Networking & Content Delivery Flashcards
IP Addresses
IPv4 - 32 bit, four groups of numbers 0-255
IPv6 - 128 bit, 8 groups of numbers/letters
CIDR
Classless Inter-Domain Routing
CIDR block is a range of IP addresses
- VPC Max IPv4 CIDR is /16 (65k addresses)
- VPC Min IPv4 CIDR is /28 (16 addresses)
- CIDR blocks can’t overlap
OSI Model
Open Systems Interconnection Model
- Physical - raw bitstreams over physical medium - signals
- Data Link - data in same LAN network (hubs/switches) - MAC
- Network - routing and packet forwarding (routers) - IP
- Transport - host-to-host communications - TCP, UDP
- Session - orderly exchange of data - NetBIOS, RPC
- Presentation - ensures application layer can read / encryption - ASCI, ICA
- Application - application access to computer network - HTTP(s), FTP, DHCP, LDAP
Amazon VPC
- Logically isolated of AWS cloud, other VPCs
- Dedicated to your AWS account
- Single AWS Region
- Provides Virtual Network dedicated to your AWS Account
Subnets
- Range of IP addresses that divide a VPC
- Single AZ
- Public or Private
Reserved IP Addresses
- 0.0.0 - Network Address
- 0.0.1 - Internal Communication
- 0.0.2 - Domain Name System (DNS) Resolution
- 0.0.3 - Future Use
- 0.0.255 - Network broadcast address
Public IP Address Types
Public IPv4: manually assigned through elastic IP address
automatically assigned through subnet settings
Elastic IP Address: associated to an AWS account, allotted/remapped anytime, additional costs
Elastic Network Interface
- virtual network interface that you can attach or detach from an instance
- Attributes follow when attached to new instance
- each VPC has default network interface
Route Tables
- Configurable rules to direct network traffic from subnet
- route is destination and target
- default local route within vpc
- each subnet must have a route table
Make Subnet Public
- Attach an internet gateway
- add route entry into route table
NAT Gateway
Network Address Translation
- Enable instances in private subnet to connect to internet or other AWS services
- Prevents public internet from initiating connection with instances
- Needs elastic IP
VPC Peering
- enables privately route traffic between two VPC
- As if they are on the same network
- Could be in different account or region
- Only two VPCs
- IP spaces cannot overlapd
VPC Sharing
- Enables multiple AWS accounts to share subnets
- Same organization
AWS Site-to-Site VPN
AWS Direct Connect
- Intended to address network performance
- data center far from region
- dedicated connection between aws DC location
- Virtual LAN
VPC Endpoints
- Virtual device that allows connection of VPC to AWS serrvices (e.g. S3, DynamoDP)
- Data stays in AWS network
- AWS Private Link
AWS Transit Gateway
For connecting many VPCs, and on-prem networks
Security Groups
- Virtual firewall at Instance Level that controls traffic
- Default: Inbound Traffic sealed shut
- Rules: manage instance Traffic
- SGs are Stateful: outbound traffic always allowed.
Network ACLs
- Acts at Subnet Level
- Controls traffic in/out of subnet
- needs to be associated to 1+ subnets
- Each subnet can only have one ACL
- Default allows all in/out IPv4 traffic
- ACLs are stateless
Stateful/Stateless
Stateful = retains information on past transactions and modifies behavior based on that information
Stateless = does not retain information on past transactions (each is first)
Route 53
- Domain Name System (DNS) Resolution
- IPv4 and IPv6
- Various Routing Types (simple, weighted, latency, geolocation, failover, multivalue answer)
Route 53 Routing Options
Amazon CloudFront
- Reduces distance between user and content location
- Global content deliver network (CDN)
- Uses Route53 gelocation routing
- Edge locations distributed globally, stores periodically refreshed data closer to users
EC2 Security Groups vs ACLs
