Ensure IP subnet allocation accounts for expansion and availability

PostedMarch 21, 2025

UpdatedMarch 22, 2025

ByKevin McCaffrey

As workloads evolve and expand, a robust network topology is key to maintaining high availability and reliability. Proper IP subnet allocation allows for seamless scaling and effective management of resources across multiple environments, ensuring that future growth does not compromise network integrity.

Best Practices

Plan for Future Growth

Analyze current and expected workload sizes to determine appropriate IP address ranges for your VPCs.
Select a sufficient CIDR block for your VPCs based on anticipated growth, ensuring you have enough IP addresses for all potential resources and future expansion.
Consider using larger CIDR blocks to allow for subnet diversification across multiple Availability Zones to improve fault tolerance and availability.
Regularly review and adjust your subnet allocations as your service requirements evolve, taking care to document changes to your network topology.

Utilize Multi-AZ Deployments for High Availability

Design your network topology to span multiple Availability Zones (AZs) for redundancy and fault tolerance.
Allocate subnets across different AZs to ensure even distribution of resources, minimizing the impact of failures in a single AZ.
Use AWS services that inherently support high availability, such as Elastic Load Balancing and Auto Scaling, which can spread workloads across AZs.

Implement IP Address Management

Use a structured IP address management strategy to keep track of allocations and availability of IPs per subnet.
Incorporate automation tools and scripts to assist in monitoring and managing IP address usage within your VPCs.
Consider tools such as AWS Resource Groups and AWS Config Rules to help ensure compliance with your IP address management policy.

Effective Domain Name Resolution

Leverage Amazon Route 53 for domain name system (DNS) services to ensure reliable and scalable DNS resolution.
Implement private hosted zones in Route 53 for internal domain name resolution among your VPC resources, ensuring public and private IPs are easily manageable.
Regularly audit and update DNS entries to reflect any changes in your network topology, minimizing downtime caused by incorrect resolutions.

Questions to ask your team

Have you conducted an analysis to determine the maximum IP address requirements for your workloads?
Is your IP plan documented, and does it include future growth scenarios?
Are your IP subnets designed to allow for the addition of new resources without reconfiguration?
How often do you review and update your IP addressing strategy to accommodate new services?
Do you have controls in place to prevent IP address exhaustion as your workloads scale?

Who should be doing this?

Network Architect

Design and implement the overall network topology considering reliability and future scalability.
Analyze current workloads to determine appropriate IP address range allocations.
Ensure subnet allocations across Availability Zones to maximize resilience and availability.
Coordinate with teams to understand their networking needs and provide necessary infrastructure.
Evaluate and select appropriate technologies for intra- and inter-system connectivity.

Infrastructure Engineer

Deploy and maintain the virtual private cloud (VPC) infrastructure based on the designed topology.
Implement IP address management strategies for public and private IPs.
Regularly monitor and adjust subnet sizes to accommodate changes in application architecture.
Troubleshoot and resolve network-related issues impacting workload availability.

DevOps Engineer

Collaborate with the Network Architect to integrate network considerations into CI/CD pipelines.
Implement monitoring solutions for network performance and reliability.
Automate the provisioning and management of networking resources in alignment with best practices.
Ensure that workload deployments follow established network guidelines and configurations.

Security Engineer

Evaluate and ensure that network designs adhere to security protocols and standards.
Implement network access controls and monitor for unauthorized changes.
Collaborate with the Network Architect to design network security layers.
Conduct regular audits of network infrastructure and address security vulnerabilities.

What evidence shows this is happening in your organization?

IP Address Management Plan: A detailed document outlining the strategy for IP address allocation, subnetting, and addressing future growth to ensure that all workloads have sufficient IP ranges across different environments.
Network Topology Diagram: Visual representation of the network architecture, including VPC configurations, IP subnets, and the connectivity between components to illustrate future scalability and reliability.
Subnet Allocation Strategy Checklist: A checklist ensuring that subnets are allocated efficiently, considering future expansion needs and best practices for high availability across multiple Availability Zones.
Capacity Planning Document: A report detailing the anticipated workload growth and corresponding network requirements, ensuring IP subnet allocations are aligned with projected needs.
Network Design Policy: A policy document that governs how network topology is planned, including guidelines for IP address management, subnet sizing, and future expansion considerations.

Cloud Services

AWS

Amazon VPC: Amazon VPC allows you to create a virtual network in your AWS account, where you can manage IP address ranges, subnets, and route tables, enabling efficient planning for network topology.
AWS IP Address Manager (IPAM): AWS IPAM simplifies the management of IP addresses and helps you monitor IP address usage across your Amazon VPC, facilitating effective IP subnet allocation and planning.
AWS Network Manager: AWS Network Manager provides a centralized view of your global network and network topology, which is essential for planning connectivity across multiple environments.

Azure

Azure Virtual Network: Azure Virtual Network enables the creation of isolated virtual networks, allowing for precise IP address management and subnet configurations to cater for expanding workloads.
Azure Network Watcher: Azure Network Watcher provides tools to monitor and diagnose networking issues in your Azure environments, helping you ensure proper connectivity and IP management.

Google Cloud Platform

Google Cloud VPC: Google Cloud VPC enables you to create a virtual networking environment with control over IP address allocation and flexible subnetting for your applications and services.
Cloud DNS: Cloud DNS is a scalable, reliable, and managed authoritative Domain Name System (DNS) service that allows you to manage DNS records, essential for IP address management and network planning.

Question: How do you plan your network topology?
Pillar: Reliability (Code: REL)

Operational Excellence

Determine what your priorities are

Structure your organization to support your business outcomes

Organizational culture to support your business outcomes

Implement observability in your workload

Reduce defects, ease remediation, and improve flow into production

Mitigate deployment risks

Be ready to support a workload

Uilize workload observability

Understand the health of your operations

Manage workload and operations events

Evolve your operations

Security

Securely operate your workload

Manage identities for people and machines

Manage permissions for people and machines

Detect and investigate security events

Protect your network resources

Protect your compute resources

Classify your data

Protect your data at rest

Protect your data in transit

Anticipate, respond to, and recover from incidents

Incorporate and validate the security properties of applications throughout the design, development, and deployment lifecycle

Reliability

Manage service quotas and constraints

Plan your network topology

Design your workload service architecture

Design interactions in a distributed system to prevent failures

Design interactions in a distributed system to mitigate or withstand failures

Monitor workload resources

Design your workload to adapt to changes in demand

Implement change

Back up data

Fault isolation to protect your workload

Design your workload to withstand component failures

Test reliability

Plan for disaster recovery (DR)

Cost Optimization

Implement cloud financial management

Govern usage

Monitor your cost and usage

Decommission resources

Evaluate cost when you select services

Meet cost targets when you select resource type, size and number

Use pricing models to reduce cost

Plan for data transfer charges

Manage demand, and supply resources

Evaluate new services

Evaluate the cost of effort

Performance

Select the appropriate cloud resources and architecture patterns for your workload

Select and use compute resources in your workload

Store, manage, and access data in your workload

Select and configure networking resources in your workload

Support more performance efficiency for your workload

Sustainability

Select Regions for your workload

Align cloud resources to your demand

Take advantage of software and architecture patterns to support your sustainability goals

Take advantage of data management policies and patterns to support your sustainability goals

Select and use cloud hardware and services in your architecture to support your sustainability goals

Implement organizational processes support your sustainability goals