Setting Up a VPC with Subnet

This guide explains how to create a Virtual Private Cloud (VPC) and subnet in Thalassa Cloud using the tcloud CLI. VPCs provide isolated network environments for your cloud resources, while subnets allow you to segment and organise workloads within a VPC.

Prerequisites

tcloud CLI installed and configured
Authenticated with a personal access token or OIDC credentials
Appropriate permissions to create VPCs and subnets in your organisation

For CLI installation and authentication, see the Installing tcloud CLI guide.

Overview

The process involves two main steps:

Create a VPC to define an isolated network environment
Create a subnet within the VPC to segment your workloads

Step 1: Create a VPC

Step 1.1: List Available Regions

First, check available regions for your organisation:

tcloud regions list

Note the region identifier you want to use (e.g., nl-01).

Step 1.2: Create the VPC

Create a VPC with a name, region, and CIDR block:

tcloud networking vpcs create \
  --name my-vpc \
  --region nl-01 \
  --cidrs 10.0.0.0/16 \
  --description "Production VPC for application workloads"

Parameters:

--name: A descriptive name for your VPC
--region: The region where the VPC will be created
--cidrs: CIDR block(s) for the VPC (default: 10.0.0.0/16). You can specify multiple CIDRs
--description: Optional description of the VPC’s purpose

Example output:

VPC created successfully
Identity: vpc-12345678-abcd-efgh-ijkl-9876543210ab
Name: my-vpc
Region: nl-01
CIDRs: [10.0.0.0/16]

Step 1.3: Verify VPC Creation

List all VPCs to verify your VPC was created:

tcloud networking vpcs list

You can also filter by label selector if you’ve added labels:

tcloud networking vpcs list --selector environment=production

Step 2: Create a Subnet

Step 2.1: Get VPC Identity

Note the VPC identity from the previous step, or list VPCs to find it:

tcloud networking vpcs list

The identity is shown in the output (e.g., vpc-12345678-abcd-efgh-ijkl-9876543210ab).

Step 2.2: Create the Subnet

Create a subnet within your VPC:

tcloud networking subnets create \
  --name my-subnet \
  --vpc vpc-12345678-abcd-efgh-ijkl-9876543210ab \
  --cidr 10.0.1.0/24 \
  --description "Subnet for web tier workloads"

Parameters:

--name: A descriptive name for your subnet
--vpc: The VPC identity where the subnet will be created
--cidr: CIDR block for the subnet (must be within the VPC’s CIDR range)
--description: Optional description of the subnet’s purpose

Important: The subnet CIDR must be within the VPC’s CIDR range. For example, if your VPC uses 10.0.0.0/16, your subnet can use 10.0.1.0/24, 10.0.2.0/24, etc.

Step 2.3: Verify Subnet Creation

List all subnets to verify your subnet was created:

tcloud networking subnets list

Filter subnets by VPC using a label selector or by viewing subnet details:

tcloud networking subnets list --selector vpc=vpc-12345678-abcd-efgh-ijkl-9876543210ab

Complete Example

Here’s a complete example workflow:

# 1. List available regions
tcloud regions list

# 2. Create VPC
tcloud networking vpcs create \
  --name production-vpc \
  --region nl-01 \
  --cidrs 10.0.0.0/16 \
  --description "Production VPC"

# Note the VPC identity from output: vpc-abc123...

# 3. Create subnet for web tier
tcloud networking subnets create \
  --name web-subnet \
  --vpc vpc-abc123... \
  --cidr 10.0.1.0/24 \
  --description "Web tier subnet"

# 4. Create subnet for application tier
tcloud networking subnets create \
  --name app-subnet \
  --vpc vpc-abc123... \
  --cidr 10.0.2.0/24 \
  --description "Application tier subnet"

# 5. Verify all subnets
tcloud networking subnets list

Network Planning Best Practices

When creating VPCs and subnets, consider the following best practices and the reasons behind them:

CIDR Sizing: Choose VPC CIDR blocks large enough for future growth. We recommend using a /21 CIDR block for most VPCs, as it supports a wide range of subnetting and future expansion. As a reference, a /16 provides 65,536 IP addresses, but this is typically larger than needed unless you expect significant scale. Picking a CIDR block that’s too small can require a disruptive redesign later.
Subnet Sizing: For most use-cases, we recommend subnet CIDRs between /23 and /26—a /24 (256 IP addresses) is a solid default for nearly all typical workloads. This size balances address availability and helps keep your network organised. Use larger or smaller subnets only if your workload requirements specifically demand it.
Subnet Segmentation: Use separate subnets for different tiers (such as web, app, and database) or for different environments (like development, staging, and production). Segmentation improves security by isolating resources and simplifies management by organizing workloads according to function or risk profile.
CIDR Non-Overlap: Ensure subnet CIDRs don’t overlap within the same VPC. Overlapping ranges can cause routing conflicts and unpredictable network behavior, making troubleshooting more difficult and potentially causing connectivity issues between subnets.
Future Expansion: Reserve CIDR space for additional subnets as your infrastructure grows. Planning ahead allows you to add new subnets for features, new teams, or increased capacity—without having to rework your network or disrupt existing services.

Next Steps

After creating your VPC and subnet, you can:

Configure Security Groups to control network access
Set up NAT Gateways for outbound internet access
Create Route Tables to manage traffic routing
Deploy Virtual Machines in your subnet

References

VPCs Documentation — Understanding VPCs in Thalassa Cloud
Subnets Documentation — Understanding subnets in Thalassa Cloud
tcloud CLI Reference — CLI commands for VPC management
tcloud CLI Reference — CLI commands for subnet management