VPC networks

When creating a VPC, we always specify a network range for the VPC. This range is limited to sizes between /28 and /16 according to the Classless Inter-Domain Routing (CIDR) definition of network addressing. Each VPC network can then be further subdivided into subnets. Addressing in VPC defaults to IPv4, but IPv6 and dual stacks can be run in a VPC if required. When running IPv6 or dual stacks, we need to be aware of the implications of the protocol and its effects on how traffic will pass through to the internet and back.

When creating a network, we need to be aware of the approximate number of addresses we will be consuming in each VPC and each subnet. This is important as the provisioning process in VPC is irreversible – when we provision a network, we cannot change it. We should try and make sure that we have designed the VPC with ample space for our application to run and possibly grow with time.

We should also consider that there will be some services running in the VPC that are reserved by AWS; for example, an IP address will be consumed for the internet gateway (IGW), the DHCP service, the NAT gateway, and the reserved addresses that AWS keeps unused for future services.