VPC Flashcards
What is a VPC?
Virtual Private Cloud
It is a virtual network dedicated to your AWS account.
What is a Region?
AWS Regions are separate geographic areas.AWS Regions consist of multiple, physically separated and isolated Availability Zones that are connected with low latency, high throughput, highly redundant networking.
What is an Availability Zone?
They are distinct locations within an AWS Region that are engineered to be isolated from failures in other Availability Zones. They provide inexpensive, low-latency network connectivity to other Availability Zones in the same AWS Region.
What is an Edge Network?
They are a content delivery network with locations outside AWS data centers, which means they are not inside a region/availability zones. An example is of an aws service that live in an edge network is cloudfront.
What are the minimum and maximum CIDR blocks available for use in AWS?
/28 minimum
/16 maximum
What is the default VPC CIDR address range?
172.31.0.0/16
Can subnets extend from one VPC in one availability zone to another VPC in another availability zone?
No
What are the private ipv4 address ranges?
10.0.0.0 - 10.255.255.255 /8
172.16.0.0 - 172.31.255.255 /12
192.168.0.0 - 192.168.255.255 /16
If you allocate a new subnet 10.0.0.0/24 within a VPC, how many addresses are available?
Only 250 IPs will be available because AWS reserves 5 IPs.
10.0.0.0 - Network address
10.0.0.1 - VPC router (gateway)
10.0.0.2 - Route 53 (amazon provided DNS)
10.0.0.3 - AWS future use
10.0.0.255 - Typically a broadcast address, but AWS does not allow broadcasts within a VPC, so this is just reserved.
If you restart an EC2 instance, and it is assigned both a private and public ip addresss, would the instance retain it’s public ip address?
No, by default, the EC2 instance will not retain the previous public ip before the restart. AWS will assign it a new public ip. Your private ip will remain the same before the restart.
What are the three types of ip addresses within a VPC?
1) Private IP
2) Public IP
3) Elastic IP
What two types of IP addresses can communicate on the internet?
1) Public IP
2) Elastic IP
If you terminate an EC2 instance and it was using an Elastic IP, will this also be deleted?
No, the Elastic IP is still tied to your AWS account, and you will be billed for it.
An EC2 instance using an Elastic IP was terminated, can we reuse this IP?
Since the Elastic IP is not attached to an EC2 instance, this can be reused on the new EC2 instance.
If you assign an EC2 instance an IPv6 address and restart the EC2 instance, will it lose that ip?
Since IPv6 is globally unique, you will not lose the ip when restart the EC2 instance; you will retain this ip.
Within a VPC, what mode can you run to have both IPv6 and IPv4?
Dual stack mode
For IPv6, what is the available ranges in AWS?
CIDR block is /56
Subnet block is /64
True or false: you can choose the IPv6 IP addresses when creating an EC2 instance?
False, you cannot.
What is an Elastic Network Interface (ENI)?
A virtual network interface that attaches to an instance in a VPC. It’s inside a VPC and associated with a subnet.
When you attach more than one ENIs to an EC2 instance, you are NIC teaming, which increases bandwidth.
False, you cannot NIC team ENIs.
True or false: you can have multiple private ip addresses attached to an ENI?
True
Multiple security groups can be associated with an ENI. True or false?
True
What is an Internet Gateway (IGW)?
This translates private IP addresses to associated public IP addresses.
How many VPCs can an IGW be attached to?
Only one
Using one EC2 instance, what is a dual-homed design?
This design requires attaching two ENIs (one private ip and one Elastic public ip respectively) to one EC2 instance. A different security group will be attached to each ENI - one SG is for access to the Elastic public ip (such as web server access), and one SG is access to private (such as mgmt access).
It’s best practice to use the default vpc.
No
True or false: default subnets are created in custom vpcs.
False
A VPC has one 10.0.0.0/16 subnet defined, and another secondary cidr of 192.168.1.0/24 needs to be added. The administrator is unable to add this secondary cidr. Why can’t they?
A secondary cidr can be assigned to a VPC, but another RFC 1918 address range can not be added. Only another range within 10.0.0.0/16 can be added as the secondary cidr.
True or false: a secondary cidr on a vpc can overlap with a vpc peer.
False, it cannot
How many ipv4 cidr blocks can be assigned to a vpc?
5
How many ipv6 cidr blocks be assigned to a vpc?
1
If a network gateway has a 10.2.0.0/24 assigned, but the administrator wants to add a secondary subnet of 10.2.0.0/16. Will this work?
No, the secondary subnet cidr has to be a smaller block size than 10.2.0.0/24. A block size of 10.2.0.0/25 would be acceptable.
An administrator wants to assign secondary cidr block 172.31.0.0/16 to a new vpc, but are unable to do so. Why?
172.31.0.0/16 is the default cidr range in the default vpc, which cannot be used.
An administrator has planned a multi homed design that includes the ENIs, each with separate cidr blocks. The ranges to be used are 10.0.0.0/24, 192.168.2.0/28, and 3.78.9.33. Would this design work?
No, the two private ip address ranges conflict, and one vpc cannot have those configured. A redesign using either 10.0.0.0 or 192.168.0.0 blocks would work.
Is it recommended to use 172.17.0.0/16 for your vpc?
No, because AWS services like Cloud9 and SageMaker can experience ip conflicts.
Can you add a secondary subnet to a vpc when the vpc peering connection state is active?
Yes, you can only add a subnet if it’s peering connection is in an active. Otherwise, you cannot.
What ipv4 private address range is restricted and used for AWS EKS service?
198.19.0.0/16
What is an Availability Zone ID?
AWS maps the physical Availability Zones randomly to the Availability Zone names for each AWS account. This approach helps to distribute resources across the Availability Zones in an AWS Region, instead of resources likely being concentrated in Availability Zone “a” for each Region. As a result, the Availability Zone us-east-1a for your AWS account might not represent the same physical location as us-east-1a for a different AWS account.
