M5: Networking

Question 1

IP address format

Answer 1

IPv4 4 chunks in 8 bit octal, 0-255, 32 bit

IPv6 8 groups of 4 letters and numbers (16 bits each, : separators), 128 bits

Question 2

Classless inter-domain routing

Answer 2

IP address, /, how many prefix numbers are fixed

/32 fixed IP address

Question 3

Open systems interconnection, OSI

Answer 3

Conceptual model explaining how data travels over network. 7 layers.
L2: data link layer, hubs and switches
L3: network layer, routers

Question 4

VPC

Answer 4

1. Logically isolated from other virtual networks
2. Single AWS region
3. Can span multiple availability zones
4. Can divide into multiple subnets

Question 5

Subnet

Answer 5

1. Belong to single availability zone
2. Can create multiple in different availability zones for high availability
3. Public or private
4. CIDR block of subnet subset of VPC’s
5. CIDR cannot overlap with another subnet

Question 6

IPv4 range

Answer 6

/16 (65536 addresses) to /28 (16 addresses)

Question 7

Reserved CIDR addresses

Answer 7

First 5:

1. Network address
2. VPC local router
3. DNS resolution
4. Future use
5. Network broadcast address

Question 8

Elastic IP address vs public IP address

Answer 8

Remap address to another instance on VPC

Question 9

Elastic network interface

Answer 9

Can be attached to another instance, but can’t be the primary one

Question 10

Route table

Answer 10

1. Controls traffic for a subnet
2. Have a built in local route, cannot be deleted
3. Can add additional routes
4. Destination and target; destination is the CIDR block

Question 11

Intenet gateway

Answer 11

Scalable, redundant, highly available VPC component
Communication between VPC and Internet
1. Target in route table
2. Network address translation for instances with public IP

Question 12

To make subnet public

Answer 12

Attach internet gateway

Add route for non local traffic

Question 13

VPC sharing

Answer 13

Can make application resources into shared, centrally managed VPCs. Benefits:

1. Separation of duties: centrally controlled VPC structure, routing, IP address allocation
2. Ownership: continue to own resources
3. Security groups: an reference security groups in other VPCs
4. Efficiencies: higher density in subnets, efficient use of VPNs and ĄWS direct connect
5. No hard limits: combined
6. Optimised costs: reuse Nat Gateways, endpoints

Question 14

VPC peering

Answer 14

Networking connection that allows routing if traffic privately. Can even go to VPC in different region. Restrictions:

1. IP address ranges cannot overlap
2. Can’t transitive peer
3. Only one peering resource between two VPCs

Question 15

To connect VPC to remote network (VPN)

Answer 15

1. Create and attach VPN gateway to VPC
2. Configuration of VPN device or customer gateway.
3. Custom route table & security group rules.
4. Establish AWS site to site VPN connection
5. Config routing

Question 16

AWS direct connect

Answer 16

To overcome network performance issues, DX enables you to establish a dedicated, private network connection between your network and one of the DX locations. VLAN.

Question 17

VPC endpoints

Answer 17

Interface VPC endpoint: enables you to connect to services powered by AWS PrivateLink, charged for creating and using, hourly and per data
Gateway endpoint: no charge

Question 18

AWS Transit Gateway

Answer 18

Create and manage a single connection from central gateway to each VPC, rather than point to point

Question 19

Differences between security groups and ACLs

Answer 19

1. Security groups at network level, ACLs at subnet level
2. Security groups allow rules only, ACLs allow and deny
3. Security groups are stateful, ACLs stateless
4. For security groups all rules are evaluated before decision made to allow traffic, for ACLs rules are evaluated in number order

Question 20

Security group

Answer 20

Controls inbound and outbound traffic to instance
Stateful: state information kept after request processed. Ie response traffic is allowed to flow in regardless of inbound security group rules

Question 21

ACL

Answer 21

Each subnet must be associated with a network ACL, default will be used in absence - allowing all inbound and outbound traffic
Stateless
Max rule 32,766

Question 22

Amazon Route 53 routing policies

Answer 22

Simple routing: single resource, web server
Weighted routing: multiple resources in proportion, A/B testing
Latency routing: routes customers to the fastest endpoint to reduce latency
Geolocation routing: based on location of users, content in language
Geoproximity routing: route traffic based on location of resources
Failover routing: active - passive failover, can use health checks
Multivalue answer routing: returns up to 8 healthy records selected at random

Question 23

Advantages of multi region deployment of route 53

Answer 23

Directed to the elastic load balancing load balancer closest to the user

Question 24

Amazon Route 53 to ensure high availability

Answer 24

1. Create two DNS records for CNAME www with failover routing. Primary points to load balancer for Web application, secondary to static S3 website.
2. Use Route 53 health checks to ensure primary is running.

Question 25

Amazon CloudFront

Answer 25

Content delivery network service

Improve network performance if many hops

Question 26

Content delivery network

Answer 26

Globally distributed system of caching servers

Delivers a local copy from a cache edge or point of presence

Question 27

Amazon CloudFront

Answer 27

Fast and global
Security at the edge
Highly programmable
Deeply integrated with AWS
Cost effective
Delivers data, videos, allocating and APIs over a global infrastructure with low latency and high transfer speeds

Question 28

Amazon CloudFront charges

Answer 28

Data transfer out
HTTP(S) requests
Invalidation requests
Dedicated IP custom secure sockets layer