Saturday, June 24, 2017

AWS : VPC : Creating a VPC with Public & Pvt Subnet (By Wizard)

From Wizard
Recently VPC started supports ipv6.

Note for ""
These are RFC1918 addresses … they are not publically routable on internet … in layman’s term … any router that sees addresses of type 10.0.x.x will drop the packets … for the sake of analogy it's like delivering internal company emails via national postal services

For NAT : you can use either (1) Gateway or (2) Instance

Hardware Tenancy : default ( shared no cost ) dedicated ( we pay for cost )

CIDR : is a range of ip address. Note the Private and Public ip address need to be within the range of decided range... else will get error

Where ip address divided into 2 parts .... network & host. will mean

CIDR is really important when we try to connect VPC to one another. Obviously as there should be no clashing of IP Address.

How to identify a public subnet ?
It will always have an internet gateway

What above ‘route table’ means is …
1.    Any traffic destined for 10.0.x.y ip ( where x & y can be anything from 2 to 254 ) will be sent locally
2.    Rest of the traffic will be sent to igw.
3.    Rest of the traffic may also be sent to NAT box. (for instance, to be publicly available means you need both an elastic ip as well as a routing table that directs non-local traffic to the internet gateway … if you have only elastic ip then not publically available)
4.    Imp Note : a subnet is always attached to one and only one routing table.
5.    By looking at route table you can tell whether its public subnet or pvt subnet … if public then igw is used if pvt then NAT is used for

For Private Subnet

Role of Internet Gateway

Each instance has a private ip address and the IGW maps it to a public address.

Auto Assign Public ip address

If we keep auto assign public ip as yes : then every instance launched will get public ip address ( remember its VPC wide setting ) I can even assign my private subnet to have auto assign public IP even if do that … it doesn’t become public subnet.

Network Access Control List : NACL

VPC has a network , Access Control List : we can make inbound and outbound allow / deny rules.

No comments: