26
votes

I realized that I can create multiple AWS VPCs and Subnets with Same CIDR blocks, I am not sure what is the philosophy behind that and how it is possible.

1

1 Answers

49
votes

AWS VPCs can exist in private (RFC 1918) IPv4 space. (You can also create them with public IP CIDR blocks, but this is less common as you must own your own IPv4 block.) Private IPv4 addresses are not directly routable from the Internet, and traffic to/from the Internet must generally go through Network Address Translation (NAT). Therefore, you can have multiple occurences of the CIDR block in these private spaces because they cannot route to each other directly. You cannot have multiple subnets with the same (or overlapping) CIDR blocks in the same VPC, though, because AWS treats it as one continuous network.

Reserved RFC 1918 CIDR blocks (AWS will let you use any of these for your VPC):

  • 10.0.0.0/8 (The most commonly used, because it's the largest)
  • 192.168.0.0/16 (Also commonly used, generally on home routers or small office networks)
  • 172.16.0.0/12 (Less commonly used, because most people cannot remember how many addresses are in a /12 without a calculator)

You probably do not want to create VPCs with overlapping CIDR blocks if you're creating multiple VPCs, though, because then you cannot link them together later via VPC Peering, because the addresses would no longer be unique in the joined network space. Plan ahead for your current and possible future VPC usage, because you cannot change a VPC's CIDR block after it has been created. You'd have to move everything out and start fresh. The same goes for subnets in a VPC.