From Wizard
Recently VPC started supports ipv6.
Note for "10.0.0.0/16"
These are RFC1918 addresses … they are not publically routable on internet … in layman’s term … any router that sees addresses of type 10.0.x.x will drop the packets … for the sake of analogy it's like delivering internal company emails via national postal services
For NAT : you can use either (1) Gateway or (2) Instance
CIDR : is a range of ip address. Note the Private and Public ip address need to be within the range of decided range... else will get error
Where ip address divided into 2 parts .... network & host. 192.168.10.0/8 will mean
How to identify a public subnet ?
It will always have an internet gateway
For Private Subnet
Role of Internet Gateway
Each instance has a private ip address and the IGW maps it to a public address.
Auto Assign Public ip address
Network Access Control List : NACL
Recently VPC started supports ipv6.
Note for "10.0.0.0/16"
These are RFC1918 addresses … they are not publically routable on internet … in layman’s term … any router that sees addresses of type 10.0.x.x will drop the packets … for the sake of analogy it's like delivering internal company emails via national postal services
For NAT : you can use either (1) Gateway or (2) Instance
Hardware Tenancy : default (
shared no cost ) dedicated ( we pay for cost )
CIDR : is a range of ip address. Note the Private and Public ip address need to be within the range of decided range... else will get error
Where ip address divided into 2 parts .... network & host. 192.168.10.0/8 will mean
CIDR is really important when we try to connect VPC to one
another. Obviously as there should be no
clashing of IP Address.
How to identify a public subnet ?
It will always have an internet gateway
What above ‘route table’ means is …
1.
Any traffic destined for 10.0.x.y ip ( where x & y
can be anything from 2 to 254 ) will be sent locally
2.
Rest of the traffic will be sent to igw.
3.
Rest of the traffic may also be sent to NAT box. (for instance, to be publicly available means you need both an elastic ip as well as a routing table that
directs non-local traffic to the internet gateway … if you have only elastic ip
then not publically available)
4.
Imp Note : a subnet is always attached to one and only
one routing table.
5.
By looking at route table you can tell whether its
public subnet or pvt subnet … if public then igw is used if pvt then NAT is
used for 0.0.0.0/0
For Private Subnet
Role of Internet Gateway
Each instance has a private ip address and the IGW maps it to a public address.
Auto Assign Public ip address
If we keep auto assign public ip as yes : then every
instance launched will get public ip address ( remember its VPC wide setting )
I can even assign my private subnet to have auto assign public IP even if do
that … it doesn’t become public subnet.
Network Access Control List : NACL
VPC has a network , Access Control
List : we can make inbound and outbound allow / deny rules.
No comments:
Post a Comment