M5: Networking Flashcards
Module 5
IP address format
IPv4 4 chunks in 8 bit octal, 0-255, 32 bit
IPv6 8 groups of 4 letters and numbers (16 bits each, : separators), 128 bits
Classless inter-domain routing
IP address, /, how many prefix numbers are fixed
/32 fixed IP address
Open systems interconnection, OSI
Conceptual model explaining how data travels over network. 7 layers.
L2: data link layer, hubs and switches
L3: network layer, routers
VPC
- Logically isolated from other virtual networks
- Single AWS region
- Can span multiple availability zones
- Can divide into multiple subnets
Subnet
- Belong to single availability zone
- Can create multiple in different availability zones for high availability
- Public or private
- CIDR block of subnet subset of VPC’s
- CIDR cannot overlap with another subnet
IPv4 range
/16 (65536 addresses) to /28 (16 addresses)
Reserved CIDR addresses
First 5:
- Network address
- VPC local router
- DNS resolution
- Future use
- Network broadcast address
Elastic IP address vs public IP address
Remap address to another instance on VPC
Elastic network interface
Can be attached to another instance, but can’t be the primary one
Route table
- Controls traffic for a subnet
- Have a built in local route, cannot be deleted
- Can add additional routes
- Destination and target; destination is the CIDR block
Intenet gateway
Scalable, redundant, highly available VPC component
Communication between VPC and Internet
1. Target in route table
2. Network address translation for instances with public IP
To make subnet public
Attach internet gateway
Add route for non local traffic
VPC sharing
Can make application resources into shared, centrally managed VPCs. Benefits:
- Separation of duties: centrally controlled VPC structure, routing, IP address allocation
- Ownership: continue to own resources
- Security groups: an reference security groups in other VPCs
- Efficiencies: higher density in subnets, efficient use of VPNs and ĄWS direct connect
- No hard limits: combined
- Optimised costs: reuse Nat Gateways, endpoints
VPC peering
Networking connection that allows routing if traffic privately. Can even go to VPC in different region. Restrictions:
- IP address ranges cannot overlap
- Can’t transitive peer
- Only one peering resource between two VPCs
To connect VPC to remote network (VPN)
- Create and attach VPN gateway to VPC
- Configuration of VPN device or customer gateway.
- Custom route table & security group rules.
- Establish AWS site to site VPN connection
- Config routing