AWS subnets are the division of an IP network into IP addresses. Each subnet must be connected to the routing table which specifies the routes that outbound traffic can take from the subnet. Every subnet that is created automatically links with the VPC’s main route table and the default network ACL.
To get started with AWS Subnets you will need to learn how to create subnets. Amazon VPC is a service that allows you to launch AWS resources in a defined, logically isolated virtual network. This allows you to control the virtual networking environment. You can select your own IP address range and create subnets. You can also configure route tables and network gateways.
This blog will help you to better understand subnets.
Basics of AWS Subnets & VPC
Image Source: AWSA Virtual Private Cloud (VPC) refers a virtual network that is dedicated to your AWS account. This effectively isolates you from all other virtual networks in AWS Cloud. It can also launch AWS resources, such as Amazon EC2 instances into your VPC.
You must specify a range IPv4 addresses in order to create a VPC. This is done via a Classless Inter-Domain Routing block (CIDR). Your primary CIDR block is 10.0.0.0/16.
New VPC with an IPv4 block CIDR:
These routes make up the main route table.
Destination
10.0.0.0/16
Target
Local
After creating a VPC you have the option to add one or more subnets to each Availability Zone. You can add subnets to a Local Zone. This is an AWS infrastructure deployment used for placing select services closer your end-users.
You must also specify the CIDR Block for the subnet when you create it. This is a subset the VPC CIDR blocks. Each subnet must be within one Availability Zone. It cannot span multiple zones. The term “Availability Zones” refers to locations that are designed to be isolated from failures in others Availability Zones. Each subnet is assigned a unique ID.
Below is a diagram of the VPC configuration with subnets across multiple Availability Zones.
First, the instances 1A, 2A and 3A in your VPC are instances.
The second is that the IPv6 block is linked to the VPC, while the IPv6 block is linked to subnet 1.
An internet gateway allows communication over the internet. A virtual private network connection (VPN), enables communication to your corporate network.
Image Source: AWS. However, if subnet traffic is routed through an internet gateway, the subnet can be called a public network. In the above diagram, subnet 1, is a public undernet. A private subnet is a subnet that doesn’t have an internet gateway route. The above diagram shows subnet 2.
Sizing of AWS Subnets and VPC
Amazon VPC supports IPv4 addressing. Each address can have different CIDR block sizes and quotas. You cannot change the default behavior of all subnets and VPCs that must have IPv4-CIDR blocks. You can optionally associate an IPv6CIDR block to your VPC.
1. VPC and subnet sizing of IPv4
When creating a VPC you must specify an IPv4 block for the VPC. The block size allowed is between a 16 and /28 netmask. After creating VPC you can associate secondary CIDR block with the VPC.
Image Source: AWS The block size allowed is between a/28 and /16 netmask. If you create more than one subnet within a VPC then the CIDR blocks of those subnets cannot overlap.
A VPC with CIDR block 10.0.0.0/24 supports 256 addresses. You can also break this CIDR bloc into two subnets that each support 128 IP addresses.
Firstly, subnet 10.0.0.0/25 uses CIDR block
Secondly, there are other uses of CIDR block 10.0.0.128/25
The first four IP addresses and last IP address of each subnet CIDR blocks are not available for use. They cannot also be assigned to instances. The five IP addresses below, for example, are reserved in a subnet that has CIDR block 10.0.0.0/24.
First, 10.0.0.0: Network Address.
Secondly, 10.0.0.1 is reserved by AWS for VPC router.
Third, 10.0.0.2 Reserved by AWS. The IP address of DNS server is the base for the VPC network range plus two.
Then, 10.0.0.3 is reserved by AWS for future usage.
Finally, 10.0.0.255 is the network broadcast address. There is no support for broadcasting in a VPC.
2. VPC and subnet sizing of IPv6
You can link one IPv6 CIDR Block with an existing VPC in the account or create a new VPC. The CIDR block has a prefix length of /56. You can also request an IPv6 block CIDR block from Amazon’s pool IPv6 addresses.
If you have an IPv6 block linked to your VPC, you can link it with an existing subnet in that VPC or create a new subnet. The IPv6 CIDR blocks of subnets have a fixed prefix length /64.
Create a VPC, and then specify that you want to connect an Amazon-provided IPv6 block with it. Then, Amazon assigns the following IPv6 CIDR block to your VPC: 2001:db8:1234:1a00::/56. You cannot however choose the range of IP addresses. However, you can create a subnet from this range and link an IPv6 CIDR bloc.
You can also disassociate a IPv6 block from a subnet and an IPv6 block from an IPv6 VPC. You cannot expect to receive the exact same CIDR after you have disassociated an IPv6 block from a VPC.
Remember that the first four IPv6 addresses as well as the last IPv6 address within each subnet CIDR Block are not available for you.