Network Considerations

Trusst AI has carefully designed its networking requirements to ensure minimal address space utilisation while supporting the application and associated services.

This document outlines the Virtual Private Cloud (VPC) networking requirements for deploying Trusst AI’s platform in a customer’s AWS environment. Customers can choose between adopting the default networking setup or providing specific network details to align with their architecture.

The configurations outlined in this document represent the minimum requirements for deploying Trusst AI’s platform. These requirements cannot be reduced to smaller subnets.
Trusst AI does not require inter-VPC communication with existing customer networks.
Any connectivity to services within Trusst AI’s VPC must utilise AWS PrivateLink (VPC Endpoints) for supported services. Refer to AWS documentation for more details.
Customers may specify IP addressing for the first two octets of the CIDR blocks but cannot alter the third octet or specify host-level addressing.

Default Network Configuration

The default configuration uses a /22 VPC CIDR block, which is subdivided into various public and private subnets. Below is the breakdown of the default IP addressing:

The VPC CIDR subnet is a /22 which is then broken up for various Public and Private subnets. The below is an example of the IP Addressing which is used when deployed by Trusst AI.

Network Address

Usable Host Range

Broadcast Address

10.50.0.0

10.50.0.1 - 10.50.3.254

10.50.3.255

Private Subnets (each /24)

Network Address

Usable Host Range

Broadcast Address

Availability Zone

10.50.1.0

10.50.1.1 - 10.50.1.254

10.50.1.255

AZ1

10.50.2.0

10.50.2.1 - 10.50.2.254

10.50.2.255

AZ2

10.50.3.0

10.50.3.1 - 10.50.3.254

10.50.3.255

AZ3

Public Subnets (each /26)

Network Address

Usable Host Range

Broadcast Address

Availability Zone

10.50.0.0

10.50.0.1 - 10.50.0.62

10.50.0.63

AZ1

10.50.0.64

10.50.0.65 - 10.50.0.126

10.50.0.127

AZ2

10.50.0.128

10.50.0.129 - 10.50.0.190

10.50.0.191

AZ3

Gateway Interfaces – Reserved

Network Address

Usable Host Range

Broadcast Address

Allocated to

10.50.0.192

10.50.0.193 - 10.50.0.254

10.50.0.255

NAT Gateways

Default Network Architecture

Customer Decision Framework

Customers should review their current network architecture and determine whether it can accommodate the default configuration or if adjustments are needed. Key considerations include:

CIDR Block Compatibility:

Ensure that the default CIDR blocks (listed above) do not overlap with your existing address space.

Subnets and Address Allocation:

Confirm that the division of private and public subnets aligns with your organisation’s security and routing policies.

NAT Gateway Configuration:

Verify whether the reserved gateway IP addresses align with your existing setup or if custom configurations are required.

Custom Networking Requirements?

If your network architecture isn’t suitable for the default CIDR ranges or has specific constraints, you can provide the required CIDR details for deployment. These details will be incorporated into our deployment pipelines to ensure compliance with your organisation’s architecture.

Custom CIDR Submission

Please include:

VPC CIDR block.
Subnet allocations for each availability zone.
Reserved IP ranges for gateway interfaces.

This document is intended to provide sufficient information for customers to assess their compatibility with Trusst AI’s networking defaults. If you require assistance, please contact the Trusst AI team to discuss how we can adapt this approach to meet your requirements.

PreviousTrusst AI Architecture NextData Security

Last updated 8 months ago