Networking Flashcards
What are the different types of virtual networking cards you can attach to your EC2 instance?
Elastic network interface (ENI), Enhanced Networking (EN), and Elastic Fabric Adapter (EFA)
What is the most common type of networking card?
Elastic network interface
What networking card uses single root I/O virtualization to provide high performance?
Elastic networking
what networking card accelerates high performance computing and machine learning applications?
Elastic fabric adapter
what networking card is put on an EC2 instance by default?
ENI
What can a VPC be thought of as?
A virtual data center in the cloud
What are the three tiers of a VPC?
Web (public facing subnet), application (private subnet that can only speak to web tier and database tier), database (private subnet that can only speak to application tier)
How many AZ can a subnet be in?
One
What is a NAT gateway?
A network address translation gateway is used to enable instances in a private subnet to connect to the internet or other AWS services while preventing the internet from initiating a connection with those instances
Are NAT gateways redundant within an AZ?
Yes
What is the Gbps range for a NAT gateway?
5 to 45 gbps
How often do YOU have to patch NAT gateways?
Never, Amazon does it
How do you create a NAT gateway’s public IP address?
You don’t have to, one is automatically assigned
What is a VPC endpoint?
Enables you to privately connect your VPC to supported AWS services and VPC endpoint services without requiring an internet gateway, NAT device, VPN connection, or AWS direct connect connection
How often does traffic between VPC endpoints leave the Amazon network?
Never
What kind of public IP address does VPC endpoints require?
No public IP addresses
What are the two types of endpoints?
Interface endpoints and gateway endpoints
What is an interface endpoint?
An elastic network interface with a private IP address that serves as an entry point for traffic headed to a supported service
What is a gateway endpoint?
A virtual device you provision that supports connections to S3 and DynamoDB
When you want to connect AWS services without leaving the AWS network, what should you use?
VPC endpoints
What is an intranet?
A network of computers designed for a certain group of users
What is VPC peering?
Allows you to connect VPC’s via a direct network route
How does VPC peering connect VPC’s?
Private IP addresses
Can you VPC peer between regions? Accounts?
Yes and yes
Is VPC peering the same as transitive peering?
No
What options are there to open our applications in a VPC to another VPC?
You can open it up to the internet, use VPC peering, or PrivateLink
What must the service VPC have to use PrivateLink?
A NLB
What must the customer VPC have to use PrivateLink?
An ENI
What is direct connect?
A cloud service solution that makes it easy to establish a direct network connection from your premises to AWS
What are the two types of direct connect connections?
Dedicated connections and hosted connections
What is AWS Transit Gateway?
Connects VPC’s and on premises networks through a central hub. this simplifies your network and puts an end to complex peering relationships.It acts as a cloud router each new connection is only made once
What is AWS Transit Gateway?
Connects VPC’s and on premises networks through a central hub. this simplifies your network and puts an end to complex peering relationships.It acts as a cloud router each new connection is only made once
What AWS service allows transitive peering?
AWS Transit Gateway
How can you limit how VPC’s talk to each other with Transit Gateway
route tables
What AWS service supports IP multicast?
Transit Gateway
What is AWS wavelength?
Embeds AWS compute and storage services within 5g networks
What is AWS wavelength?
Embeds AWS compute and storage services within 5g networks
At what geographical level is NAT gateway redundant at?
AZ
What is the IPv4 CIDR block of the default VPC?
172.31.0.0/16
What is the purpose of NAT gateways?
to forward traffic from your private subnets to services outside your VPC
When would you use transit gateway over VPC peering?
You have too many VPC’s to reasonably peer together
What is DNS?
DNS is used to convert human friendly domain names into IP addresses
What does DNS stand for?
domain name system
Where can you find the top level domain name in a URL?
the last phrase
Where can you find the second level domain name?
the second phrase separated by periods.
Who controls the top level domains?
Internet assigned numbers authority (IANA)
What do NS records do?
Used by top level domain servers to direct traffic to the content DNS server that contains the authoritative DNS records
What does SOA stand for?
start of authority
What is an A record?
Address Record is the fundamental type of DNS record that is used by computers to translate the name of the domain to an IP address
What is a TTL?
a time to live is the length that a DNS record is cached on either the resolving server or the user’s own local PC measured in seconds
What does a lower TTL mean?
the changes to DNS records propagate faster throughout the internet
What is a CNAME?
a canonical name can be used to map one domain name to another.
Give an example of a CNAME
http://mobile.acloud.guru goes to http://acloud.guru
Can a CNAME be used for naked domain names?
No
Can Alias records be used for naked domain names?
Yes
What is route 53?
Route 53 is Amazon’s DNS service
What is an alias record?
A way to map domain names to a each other
What are 4 common DNS record types?
SOA records, CNAME records, NS records, A records
What are 4 common DNS record types?
SOA records, CNAME records, NS records, A records
What does a simple routing policy do?
It has one record for multiple IP addresses. If multiple values are in record, route 53 returns all values in a random order
What does a weighted routing policy do?
Allows you split your traffic based on weights assigned to destinations
If a record fails a health check, what happens?
Removed from route 53 until it passes health check
How can you get alerted of a failed health record check?
SNS notifications
When would you use a failover routing policy?
When you want to create an active passive set up
What does geolocation routing do?
Geolocation let’s you choose where your traffic will be sent based on the geographic location of your users
What does route 53 traffic flow do?
Allows you to build routing system that uses a combination of geographic location, latency, and availability to route traffic
What is required to use geoproximity routing?
A traffic flow routing policy
What does geoproximity routing do?
Allows you to route traffic to your resources based on geographic location of your users and your resources
What is a latency routing policy?
Allows you to route traffic based on lowest network latency for end user
What is a multi value answer routing policy?
Route 53 only returns values for healthy resources
What is ELB?
Elastic load balancing automatically distributed incoming traffic across multiple targets
What are the three types of load balancers?
Application load balancer, network load balancer, classic load balancer
What type of load balancer scan be configured with health checks?
All types
Does an ELB automatically stop sending requests to an unhealthy instance?
Yes
What does it mean to be a layer 7 load balancer?
It operates at the 7 the layer of the open systems interconnection model: the application level
What does each rule regarding an ELB contain?
Each rule consists of a priority, at least one action, and at least one condition
What are the two kinds of listener an application load balancer supports?
Http and https
What is a listener?
A listener checks for connection requests from clients using the protocol and port you configure in your ELB
What layers of the OSI model does the network load balancer operate at?
The fourth layer: transport layer
What type of load balancer offers the highest performance?
Network load balancer
How does network load balancers use intelligent routing?
They cannot do intelligence based routing because they have no rules
What are target groups?
Target groups route requests to one or more registered targets
What are network load balancers best suited for?
Load balancing of TCP traffic
What does TCP stand for?
Transmission Control Protocol
Can network load balancers decrypt traffic?
Yes
What error means that a gateway has timed out?
A 504 error
If you need the iPv4 address of end user, what should you look for?
The X-forwarded-for header
What are sticky sessions?
Binds a user’s session to a specific EC2 instance
What is deregistration delay?
Allows load balancers to keep existing connections open if the EC2 instances are deregistered or become unhealthy
If you want to complete inflight requests made to an unhealthy or deregistered instance, what should you use?
Deregistration delay
