-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: sort subnets to calculate by their netmask to efficiently use ip space #130
base: main
Are you sure you want to change the base?
Conversation
…p space The previous implementation calculates the ipv4 subnet cidr ranges in an arbitrary order (actually alphabetically based on the subnet type string). This means that if you have different netmasks for different subnets you end up trying to take your vpc cidr range, then cut out some small netmasks, then encounter a large netmask, at which point you have to skip a bunch of ips in order to get to the next start address for that larger netmask. In practice this causes really inefficient use of ip space. For example, with a vpc netmask of 22, 3 db subnets with a netmask of 27, 3 public subnets with a netmask of 28, 3 private subnets with a netmask of 24, and 3 transit gateway subnets with a netmask of 28, then the module is unable to calculate the cidr ranges, because first it creates the db subnets with their 27 netmask, then the public with their 28 netmask, then it gets to the private ones and has to skip a huge chunk to get to the start of a `/24` block. At this point it has skipped so many that its unable to create the remaining subnets. The fix for this is to first calculate the subnets where netmask is 24, then the ones where it is 27, then the ones where it is 28. If you do this, then the subnet calculator is then able to create all the required subnets, as its no longer skipping large chunks due to starting with small netmasks. BREAKING CHANGE: Since the subnets calculated after sorting wont be the same as those calculated without sorting, this change would cause a delete and recreate of existing subnets that were created with older versions.
Thank you for opening this feature request & pr!. You're bringing up a good issue. This would be considered a breaking change because users who have already deployed will see their subnets drift if we implement. I'm not opposed to that at all but will need to discuss internally and we'd need to prepare a upgrade document. It might be something we sit on for a short period and include testing for when we switch to terraform test. Just trying to set expectations Again thank you very much! this looks awesome |
Yeah, I thought that would be the case, and tried to mark it as such on the commit message, but somehow forgot to note that on the PR. It does cause terraform to destroy and recreate the subnets in an existing VPC if they're different sizes. We're using a forked version of this for now to unblock ourselves, but would like to be able to move back if/when this gets merged. |
can this be behind a feature flag for a while giving people the time to migrate and test out how it works for them? |
@bbeesley thanks for this contribution, since this is a breaking change, my only request is that you create an OptimizeCIDRRanges parameter option defaulted to NO. This will ensure existing deployments are not affected. |
The previous implementation calculates the ipv4 subnet cidr ranges in an arbitrary order (actually alphabetically based on the subnet type string). This means that if you have different netmasks for different subnets you end up trying to take your vpc cidr range, then cut out some small netmasks, then encounter a large netmask, at which point you have to skip a bunch of ips in order to get to the next start address for that larger netmask. In practice this causes really inefficient use of ip space. For example, with a vpc netmask of 22, 3 db subnets with a netmask of 27, 3 public subnets with a netmask of 28, 3 private subnets with a netmask of 24, and 3 transit gateway subnets with a netmask of 28, then the module is unable to calculate the cidr ranges, because first it creates the db subnets with their 27 netmask, then the public with their 28 netmask, then it gets to the private ones and has to skip a huge chunk to get to the start of a
/24
block. At this point it has skipped so many that its unable to create the remaining subnets. The fix for this is to first calculate the subnets where netmask is 24, then the ones where it is 27, then the ones where it is 28. If you do this, then the subnet calculator is then able to create all the required subnets, as its no longer skipping large chunks due to starting with small netmasks.Example:
On the existing version, this throws an error:
On this version with sorting, it outputs the following: