Section 27: Networking and VPC Flashcards
What does CIDR stand for?
CIDR = Classless Inter-Domain Routing
What is CIDR?
CIDR is a method for allocating IP addresses
What are the two components of a CIDR?
1) Base IP
2) Subnet mask
What does a Subnet Mask do?
A subnet mask defines how many bits can change in the IP (like /0, /24/ /32)
What is a Base IP
A Base IP = IP contained in the range of (xx.xx.xx.xx), for example 10.0.0.0
What is a subnet?
A subnet is a range of IP addresses in your VPC.
What is the point of VPC Subnets?
You launch AWS resources into subnets
Can subnets connect to the internet?
Yes, a subnet can connect to the internet (and thus all the resources in that subnet), without connecting the VPC to the internet
How do you route traffic to and from subnets?
Using route tables
What are the 5 reserved IP addresses in each subnet?
The first 4 and last 1 IP address in each subnet is reserved by AWS
What number do subnet sizes start at?
they start at 32. For example: 10.0.0.0/32
What is a Bastion Host
Special purpose computer on a network, designed to withstand attacks by connecting a private subnet to the internet
Bastion host architecture: describe the main architectural pattern
EC2 instance (Bastion Host) sits in public subnet, receives user traffic, and then talks to EC2s in the private subnet
Important for the exam: What is the only port number for the Bastion Host traffic
Port 22
Can VPCs be public?
No, VPCs are private resources
How many addresses does subnet size of /26 get you?
64 - 5 = 59, (keep in mind it starts at /32, which is equal to 1 IP)
What is the purpose of Internet Gateway (IGW)?
Internet Gateway allows resources in a VPC to connect to the internet
You are trying to connect a VPC to the internet with an Internet gateway. What else do you need to do?
Route tables must also be edited, as internet gateways do not allow internet access on their own
How many VPCs can be attached to an internet gateway?
Just one. And vice versa
What does a NAT gateway do?
Allows a private subnet to access the internet
Do NAT gateways need static or elastic IPs?
NAT Gateways need to be assigned Elastic IPs
What happens if resources in multiple AZs share a NAT gateway, and the gateway goes down?
All the resources lose internet access
If you have resources in multiple AZs, all in private subnets, how should you configure your NAT gateways?
Every AZ should have its own NAT gateway, and resources should have routing configured to the gateway in their AZ
Do NAT connections enable inbound and outbound connection?
No, they only enable outbound connection. Your devices can outbound connect with the internet, but receive nothing inbound.
What does NACL stand for?
Network Access Control List (network ACL)
What are NACLs?
They are akin to firewalls that control traffic to and from subnets
How many NACLs per subnet?
one
How are rule precedents determined in NACL rules?
Lower the number, higher the rule precedent
How does AWS recommend adding NACL rules?
in increments of 100
How do default NACLs treat inbound / outbound traffic?
Default NACLs allow all inbound and outbound traffic
Should you modify the default NACL?
NO. Do not modify the default NACL, just create new ones.
What are Ephemeral Ports?
Short lived ports that are used on the server-end of communication
What is the purpose of Ephemeral Ports?
Ephemeral ports allow continued communication with a client that initially connected using another port on the server
What does NAT stand for?
Network Address Translation
What is VPC peering?
Creating a private network connection between two VPCs. Makes them behave as if they were in the same network
Can you peer VPCs with overlapping CIDR blocks?
No, you cannot.
Can you peer VPCs transitively?
NO. Peering has to be from one VPC to another. VPC A cannot peer with VPC B and then be magically peered with VPCs C, D, E etc.
What do you need to update in recently peered VPCs?
Route tables
