AWS VPC overview
CIDR
-
CIDR: Classless Inter-Domain Routing, a method for allocation IP addresses
- base IP: 10.0.0.1, represents an IP contained in the range, network address
- subnet mask: how many bits can change in the IP (host bits)
- for example: 10.24.8.25/24 => 8 (=32-24) bits can change
-
private IP
- 10.0.0.0/8 (10.0.0.0 to 10.255.255.255): a bit networks
- 172.16.0.0/12 (172.16.0.0 to 172.31.255.255): AWS default VPC in the range
- base ip: 172.16.0.0, netmask: 255.240.0.0, wildcard bits: 172.15.255.255 => last ip: 172.31.255.255
- 192.168.0.0/16 (192.168.0.0 to 192.168.255.255): home networks
-
public IP
- all the rest of the IP addresses on the Internet are public
VPC
A VPC is a virtual network that closely resembles a traditional network that you'd operate in your own data center.
When you create a VPC:
- you must specify an IPv4 CIDR block for the VPC
- the allowed block size is between a /16 netmask (65536 IP addresses) and /28 netmask (16 IP addresses).
- you can optionally associate additional IPv4 CIDR blocks and one or more IPv6 CIDR blocks (maximum 5 CIDR blocks, which is adjustable)
VPC is private, only private IPv4 ranges are allowed:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- VPC should not overlap with your other networks
Default VPC
- default CIDR: 172.31.0.0/16 (172.31.0.0 to 172.31.255.255)
- 3 subnets (for example, in ap-southeast-2):
- 172.31.0.0/20, ap-southeast-2a, (172.31.0.0 to 172.31.15.255)
- 172.31.16.0/20, ap-southeast-2c, (172.31.16.0 to 172.31.31.255)
- 172.31.32.0/20, ap-southeast-2b, (172.31.32.0 to 172.31.47.255)
- (4 bits means 15)
Subnets
A subnet is a range of IP addresses in your VPC.
- a subnet must reside in a single Availability Zone and cannot span zones.
- a subnet is automatically(implicitly) associated with the main route table for the VPC
- in each subnet, 5 IP addresses (first 4 and last 1) are reserved by AWS
- for example: if you need 29 Ip addresses for EC2 instances
- then you cannot choose size /27 because only 32-5=27 IP addresses are available
- you should choose size /26
- for example: if you need 29 Ip addresses for EC2 instances
Subnet types:
- public subnet
- the subnet has a direct route to and internet gateway
- resources in a public subnet can access the public internet
- private subnet
- the subnet doesn't have a direct route to an internet gateway
- resources in a private subnet require a NAT device to access the public subnet