Any applications where high availability needs to be deployed and maintained by the customer must be deployed in the AWS Virtual Private Cloud (VPC) service. The network service enables you to define both public and private network environments, with complete control over the routing and granular security of the network.
A VPC requires you to define a network address range and segment it into subnets. The network and subnets are defined with classless interdomain routing (CIDR) notation where each address is composed of
The network address: The number of static bits at the beginning of the address, recorded with a notation slash-number at the end of the address. For example, 10.10.0.0/16 defines that the first 16 bits (10.10) are reserved for the network and do not change.
The host address: The remaining bits not in use by the network. For example, 10.10.0.0/24 defines that only the last 8 remaining bits are dynamic and can have a value of .0 to .255.
The VPC network range is divided into one or more subnets. Each subnet defined resides in exactly one availability zone. Always choose to size the subnets appropriately to accommodate all possible instance IP addresses. This must include room for scaling and future expansion. The number of instance addresses is a factor of two on the power of available network bits minus five, which are required for the subnet basic functionality. The five addresses reserved by AWS for their use are
The network address (for example, 10.10.0.0/24)
The broadcast address (for example, 10.10.0.255)
The router at the first usable host address (for example, 10.10.0.1)
The IPAM service (DHCP/DNS) on the second usable address (for example, 10.10.0.2)
An AWS reserved address on the third usable address (for example, 10.10.0.3)
The VPC and subnet ranges are restricted to sizes between /16 and /28. This means that the VPC has support for quite a wide range of network sizes. Let’s calculate a few examples:
192.168.0.0/28: 4 bits are available for addresses. According to the definition, the number of available addressees is 24 − 5. That is 16 − 5, which means 11 addresses are available for hosts.
10.20.30.0/24: 8 bits are available for addresses. According to the definition, the number of available addressees is 28 − 5. That is 256 − 5, which means 251 addresses are available for hosts.
192.168.10.0/22: 10 bits are available for addresses. According to the definition, the number of available addressees is 210 − 5. That is 1024 − 5, which means 1019 addresses are available for hosts.
172.16.0.0/17: 15 bits are available for addresses. According to the definition, the number of available addressees is 215 − 5. That is 32,768 − 5, which means 32,763 addresses are available for hosts.
For high availability, ensure that you have created at least two subnets for each purpose or tier, with each subnet in its own availability zone. Two types of subnets can be defined within a VPC network:
A private subnet
A public subnet