M5: Networking Flashcards

Module 5

1
Q

IP address format

A

IPv4 4 chunks in 8 bit octal, 0-255, 32 bit

IPv6 8 groups of 4 letters and numbers (16 bits each, : separators), 128 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Classless inter-domain routing

A

IP address, /, how many prefix numbers are fixed

/32 fixed IP address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Open systems interconnection, OSI

A

Conceptual model explaining how data travels over network. 7 layers.
L2: data link layer, hubs and switches
L3: network layer, routers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

VPC

A
  1. Logically isolated from other virtual networks
  2. Single AWS region
  3. Can span multiple availability zones
  4. Can divide into multiple subnets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Subnet

A
  1. Belong to single availability zone
  2. Can create multiple in different availability zones for high availability
  3. Public or private
  4. CIDR block of subnet subset of VPC’s
  5. CIDR cannot overlap with another subnet
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IPv4 range

A

/16 (65536 addresses) to /28 (16 addresses)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Reserved CIDR addresses

A

First 5:

  1. Network address
  2. VPC local router
  3. DNS resolution
  4. Future use
  5. Network broadcast address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Elastic IP address vs public IP address

A

Remap address to another instance on VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Elastic network interface

A

Can be attached to another instance, but can’t be the primary one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Route table

A
  1. Controls traffic for a subnet
  2. Have a built in local route, cannot be deleted
  3. Can add additional routes
  4. Destination and target; destination is the CIDR block
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Intenet gateway

A

Scalable, redundant, highly available VPC component
Communication between VPC and Internet
1. Target in route table
2. Network address translation for instances with public IP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

To make subnet public

A

Attach internet gateway

Add route for non local traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

VPC sharing

A

Can make application resources into shared, centrally managed VPCs. Benefits:

  1. Separation of duties: centrally controlled VPC structure, routing, IP address allocation
  2. Ownership: continue to own resources
  3. Security groups: an reference security groups in other VPCs
  4. Efficiencies: higher density in subnets, efficient use of VPNs and ĄWS direct connect
  5. No hard limits: combined
  6. Optimised costs: reuse Nat Gateways, endpoints
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

VPC peering

A

Networking connection that allows routing if traffic privately. Can even go to VPC in different region. Restrictions:

  1. IP address ranges cannot overlap
  2. Can’t transitive peer
  3. Only one peering resource between two VPCs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

To connect VPC to remote network (VPN)

A
  1. Create and attach VPN gateway to VPC
  2. Configuration of VPN device or customer gateway.
  3. Custom route table & security group rules.
  4. Establish AWS site to site VPN connection
  5. Config routing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

AWS direct connect

A

To overcome network performance issues, DX enables you to establish a dedicated, private network connection between your network and one of the DX locations. VLAN.

17
Q

VPC endpoints

A

Interface VPC endpoint: enables you to connect to services powered by AWS PrivateLink, charged for creating and using, hourly and per data
Gateway endpoint: no charge

18
Q

AWS Transit Gateway

A

Create and manage a single connection from central gateway to each VPC, rather than point to point

19
Q

Differences between security groups and ACLs

A
  1. Security groups at network level, ACLs at subnet level
  2. Security groups allow rules only, ACLs allow and deny
  3. Security groups are stateful, ACLs stateless
  4. For security groups all rules are evaluated before decision made to allow traffic, for ACLs rules are evaluated in number order
20
Q

Security group

A

Controls inbound and outbound traffic to instance
Stateful: state information kept after request processed. Ie response traffic is allowed to flow in regardless of inbound security group rules

21
Q

ACL

A

Each subnet must be associated with a network ACL, default will be used in absence - allowing all inbound and outbound traffic
Stateless
Max rule 32,766

22
Q

Amazon Route 53 routing policies

A

Simple routing: single resource, web server
Weighted routing: multiple resources in proportion, A/B testing
Latency routing: routes customers to the fastest endpoint to reduce latency
Geolocation routing: based on location of users, content in language
Geoproximity routing: route traffic based on location of resources
Failover routing: active - passive failover, can use health checks
Multivalue answer routing: returns up to 8 healthy records selected at random

23
Q

Advantages of multi region deployment of route 53

A

Directed to the elastic load balancing load balancer closest to the user

24
Q

Amazon Route 53 to ensure high availability

A
  1. Create two DNS records for CNAME www with failover routing. Primary points to load balancer for Web application, secondary to static S3 website.
  2. Use Route 53 health checks to ensure primary is running.
25
Q

Amazon CloudFront

A

Content delivery network service

Improve network performance if many hops

26
Q

Content delivery network

A

Globally distributed system of caching servers

Delivers a local copy from a cache edge or point of presence

27
Q

Amazon CloudFront

A
Fast and global
Security at the edge
Highly programmable
Deeply integrated with AWS
Cost effective
Delivers data, videos, allocating and APIs over a global infrastructure with low latency and high transfer speeds
28
Q

Amazon CloudFront charges

A

Data transfer out
HTTP(S) requests
Invalidation requests
Dedicated IP custom secure sockets layer