Amazon Virtual Private Cloud (VPC) | IP Addressing Flashcards
How many IPsec security associations can be established concurrently per tunnel?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
The AWS VPN service is a route-based solution, so when using a route-based configuration you will not run into SA limitations. If, however, you are using a policy-based solution you will need to limit to a single SA, as the service is a route-based solution.
What IP address ranges can I use within my VPC?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can use any IPv4 address range, including RFC 1918 or publicly routable IP ranges, for the primary CIDR block. For the secondary CIDR blocks, certain restrictions apply. Publicly routable IP blocks are only reachable via the Virtual Private Gateway and cannot be accessed over the Internet through the Internet gateway. AWS does not advertise customer-owned IP address blocks to the Internet. You can allocate an Amazon-provided IPv6 CIDR block to a VPC by calling the relevant API or via the AWS Management Console.
How do I assign IP address ranges to VPCs?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You assign a single Classless Internet Domain Routing (CIDR) IP address range as the primary CIDR block when you create a VPC and can add up to four (4) secondary CIDR blocks after creation of the VPC. Subnets within a VPC are addressed from these CIDR ranges by you. Please note that while you can create multiple VPCs with overlapping IP address ranges, doing so will prohibit you from connecting these VPCs to a common home network via the hardware VPN connection. For this reason we recommend using non-overlapping IP address ranges. You can allocate an Amazon-provided IPv6 CIDR block to your VPC.
What IP address ranges are assigned to a default VPC?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Default VPCs are assigned a CIDR range of 172.31.0.0/16. Default subnets within a default VPC are assigned /20 netblocks within the VPC CIDR range.
Can I advertise my VPC public IP address range to the Internet and route the traffic through my datacenter, via the hardware VPN, and to my VPC?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Yes, you can route traffic via the hardware VPN connection and advertise the address range from your home network.
How large of a VPC can I create?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Currently, Amazon VPC supports five (5) IP address ranges, one (1) primary and four (4) secondary for IPv4. Each of these ranges can be between /28 (in CIDR notation) and /16 in size. The IP address ranges of your VPC should not overlap with the IP address ranges of your existing network.
For IPv6, the VPC is a fixed size of /56 (in CIDR notation). A VPC can have both IPv4 and IPv6 CIDR blocks associated to it.
Can I change a VPC’s size?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Yes. You can expand your existing VPC by adding four (4) secondary IPv4 IP ranges (CIDRs) to your VPC. You can shrink your VPC by deleting the secondary CIDR blocks you have added to your VPC. You cannot however change the size of the IPv6 address range of your VPC.
How many subnets can I create per VPC?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Currently you can create 200 subnets per VPC. If you would like to create more, please submit a case at the support center.
Is there a limit on how large or small a subnet can be?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
The minimum size of a subnet is a /28 (or 14 IP addresses.) for IPv4. Subnets cannot be larger than the VPC in which they are created.
For IPv6, the subnet size is fixed to be a /64. Only one IPv6 CIDR block can be allocated to a subnet.
Can I use all the IP addresses that I assign to a subnet?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. Amazon reserves the first four (4) IP addresses and the last one (1) IP address of every subnet for IP networking purposes.
How do I assign private IP addresses to Amazon EC2 instances within a VPC?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
When you launch an Amazon EC2 instance within a VPC, you may optionally specify the primary private IP address for the instance. If you do not specify the primary private IP address, AWS automatically addresses it from the IP address range you assign to that subnet. You can assign secondary private IP addresses when you launch an instance, when you create an Elastic Network Interface, or any time after the instance has been launched or the interface has been created.
Can I change the private IP addresses of an Amazon EC2 instance while it is running and/or stopped within a VPC?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
Primary private IP addresses are retained for the instance’s or interface’s lifetime. Secondary private IP addresses can be assigned, unassigned, or moved between interfaces or instances at any time.
If an Amazon EC2 instance is stopped within a VPC, can I launch another instance with the same IP address in the same VPC?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. An IP address assigned to a running instance can only be used again by another instance once that original running instance is in a “terminated” state.
Can I assign IP addresses for multiple instances simultaneously?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
No. You can specify the IP address of one instance at a time when launching the instance.
Can I assign any IP address to an instance?
IP Addressing
Amazon Virtual Private Cloud (VPC) | Networking & Content Delivery
You can assign any IP address to your instance as long as it is:
Part of the associated subnet’s IP address range
Not reserved by Amazon for IP networking purposes
Not currently assigned to another interface
