Networking Flashcards
What does CIDR stand for?
Classless Inter-Domain Routing
What does a /32 in a CIDR range represent? (198.123.0.0/32)
A single IP address
What does a /0 in a CIDR range represent? (0.0.0.0/0)
All IPs
What are the 2 components of a CIDR?
- A base IP xx.xx.xx
- A subnet mask /26
What are the 9 steps to create a VPC?
Create VPC Create subnets Add Internet Gateway Attach Internet Gateway to VPC Create new Route Table Add new route for internet access Update Subnet Association Auto Assign IP addresses Launch instances
How do you calculate the total number of IP addresses of a given CIDR Block
Subtract the mask number from 32, then raise 2 to the power of the result:
/27 = 32 - 27 = 5
2^5 = 32
What does IANA stand for?
Internet Assigned Numbers Authority
What are the 3 kinds of private IPs you can have?
- 10.0.0.0 for big networks
- 172.16.0.0 for default AWS
- 192.0.0.0 for home networks
If you need 29 IP addresses, what Subnet/CIDR range do you choose?
/26 as this is 2^6 = 64 because AWS reserves 5 IPs
How many Internet Gateways per VPC can you have?
1
What are 4 basic steps to set up a Nat Instance?
- Must be launched in a public subnet
- Must disable EC2 Source / Destination check
- Must have an Elastic IP attached to it
- Route table must be configured to route traffic from private subnet to Nat Instance
Given a choice between a Nat Instance and a Nat Gateway, which would you choose?
Nat Gateway
For DNS Resolution in VPC, what does the enableDnsSupport setting do?
Helps decide if DNS resolution is supported for the VPC
For DNS Resolution in VPC, what does the enableDnsHostName setting do?
Assigns a public hostname to the instance if enableDnsSupport is true and if it has a public IP
At what level do security groups operate at?
Instance level
At what level do ACLs operate at?
subnet level
What is the default setting for the default Network ACL?
Allows all inbound/outbound traffic
What is the default setting for a custom Network ACL?
All inbound/outbound traffic is denied
Can Network ACLs span AZs?
Yes
What does a security group do?
Defines what protocols are allowed communicate with the resources behind it
How many subnets in an availability zone
One subnet per AZ
What is a subnet?
A CIDR address range - equates to one availability zone
What are 3 acceptable sources for a security group?
Specific IP
CIDR block
Another Security Group id
How are security group rules evaluated?
All rules are evaluated before deciding what traffic to allow.
How are NACL rules evaluated?
Rules are processed in number order when deciding what traffic to allow.
What is VPC peering?
Allows you to connect VPCs using private IPs
What conditions apply to use VPC peering?
No matching CIDR block
Must be in same region
No transitive peering
How many VPCs per region can you have?
5
What is a VPC endpoint?
Allows you to connect to AWS services in a private network instead of using Internet
What is an ENI?
Private IP address
If you have VPC issues, what 2 things should you check?
- Check DNS resolution setting in VPC
- Check Route Table
What 2 services use Gateway VPC Endpoints?
- S3
- DynamoDB
What type of VPC endpoint does most services use?
Interface VPC Endpoint
What 2 things should you do if you want to enable Private DNS Name for an Interface VPC Endpoint?
- EnableDnsHostnames
- EnableDnsSupport
How do you analyze VPC flow logs?
Athena