11 Matching Annotations
  1. May 2019
    1. When designing the addressing plan for an application, the primary consideration is to keep the CIDR blocks used for creating subnets within a single zone as contiguous as possible
    1. The CIDR block must not be the same or larger than the CIDR range of a route in any of the VPC route tables.
    2. You have a limit on the number of CIDR blocks you can associate with a VPC and the number of routes you can add to a route table. You cannot associate a CIDR block if this results in you exceeding your limits.
      • IPv4 CIDR blocks per VPC 5 This limit is made up of your primary CIDR block plus 4 secondary CIDR blocks.

      • Route tables per VPC


      This limit includes the main route table.

      • Routes per route table (non-propagated routes)


      You can increase this limit up to a maximum of 1000; however, network performance might be impacted. This limit is enforced separately for IPv4 routes and IPv6 routes.

      If you have more than 125 routes, we recommend that you paginate calls to describe your route tables for better performance.

    3. You cannot increase or decrease the size of an existing CIDR block.
    4. The allowed block size is between a /28 netmask and /16 netmask.
    5. Adding IPv4 CIDR Blocks to a VPC

      Expanding a VPC IPv4 CIDR block

    1. The permissible size of the block ranges between /16 netmask and a /28 netmask.

      Permissible AWS CIDR block range for AWS VPC

    1. When creating VPCs and VSwitches, you have to specify the private IP address range for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block. Private IP address range of VPC Use,, and or their subsets as the private IP address range for your VPC. Note the following when planning the private IP address range of VPC: If you have only one VPC and it does not have to communicate with a local data center, you are free to use any of the preceding IP address ranges or their subnets. If you have multiple VPCs, or you want to build a hybrid cloud composed of one or more VPCs and local data centers, we recommend that you use a subset of these standard IP address ranges as the IP address range for your VPC and make sure that the netmask is no larger than /16. You also need to consider whether the classic network is used when selecting a VPC CIDR block. If you plan to connect ECS instances in a classic network with a VPC, we recommend that you do not use the IP address range, which is also used by the classic network.

      VPC CIDR / IP Addressing plan