Understanding Reserved IP Addresses in AWS VPC Subnets

When creating subnets in an Amazon Virtual Private Cloud (VPC), AWS automatically reserves five IP addresses in each subnet’s IP range. These reservations ensure the proper functioning of various internal networking features (e.g., the VPC router and DNS). Below is an overview of how these reserved addresses work and an example illustrating their impact on subnet IP usage.

Why Are There Reserved IP Addresses?

Within every subnet, AWS reserves:

1. Network address (the first IP in the subnet range)
2. VPC router address (the second IP, used as the default gateway)
3. Amazon DNS server (the third IP)
4. Reserved for future use (the fourth IP)
5. Broadcast address (the last IP in the subnet range)

This pattern ensures each subnet is self-contained and can handle routing, DNS, and any future AWS enhancements without conflicting with customer-assigned IPs.

Example: Splitting a /25 Range into Two /26 Subnets

Assume you start with a /25 CIDR range $10.x.x.0/25$. This range spans from 10.x.x.0 to 10.x.x.127 (128 total addresses). If your design requires a multi-AZ (multi-Availability Zone) setup for redundancy, you might split this /25 into two /26 subnets:

1. 10.x.x.0/26
   • IP range: 10.x.x.0 – 10.x.x.63 (64 total addresses)
2. 10.x.x.64/26
   • IP range: 10.x.x.64 – 10.x.x.127 (64 total addresses)

Each /26 subnet has 64 IP addresses. However, 5 of these are reserved by AWS in each subnet, resulting in 59 usable IP addresses per /26.

Subnet 1: 10.x.x.0/26

• CIDR Range: 10.x.x.0 – 10.x.x.63
• Reserved Addresses
  1. Network address: 10.x.x.0
  2. VPC router: 10.x.x.1
  3. Amazon DNS: 10.x.x.2
  4. Reserved (future use): 10.x.x.3
  5. Broadcast address: 10.x.x.63
• Usable Addresses: 10.x.x.4 – 10.x.x.62 (59 usable)

Subnet 2: 10.x.x.64/26

• CIDR Range: 10.x.x.64 – 10.x.x.127
• Reserved Addresses
  1. Network address: 10.x.x.64
  2. VPC router: 10.x.x.65
  3. Amazon DNS: 10.x.x.66
  4. Reserved (future use): 10.x.x.67
  5. Broadcast address: 10.x.x.127
• Usable Addresses: 10.x.x.68 – 10.x.x.126 (59 usable)

Key Takeaways

• Five IPs are always reserved in each subnet, regardless of its size.
• Splitting a subnet across multiple Availability Zones is common for high availability. Each subnet’s CIDR block is separate and has its own reserved IPs.
• For any subnet with CIDR block size $X$, the total number of IPs is 2^{(32 - X)}. Usable IPs = $-5$.

Best Practices

1. Plan for reservations: When deciding on subnet sizes, remember that you lose five addresses per subnet.
2. Use appropriate CIDR sizes: Larger CIDR blocks ($/24$, $/23$, etc.) may give you more headroom if you expect many resources.
3. Avoid overlapping CIDRs: Ensure subnet CIDR ranges do not overlap within the same VPC to maintain a clean, scalable network.
4. Consider future scaling: Subnet resizing is non-trivial; it’s best to allocate more IPs than you think you need initially.

Additional Resources

• AWS VPC Documentation – Subnets
• IP Addressing in Your VPC

Note: The exact IP addresses and subnet masks you choose will vary depending on your environment and design requirements. The reservations, however, always follow the same pattern for each subnet in a VPC.