Why can't a subnet span availability zones in AWS?

Asked 8/6, 2020 at 6:17 Answered 16/1, 2021 at 18:25

Solved amazon-web-services network-programming amazon-ec2 amazon-vpc subnet

In AWS a VPC subnet can only reside in one availability zone. I'm curious what's the reason behind this restriction.

I don't know how AWS implements VPC under the hood. But usually VPC implementation is based on overlay network, such as VXLAN. Take VXLAN as an example, technically two endpoints in a virtual subnet can communicate as long as the two physical hosts hosting the endpoints can communicate. It shouldn't matter whether these two hosts are in an availability zone or not.

So I'm wondering what's the reason for the limitation. Is it due to performance or some other network limitations?

Pituri answered 8/6, 2020 at 6:17 Comment(0)

This is by design, a subnet association is the indicator of which availability zone your resource is located in.

For planning to improve resilience and high availability, it is key for the user to guarantee there is isolation between their resources. If a subnet could span several availability zones then you could not guarantee that their infrastructure could all be brought down by a power cut for example.

On the other hand some people want to guarantee the minimum latency between resources within their VPC environment. By deploying them all to the same subnet they can guarantee that traffic will remain inside of the same logical data centre which will provide them the best latency between services.

Led answered 8/6, 2020 at 7:6 Comment(1)

Thanks. Combing the other answer from Jarmod, I guess I can conclude the choice (AZ-local subset) is more about simplifying deployment, fault-tolerance model and performance model. Not because of any hard technical limitation. – Pituri 17/1, 2021 at 18:44

I suspect the reason is that AWS decided to segment things that way for Fault Isolation reasons.

I'm not aware of any technical reason why a given subnet could not span an entire region or even multiple regions theoretically, other than that AWS decided to make it AZ-level. Google Cloud subnets, for example, are regional, not zonal.

Breazeale answered 16/1, 2021 at 18:25 Comment(3)

Thanks. The answer makes sense to me. The GCP subnet example proves it's not due to technical reason. It's probably more a trade-off for simplified model and experience. – Pituri 17/1, 2021 at 18:50

Azure is regional as well right? Their subnets span all the AZs. And then within the resource itself you would need to specify which zone you want to put it in – Pricking 25/10, 2021 at 21:13

@Pricking yes, Azure subnets span all AZs in a region. AWS is enforcing a stricter fault isolation than GCP and Azure (more here). – Breazeale 25/10, 2021 at 21:37

Recommended topics

Hot tags