VPC Knowledge

 why VPC is /16 and why subnets are /24 like 10.0.1.0/24, 10.0.2.0/24, and how to pick them correctly. Here’s the practical way.

1) Start with the VPC size (10.0.0.0/16)

10.0.0.0/16 means you have:

• IP range: 10.0.0.0 → 10.0.255.255

• Total addresses: 65,536

People choose /16 because it gives enough room to split into many subnets across multiple AZs (public + private + DB + future), without redoing networking later.

2) Then decide subnet size (why /24 is common)

10.0.1.0/24 means:

• IP range: 10.0.1.0 → 10.0.1.255

• Total addresses: 256

• Usable is less because AWS reserves 5 IPs per subnet (first 4 and last 1), so usable ≈ 251

So a /24 subnet gives you roughly 251 usable IPs, which is a nice practical “standard” size for:

• ALB, NAT, small/medium EC2 fleets, EKS nodes, etc.

3) The “how to choose” rule (simple planning logic)

Step A — Decide how many subnet types you need

A typical production layout (2 AZ) needs:

• Public subnets (ALB, NAT GW, bastion)

• Private app subnets (EC2/EKS nodes)

• Private DB subnets (RDS/ElastiCache)

So in 2 AZs, you’ll likely create 6 subnets minimum (3 types × 2 AZ).

Step B — Pick a consistent pattern

Example inside 10.0.0.0/16:

Public

• public-a: 10.0.1.0/24

• public-b: 10.0.2.0/24

Private-App

• private-app-a: 10.0.11.0/24

• private-app-b: 10.0.12.0/24

Private-DB

• private-db-a: 10.0.21.0/24

• private-db-b: 10.0.22.0/24

Why this pattern is nice:

• Easy to read and troubleshoot

• Easy to expand later (you still have a LOT of space left)

4) When NOT to use /24 (when to go bigger/smaller)

Use /23 (≈ 507 usable) or /22 (≈ 1019 usable) if:

• You plan EKS with many nodes/pods

• You expect large autoscaling

• You’ll run lots of ENIs (AWS networking gets IP-hungry)

Use /25 or /26 if:

• It’s a small lab/dev environment

• You want tighter IP usage
  (But many teams still keep /24 even for dev for simplicity.)

5) Quick cheat formula

• Want many subnets + easy future growth → VPC /16

• Want a standard subnet size that “usually works” → Subnets /24

• Want EKS/large scale → Private subnets bigger than /24

now we go deep into CIDR math 🔥
Let’s break 10.0.0.0/16 step-by-step so you understand it forever.

---

1️⃣ What does /16 actually mean?

IP addresses are 32 bits.

Example:

10.0.0.0

In binary:

00001010.00000000.00000000.00000000

The /16 means:

👉 First 16 bits are fixed (network part)
👉 Remaining 16 bits are available for hosts

So:

|---- 16 bits network ----|---- 16 bits host ----|

---

2️⃣ Why 65,536 addresses?

If 16 bits are available for hosts:

2^16 = 65,536

That’s the total number of combinations possible with 16 bits.

So:

10.0.0.0  → first IP
10.0.255.255 → last IP

Because:

• The 3rd octet (0–255) → 256 possibilities

• The 4th octet (0–255) → 256 possibilities

So:

256 × 256 = 65,536

That’s how.

---

3️⃣ Why does it go to 10.0.255.255?

Because /16 means:

• First 2 octets fixed: 10.0

• Last 2 octets free

So last two octets range:

0.0 → 255.255

So full range:

10.0.0.0
to
10.0.255.255

---

4️⃣ General CIDR Formula (Remember This Forever)

Total IPs in CIDR:

2^(32 - subnet_mask)

For /16:

2^(32 - 16)
= 2^16
= 65,536

---

5️⃣ Quick Comparison to Make It Crystal Clear

CIDR	Host Bits	Total IPs
/24	8	256
/23	9	512
/22	10	1024
/16	16	65,536

See the pattern? 🔥

---

6️⃣ Important AWS Note

AWS reserves 5 IPs per subnet (not per VPC):

• Network address

• Router

• DNS

• Future use

• Broadcast

So in a /24 (256 IPs):

Usable = 251

---

🎯 Final Simple Mental Model

Think like this:

10.0.0.0/16

Means:

10.0.X.Y

You can change X and Y from 0–255

That gives:

256 × 256 = 65,536

Now we go into pure binary conversion logic — once you understand this, subnetting becomes easy forever.
You’re asking:
Why is
10.0.0.0

written in binary as:
00001010.00000000.00000000.00000000


🧠 Step 1: Every IP octet = 8 bits
Each number between 0–255 is stored in 8 bits.
So:
Decimal range per octet: 0 – 255
Binary range: 00000000 – 11111111

Why 255?
Because:
2^8 = 256 values
0 to 255 = 256 numbers


🧮 Step 2: Convert 10 to Binary
We convert decimal 10 into binary.
Binary place values:
|128|64|32|16|8|4|2|1|
Now break 10:
10 = 8 + 2

So mark those positions as 1:
128
64
32
16
8
4
2
1
0
0
0
0
1
0
1
0
So:
10 = 00001010


🧮 Step 3: Convert 0 to Binary
0 means nothing is turned on:
128
64
32
16
8
4
2
1
0
0
0
0
0
0
0
0
So:
0 = 00000000


🧠 Step 4: Apply to Full IP
So:
10.0.0.0

Becomes:
00001010.00000000.00000000.00000000

Each dot = new 8-bit block.

🎯 Why This Matters for /16
When you say:
10.0.0.0/16

It means:
First 16 bits are fixed:
00001010.00000000

That equals:
10.0

Remaining 16 bits are free:
00000000.00000000 → 11111111.11111111

Which equals:
0.0 → 255.255

So that’s why:
10.0.0.0 → 10.0.255.255


🚀 Quick Trick to Convert Any Number to Binary
Keep subtracting powers of 2:
Example 19:
19 = 16 + 2 + 1
So:
00010011
I’ll explain ALL three clearly:


How /24 comes from /16 mathematically


How /16 splits into 256 /24 subnets


How AWS EKS consumes IPs internally (VERY important for scaling clusters)



🧮 1️⃣ How /24 Comes from /16 (Mathematically)
We know:
IP = 32 bits

/16 means:


16 bits network


16 bits host


Total IPs:
2^(32-16) = 2^16 = 65,536


/24 means:


24 bits network


8 bits host


Total IPs:
2^(32-24) = 2^8 = 256


🔥 So what changed?
When you move from /16 → /24
You borrowed:
24 - 16 = 8 bits

Those 8 bits are taken from the host portion and converted into subnet bits.
So:
/16 → /24
Network bits increased by 8
Host bits decreased by 8

That’s the key math.

🧠 2️⃣ How /16 Splits into 256 /24 Subnets
We said:
We borrowed 8 bits.
How many combinations can 8 bits produce?
2^8 = 256

So:
A /16 can create 256 different /24 subnets.

Visual Example
Start:
10.0.0.0/16

Binary form:
10.0 | third octet | fourth octet

When we convert to /24, we lock the third octet as well.
So we get:
10.0.0.0/24
10.0.1.0/24
10.0.2.0/24
...
10.0.255.0/24

Count them:
0 → 255 = 256 subnets

Each subnet has:
256 IPs

So total still equals:
256 × 256 = 65,536

Nothing is lost — just divided.

🎯 Formula to Remember Forever
If you go from /A to /B:
Number of subnets created:
2^(B - A)

Example:
2^(24 - 16) = 2^8 = 256 subnets


🚀 3️⃣ How AWS EKS Consumes IPs Internally (CRITICAL FOR MLOps)
Now this is where many people make mistakes in production.
In EKS:
👉 Every pod gets its own IP

👉 IPs are assigned from the subnet

👉 IPs come from ENIs (Elastic Network Interfaces)

🧠 How EKS IP allocation works
Each EC2 node:


Has primary ENI


Can attach multiple secondary ENIs


Each ENI has limited IPs


Example (t3.medium):


Max ENIs: 3


Max IPs per ENI: 6


So max pods per node ≈
(ENIs × IPs per ENI) - 1 primary IP

That becomes small quickly.

🔥 Why /24 Can Be Dangerous in EKS
Remember:
/24 = 256 IPs

AWS reserves 5 per subnet
So usable:
251

If:


3 AZ


1 private subnet per AZ


Each subnet has 251 usable


Now imagine:


20 nodes


Each node runs 20 pods


That’s already:
400 IPs needed

Your subnet will exhaust fast.

🎯 Real Production Rule for EKS
For serious MLOps:
Use:
/23 (512 IPs)
or
/22 (1024 IPs)

Especially if:


Running ML workloads


Using HPA


Using large auto-scaling


Using multiple microservices


Using Karpenter



🧠 Important EKS Scaling Facts


Each Pod = 1 IP


Each Node consumes multiple IPs


Services (LoadBalancer, NodePort) consume IPs


VPC CNI allocates IP blocks per node


When scaling up suddenly, you can hit:
Insufficient IP addresses in subnet

This is a very common production failure.

🏗 Proper EKS Subnet Design for You (MLOps Architecture)
Since you are building production-grade ML systems:
Recommended:
VPC:
10.0.0.0/16

Private App Subnets:
10.0.0.0/22
10.0.4.0/22
10.0.8.0/22

Public Subnets:
10.0.100.0/24
10.0.101.0/24
10.0.102.0/24

DB Subnets:
10.0.200.0/24
10.0.201.0/24
10.0.202.0/24

This gives:


Massive pod capacity


Room for future growth


No IP starvation



🧠 Final Mental Model
Think like this:
/16 = Big Land
/24 = Plots
EKS = Every house (pod) needs its own door number (IP)
More houses → Need bigger plots