📡 You're offline — showing cached content
New version available!
Quick Access
🗺️ Roadmaps 🃏 Flashcards 📚 Series 🎓 Tutorials 🗺️ My Path 🎤 Mock Interview Cheat Code 📄 Resume Builder 🛠️ Dev Tools
Tutorials AWS Solutions Architect VPC CIDR Design and Subnetting

VPC CIDR Design and Subnetting

4 min read Quiz at the end
Design VPC CIDR blocks correctly, plan subnet architecture for public/private/database tiers, and avoid IP address conflicts.

VPC CIDR Design — Planning Your Network

CIDR (Classless Inter-Domain Routing) notation defines IP address ranges. Choosing the right CIDR ranges for your VPC and subnets from the beginning is critical — changing later requires rebuilding your entire network.

Teacher Note: Choosing a CIDR block is like naming streets in a new city. You cannot easily rename streets after the city is built. Plan for future growth — reserve more IP addresses than you think you need. It costs nothing to have unused IP addresses in a VPC.

CIDR Notation Refresher

10.0.0.0/16  -- 65,536 IP addresses (10.0.0.0 to 10.0.255.255)
10.0.0.0/24  -- 256 IP addresses (10.0.0.0 to 10.0.0.255)
10.0.0.0/28  -- 16 IP addresses (10.0.0.0 to 10.0.0.15)

AWS reserves 5 IPs per subnet:
10.0.0.0  -- Network address
10.0.0.1  -- VPC router
10.0.0.2  -- DNS server
10.0.0.3  -- Reserved for future
10.0.0.255 -- Broadcast address

Usable IPs in /24 subnet: 256 - 5 = 251

Standard VPC Design

VPC: 10.0.0.0/16 (65,536 IPs)

Public Subnets (one per AZ):
  10.0.1.0/24 -- us-east-1a (251 usable IPs)
  10.0.2.0/24 -- us-east-1b
  10.0.3.0/24 -- us-east-1c

Private Subnets (one per AZ):
  10.0.11.0/24 -- us-east-1a
  10.0.12.0/24 -- us-east-1b
  10.0.13.0/24 -- us-east-1c

Database Subnets (one per AZ):
  10.0.21.0/24 -- us-east-1a
  10.0.22.0/24 -- us-east-1b
  10.0.23.0/24 -- us-east-1c

CIDR Planning Rules

  • Use RFC 1918 private ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
  • Choose /16 for VPC (65k IPs) — gives room to grow
  • Use /24 subnets for most use cases (251 usable IPs)
  • Avoid overlapping with: on-premises networks, other VPCs you might peer with, partner networks
  • Reserve address space — do not use sequential ranges to leave gaps for future VPCs
Exam Tip: CIDR overlap is the #1 VPC Peering failure reason. If VPC A is 10.0.0.0/16 and VPC B is also 10.0.0.0/16, they CANNOT be peered — IP addresses conflict. Plan all VPC CIDRs in your organization to be non-overlapping from day one.