Basic Network and AWS VPC
IP Address Format: The 32-bit IP address is grouped 8 bits at a time, each group of 8 bits is an octet. Each of the four octets are separated by a dot, and represented in decimal format .
The following figure shows the basic format of a typical IP address: Example IP 172.16.122.204
IP Address is broken up into 2 parts:
- Network IDs
- Must be unique to the network.
- It cannot start with
127
, this is reserved with IP loopback, or localhosts.
- Host ID
- Must always be unique per machine for the network.
- Basically in some form of a classification, the last digits are always unique to your machine.
The class of address can be easily determined by examining the first octet of the address, and mapping that value to a class range in the table
The network mask defines which bits out of the 32 bit of the address are defined as the network portion and which are the host portion.
Class A address has the first octet as the network portion and the remaining 3 octets as the host portion. Therefore, a Class A network mask is defined as 255.0.0.0.
Class B address has the first and second octets as the network portion and the third and fourth octets as the host portion. A Class B network mask is shown as 255.255.0.0.
Class C address has the first, second, and third octet as the network portion and the last octet as the host portion. A Class C network mask is shown as 255.255.255.0.
The following figure summarizes the network and host portion of each address class:
Class A address has the first octet as the network portion and the remaining 3 octets as the host portion. Therefore, a Class A network mask is defined as 255.0.0.0.
Class B address has the first and second octets as the network portion and the third and fourth octets as the host portion. A Class B network mask is shown as 255.255.0.0.
Class C address has the first, second, and third octet as the network portion and the last octet as the host portion. A Class C network mask is shown as 255.255.255.0.
The following figure summarizes the network and host portion of each address class:
http://cidr.xyz
Since now Basic networking is out of the way lets Understand VPC and some high level details on what it comprises of.
VPC : You can think of VPC as Virtual Data-center in the cloud. A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. You can configure your VPC by modifying its IP address range, create subnets, configure route tables, network gateways, and security settings.
VPC : You can think of VPC as Virtual Data-center in the cloud. A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. You can launch your AWS resources, such as Amazon EC2 instances, into your VPC. You can configure your VPC by modifying its IP address range, create subnets, configure route tables, network gateways, and security settings.
Below figure shows VPC with Public and private subnet, it also has Nat Gateway configured for private instances to talk to the internet. Also private instances has S3 endpoint specified for them to put and get objects from S3.
A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. Use a public subnet for resources that must be connected to the internet, and a private subnet for resources that won't be connected to the internet.
Security Group
which EC2 and VPC offer is the first layer of defense. The Network ACL
is a second layer of defense.
Below is a quick walk through of setting up VPC in AWS
1. a) In aws console look for VPC and click on it.
Our objective is to setup VPC with Public and Pvt subnet in different Availability zone.
1. b) Click on create VPC and fill in required details to create AbizerVPC.
2) Now create subnets .
Subnet 1 and associate it with AbizerVPC and then click create.
Subnet 2
Currently we at below stage as shown in figure.
3) Now go on Internet G/W tab and lets spin up G/W .
Once the G/W is created it needs to be attached to the VPC.
Now we can see igw-9dabd5fb is attached to the VPC .
4 ) Now create Routes :
Now click on the route tables to create new route table which will be attached to our VPC for route to internet.
Now creating route table " AbizerRouteOut " associated to VPC which was created .
Once the Route is created we should see the route table in the summary tab as below.
Under routes you would now see only one local route active.
We will edit and add another route , This is really Internet-Gateway route .
Now for public subnet we will have to modify the subnet's route table to AbizerRouteOut , This route table has Internet G/W hence the instances spinning up in this subnet will have internet access.
Once saved you should see below where private subnet has default route ( No access to internet ) while the public subnet has custom route table (has access to internet) .
Finally in preparation for spinning up EC2 instances we will modify subnet settings to auto-assign IP's .
Finally we should see below properties for 2 subnets we just created.
Bingo!!! We have setup VPC from scratch with 2 subnets one private and public ready for EC2 instances to launched.
Note : - Private instances cannot be pinged from outside or they won't be able to reach the world hence they will either need NAT instance configured on public subnet or even better NAT G/W to send/receive traffic to/from internet.
1. a) In aws console look for VPC and click on it.
Our objective is to setup VPC with Public and Pvt subnet in different Availability zone.
1. b) Click on create VPC and fill in required details to create AbizerVPC.
2) Now create subnets .
Subnet 1 and associate it with AbizerVPC and then click create.
Subnet 2
Currently we at below stage as shown in figure.
3) Now go on Internet G/W tab and lets spin up G/W .
Once the G/W is created it needs to be attached to the VPC.
Now we can see igw-9dabd5fb is attached to the VPC .
4 ) Now create Routes :
Now click on the route tables to create new route table which will be attached to our VPC for route to internet.
Now creating route table " AbizerRouteOut " associated to VPC which was created .
Once the Route is created we should see the route table in the summary tab as below.
Under routes you would now see only one local route active.
We will edit and add another route , This is really Internet-Gateway route .
Now for public subnet we will have to modify the subnet's route table to AbizerRouteOut , This route table has Internet G/W hence the instances spinning up in this subnet will have internet access.
Once saved you should see below where private subnet has default route ( No access to internet ) while the public subnet has custom route table (has access to internet) .
Finally in preparation for spinning up EC2 instances we will modify subnet settings to auto-assign IP's .
Finally we should see below properties for 2 subnets we just created.
Bingo!!! We have setup VPC from scratch with 2 subnets one private and public ready for EC2 instances to launched.
Note : - Private instances cannot be pinged from outside or they won't be able to reach the world hence they will either need NAT instance configured on public subnet or even better NAT G/W to send/receive traffic to/from internet.
No comments:
Post a Comment