iToolVerse Logo
iToolVersev4.6

VPC Subnet Calculator

IPv4 + IPv6 subnet calculator with VLSM, IaC export, and AWS sizing cheat sheet

Calculate CIDR ranges, subnet masks (dotted, hex, binary, wildcard), and per-provider reserved IPs for AWS, GCP, Azure, and Oracle — for both IPv4 and IPv6. Split into equal subnets or variable-sized VLSM allocations. Export as Terraform, Ansible, AWS CloudFormation, Pulumi (TypeScript), JSON, or plain text. Includes a full AWS VPC sizing cheat sheet with concrete layouts for startup, small-business, mid-market, and enterprise workloads.

Input

AWS reserves 5 IPs per subnet — the first four and the broadcast.

/

Results

Export
Terraform (.tf)

Calculate a subnet first — exports will appear here.

Related developer tools

YAML Formatter & Validator
Format YAML, validate it, and convert YAML ↔ JSON with 25 Kubernetes, Docker Compose, GitHub Actions, and Ansible templates
JSON Beautify
Format, validate, and convert JSON — generate TypeScript, Go, Python, Pydantic, Rust types; tree view; auto-unstringify Redis-style JSON
Robots.txt Generator
Block AI bots (GPTBot, ClaudeBot, Google-Extended), test URLs, import existing files, or start from a platform template
Regex Tester
Test and validate regular expressions with real-time highlighting
Hash Calculator
MD5, SHA-1, SHA-256, SHA-512, SHA-3 and HMAC for text or files — plus a verify mode that auto-detects the algorithm from a published hash
HTML Viewer
Preview HTML & SVG live in your browser — works unblocked on Chromebooks, iPads, and locked-down devices

AWS VPC Subnet Sizing Cheat Sheet

Recommended CIDR layouts for typical AWS workloads, plus a complete /16/30 reference table with masks, wildcard masks, and concrete usable-IP counts (after AWS's 5 reserved IPs per subnet).

CIDR reference table (AWS-aware usable counts)

CIDRTotal IPsUsable (AWS)Subnet maskWildcardTypical use
/3040255.255.255.2520.0.0.3Point-to-point links (deprecated for AWS, use /28+)
/2983255.255.255.2480.0.0.7Tiny subnets (limited AWS support)
/281611255.255.255.2400.0.0.15AWS minimum subnet size · small services
/273227255.255.255.2240.0.0.31Database subnets · small ECS clusters
/266459255.255.255.1920.0.0.63App tiers · medium services
/25128123255.255.255.1280.0.0.127Medium deployments
/24256251255.255.255.00.0.0.255Standard subnet · 2-AZ setups
/23512507255.255.254.00.0.1.255Large app tiers
/221,0241,019255.255.252.00.0.3.255EKS node subnets · auto-scaling
/212,0482,043255.255.248.00.0.7.255Large auto-scaling groups
/204,0964,091255.255.240.00.0.15.255Per-environment tier · EKS pod CIDR
/198,1928,187255.255.224.00.0.31.255Multi-tier VPC subnet (rare)
/1816,38416,379255.255.192.00.0.63.255Mid-market VPC
/1732,76832,763255.255.128.00.0.127.255Large VPC
/1665,53665,531255.255.0.00.0.255.255AWS maximum VPC size · enterprise default

AWS reserves 5 IPs per subnet (.0, .1, .2, .3, and .255 in a /24). The “Usable” column reflects this.

Recommended layouts by scale

Concrete subnet patterns for typical AWS workloads. Each tier uses the smallest CIDR that fits without exhausting headroom too quickly.

Startup (< 50 instances)

VPC 10.0.0.0/24
10.0.0.0/26
Public subnet AZ-A (load balancers, NAT)
59 usable
10.0.0.64/26
Public subnet AZ-B
59 usable
10.0.0.128/27
Private subnet AZ-A (app)
27 usable
10.0.0.160/27
Private subnet AZ-B (app)
27 usable
10.0.0.192/28
Database AZ-A
11 usable
10.0.0.208/28
Database AZ-B
11 usable

Small business (50–500 instances)

VPC 10.0.0.0/20
10.0.0.0/22
Public tier (2 AZs)
1,019 usable
10.0.4.0/22
Private app tier
1,019 usable
10.0.8.0/24
Database tier
251 usable
10.0.9.0/26
Management / bastion
59 usable

Mid-market (500–2,000 instances)

VPC 10.0.0.0/18
10.0.0.0/20
Production tier (3 AZs)
4,091 usable
10.0.16.0/20
Staging tier
4,091 usable
10.0.32.0/22
EKS node subnets
1,019 usable
10.0.36.0/20
EKS pod CIDR (separate from nodes)
4,091 usable

Enterprise (2,000+ instances)

VPC 10.0.0.0/16
10.0.0.0/19
Production (3 AZs)
8,187 usable
10.0.32.0/19
Staging
8,187 usable
10.0.64.0/19
Development
8,187 usable
10.0.96.0/20
Shared services (DNS, monitoring)
4,091 usable
10.0.112.0/20
EKS pods (custom networking)
4,091 usable

EKS pod CIDR sizing (the #1 footgun)

By default, EKS gives every pod a real VPC IP — so the VPC subnets must be large enough to host every pod, not just every node. This is the most common reason new EKS clusters run out of IPs.

Rule of thumb:
IPs needed ≈ (max pods per node) × (max nodes). A 100-node cluster with 30 pods each = 3,000 IPs minimum (use a /19 at least).
Better approach: custom networking
Configure the VPC CNI plugin to give pods IPs from a secondary CIDR block (e.g. 100.64.0.0/16) so the main VPC isn't exhausted. The mid-market and enterprise layouts above show this pattern.

Multi-AZ pattern (the canonical AWS layout)

For high availability, replicate every tier across at least 2 AZs (3 for production). With a /22 per tier-AZ pair, a /16 VPC fits 16 unique tier-AZ combinations.

VPC               10.0.0.0/16    (65,536 addresses)
├── Public AZ-A   10.0.0.0/22    (1,022 usable)
├── Public AZ-B   10.0.4.0/22    (1,022 usable)
├── Public AZ-C   10.0.8.0/22    (1,022 usable)
├── App AZ-A      10.0.16.0/22   (1,022 usable)
├── App AZ-B      10.0.20.0/22   (1,022 usable)
├── App AZ-C      10.0.24.0/22   (1,022 usable)
├── DB AZ-A       10.0.32.0/24   (251 usable)
├── DB AZ-B       10.0.33.0/24   (251 usable)
├── DB AZ-C       10.0.34.0/24   (251 usable)
└── Mgmt          10.0.48.0/26   (59 usable)

VPC Subnet Reference

The math, the RFC numbers, and the cloud-provider quirks behind CIDR / subnetting — enough to design a VPC end-to-end without leaving the page.

Understanding CIDR notation

CIDR (Classless Inter-Domain Routing) combines an IP address with a prefix length: 10.0.0.0/24 means the first 24 bits identify the network, leaving 8 bits for hosts (256 addresses total, 254 usable after network + broadcast — or 251 on AWS where 5 are reserved). The prefix maps directly to a binary mask: /24 = 11111111.11111111.11111111.00000000 = 255.255.255.0.

RFC 1918 private IPv4 ranges

10.0.0.0/8
10.0.0.0 – 10.255.255.255
16,777,216 addresses. Preferred for cloud VPCs.
172.16.0.0/12
172.16.0.0 – 172.31.255.255
1,048,576 addresses. Default Docker bridge.
192.168.0.0/16
192.168.0.0 – 192.168.255.255
65,536 addresses. Home and SMB networks.

IPv6 prefix sizes worth knowing

PrefixSubnets / hostsTypical use
/3265,536 /48 site allocationsISP block assigned by a regional registry.
/4865,536 /64 subnetsStandard organization / site allocation.
/56256 /64 subnetsResidential / SOHO allocation (common ISP default).
/64One subnet, 2⁶⁴ hostsStandard IPv6 subnet — required for SLAAC.
/1264 addresses, 2 usableLegacy point-to-point (rarely used).
/1272 addresses, 2 usableRFC 6164 point-to-point inter-router links.

Rule of thumb: never subnet smaller than /64 unless you have a specific reason. SLAAC, mobile IPv6, and many CNI plugins require /64.

Cloud provider reserved-IP quirks

AWS VPC (5 reserved)
  • .0 network address
  • .1 VPC router
  • .2 DNS server
  • .3 reserved for future use
  • .255 broadcast (not used by AWS but reserved)
Microsoft Azure (5 reserved)
  • .0 network address
  • .1 default gateway
  • .2, .3 Azure DNS
  • .255 broadcast
Google Cloud VPC (4 reserved)
  • .0 network address
  • .1 default gateway
  • Second-to-last address
  • Last address (broadcast)
Oracle Cloud VCN (3 reserved)
  • .0 network address
  • .1 subnet default gateway
  • .255 broadcast

Best practices for VPC design

  • Start with /16 for production VPCs, even if you don't need the addresses today. Resizing later means migration pain.
  • Plan for 3 AZs, not 2 — Lambda and several managed services require at least 2 AZs and AWS recommends 3 for HA.
  • Use separate CIDR blocks per environment(prod / staging / dev) so VPC peering doesn't cause conflicts.
  • Reserve IP space before allocating — leave gaps between tiers for future expansion.
  • Document the allocation— IPAM tools (AWS VPC IPAM, Infoblox, Netbox) prevent the “who owns this CIDR” problem.
  • Don't use 172.17.0.0/16as your VPC CIDR — that's the default Docker bridge, and containers running on EC2 instances will lose connectivity.

Useful RFCs

  • RFC 1918 — IPv4 private address space (10.0/8, 172.16/12, 192.168/16)
  • RFC 4193 — IPv6 unique local addresses (fc00::/7)
  • RFC 4291 — IPv6 addressing architecture
  • RFC 6164 — Using /127 prefixes on inter-router links
  • RFC 6177 — IPv6 address assignment to end sites (the /48 vs /56 debate)
  • RFC 6303 — Locally-served DNS zones

Frequently Asked Questions

Common questions about VPC subnets, CIDR notation, IPv6 prefixes, EKS pod CIDR sizing, and AWS reserved IPs.