) | |
10.XXX.130.0/24 Private 6 (Persistence) Asia Pacific (Tokyo) - C _' | |
Note: The subnet 10.XXX.0.0/24 was left alone as Amazon reserves first | |
five (5) addresses for an internal use. | |
Address allocation: | |
10.XXX.YYY.0/24 | |
`- 10.XXX.YYY.1 - 10.XXX.YYY.10 (Reserved - Internal Use Only) | |
`- 10.XXX.YYY.11 - 10.XXX.YYY.254 | |
Note: First ten usable IP addresses of each subnet are reserved for internal use | |
only e.g. NAT instances, internal and/or external ELBs, utility servers, etc. | |
Alternatively, this can be done using 172.16.0.0/12 range split into /16 which is then | |
split into corresponding /24 e.g. | |
* 172.16.0.0/16 | |
| | |
+- 172.16.0.0/24 | |
+- 172.16.1.0/24 | |
`- 172.16.2.0/24 | |
* 172.17.0.0/16 | |
* 172.18.0.0/16 | |
* 172.19.0.0/16 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Cross region VPC peering is now available 🐼