From d2075273e2d51166ebc6d2b554362a6e704e313d Mon Sep 17 00:00:00 2001 From: Bill Beesley Date: Wed, 9 Aug 2023 13:02:24 +0100 Subject: [PATCH] feat: sort subnets to calculate by their netmask to efficiently use ip space The previous implementation calculates the ipv4 subnet cidr ranges in an arbitrary order (actually alphabetically based on the subnet type string). This means that if you have different netmasks for different subnets you end up trying to take your vpc cidr range, then cut out some small netmasks, then encounter a large netmask, at which point you have to skip a bunch of ips in order to get to the next start address for that larger netmask. In practice this causes really inefficient use of ip space. For example, with a vpc netmask of 22, 3 db subnets with a netmask of 27, 3 public subnets with a netmask of 28, 3 private subnets with a netmask of 24, and 3 transit gateway subnets with a netmask of 28, then the module is unable to calculate the cidr ranges, because first it creates the db subnets with their 27 netmask, then the public with their 28 netmask, then it gets to the private ones and has to skip a huge chunk to get to the start of a `/24` block. At this point it has skipped so many that its unable to create the remaining subnets. The fix for this is to first calculate the subnets where netmask is 24, then the ones where it is 27, then the ones where it is 28. If you do this, then the subnet calculator is then able to create all the required subnets, as its no longer skipping large chunks due to starting with small netmasks. BREAKING CHANGE: Since the subnets calculated after sorting wont be the same as those calculated without sorting, this change would cause a delete and recreate of existing subnets that were created with older versions. --- modules/calculate_subnets/main.tf | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/modules/calculate_subnets/main.tf b/modules/calculate_subnets/main.tf index 14d4604..f3c566e 100644 --- a/modules/calculate_subnets/main.tf +++ b/modules/calculate_subnets/main.tf @@ -16,6 +16,30 @@ locals { } ]]) + # map of subnet names to netmask values for looking up netmask by name + netmasks_for_subnets = { for subnet in local.calculated_subnet_objects : subnet.name => subnet.netmask } + + # sorted list of netmasks from largest to smallest so we can efficiently use the ip address space + sorted_subnet_netmasks = reverse(distinct(sort([ + for subnet in local.calculated_subnet_objects : format("%05d", subnet.netmask) + ]))) + + # list of subnet names sorted based on their netmask value (large to small) + sorted_subnet_names = compact(flatten([ + for netmask in local.sorted_subnet_netmasks : [ + for subnet in local.calculated_subnet_objects : + subnet.name if subnet.netmask == tonumber(netmask) + ] + ])) + + # list of subnet the original calculated subnet objects, but sorted based on their netmask value (large to small) + sorted_subnet_objects = [ + for name in local.sorted_subnet_names : { + name = name + netmask = local.netmasks_for_subnets[name] + } + ] + # map of explicit cidrs to az explicit_cidrs_grouped = { for _, type in local.types_with_explicit : type => zipmap(var.azs, var.subnets[type].cidrs[*]) } } @@ -27,6 +51,6 @@ module "subnet_calculator" { version = "1.0.2" base_cidr_block = var.cidr - networks = local.calculated_subnet_objects + networks = local.sorted_subnet_objects }