Week 5 - Networking and Content Delivery in Cloud Flashcards
What is an IPv4 Address?
An IPv4 address is a 32-bit binary number used to identify devices on a network, divided into four octets (8-bit groups), separated by dots (e.g., 192.168.0.1). Each octet can range from 0 to 255. These addresses are written in dotted decimal notation for human readability.
IPv4 addresses consist of two parts:
Network ID: Identifies the network the device belongs to.
Host ID: Identifies the specific device within that network.
The division between Network ID and Host ID is determined by the subnet mask.
What is Classless Inter-Domain Routing (CIDR)?
CIDR allows IP address allocation and routing without relying on predefined classes, using subnet masks to define variable-length prefixes (e.g., 192.168.0.0/24).
What is the OSI model, and what are it’s layers?
The OSI (Open Systems Interconnection) model standardizes network communication into 7 layers, each with specific functions:
- Physical: Transmits raw bits over a medium (e.g., cables, hubs).
- Data Link: Ensures reliable data transfer on a local network (e.g., switches, Wi-Fi).
- Network: Handles routing and addressing (e.g., IP, routers).
- Transport: Ensures reliable end-to-end communication (e.g., TCP, UDP).
- Session: Manages and maintains sessions (e.g., APIs, sockets).
- Presentation: Translates, encrypts, and compresses data (e.g., SSL, JPEG).
- Application: Interfaces with users and applications (e.g., HTTP, DNS).
The OSI model aids in troubleshooting, designing, and understanding network communication.
What is Amazon VPC and what does it allow you to do?
Amazon VPC allows you to create a logically isolated section of the AWS Cloud to launch resources in a virtual network that you define.
- Belongs to a single AWS Region but spans multiple Availability Zones via subnets.
- Each VPC is assigned one CIDR block (/16 to /28) with non-overlapping subnets.
- AWS reserves five IP addresses per CIDR block.
- Control networking resources like IP addresses, subnets, and configurations with multiple security layers for traffic control.
What are route tables and their features in an Amazon VPC?
Each VPC has one main route table, and each subnet is associated with a route table, which multiple subnets can share. A route table includes two features: Destination (the target CIDR block for traffic) and Target (where traffic is sent, such as an Internet Gateway). By default, a route table contains a local route for VPC communication and cannot be deleted.
What is an Internet Gateway in an Amazon VPC, and what is its purpose?
An Internet Gateway is a scalable, redundant VPC component enabling communication between VPC instances and the internet. It acts as a target for internet-routable traffic in route tables and performs network address translation for public IPv4 addresses. To make a subnet public, attach the gateway to your VPC and route non-local traffic (e.g., 0.0.0.0/0) through it.
What is a Network Address Translation (NAT) Gateway and how does it work?
A NAT Gateway enables instances in a private subnet to access the internet. After creating the NAT gateway, update the associated route table for your private subnets to route internet-bound traffic through it, allowing private instances to communicate with the internet.
What is VPC Sharing and how does it work?
VPC Sharing allows multiple AWS accounts to create resources in shared, centrally-managed VPCs. The owner account shares one or more subnets with other accounts (participants) in the same AWS Organization, enabling resource sharing within a single VPC.
What is VPC Peering and what are its restrictions?
VPC Peering connects your VPC to other VPCs, allowing them to communicate. Restrictions include:
- IP address ranges must not overlap.
- Transitive peering is not supported (i.e., indirect connections between VPCs require explicit peering).
- Only one peering connection is allowed between the same two VPCs.
What is AWS Site-to-Site VPN?
AWS Site-to-Site VPN connects your VPC to remote networks, allowing secure communication between them. By default, instances launched in a VPC cannot communicate with remote networks until the VPN is established.
What is AWS Direct Connect?
AWS Direct Connect establishes a dedicated, private network connection between your VPC and a remote network. It helps reduce network costs, increase bandwidth throughput, and offer a more consistent network experience compared to internet-based connections, particularly for remote data centers far from AWS regions.
What is a VPC Endpoint?
A VPC Endpoint connects your VPC to supported AWS services privately. It includes interface endpoints, which use AWS PrivateLink to connect to services, and gateway endpoints, which provide a private connection to supported AWS services like S3 and DynamoDB.
What is AWS Transit Gateway?
AWS Transit Gateway is a hub-and-spoke connection model that acts as an alternative to VPC peering, enabling centralized connectivity between multiple VPCs and on-premises networks.
What are the general principles of VPC security in AWS?
VPC security aims to control incoming and outgoing traffic by building security into the VPC architecture. Best practices include isolating subnets, choosing appropriate gateway devices or VPN connections, and using firewalls like Security Groups and Network Access Control Lists (ACLs).
What are Security Groups in AWS and how do they work?
Security Groups act as a virtual firewall for your instances, controlling inbound and outbound traffic. They filter traffic at the instance level, not at the subnet level. Each instance in a subnet can be assigned a different set of Security Groups.
