Exploring AWS !!
**Day 17:
Components of VPC**
Network Interfaces, Route Tables, Internet Gateway, Network Address Translation (NAT), Security — (Security Groups and Network Access Control Lists)
1. Network Interfaces:
Interaction between computer and Internet Network.
Network IO happens via Network Interface Cards (NIC).
Network interface contains — Elastic IP, Public IP, Private IP, security Group.
Elastic Network Interface (ENI) — It is a virtual network interface and it contains all attributes like Private IP, Public IP, Elastic IP, Security Group, Mac address, Source/Destination check.
Network Interface can be created to an instance attached to an instance, detached from instance, re-attached to another instance.
Multiple IP address — Network Interface can have additional security IP address attached to it. IP address can be assigned to network instance attached to running or stopped instance.
2. Route Tables:
Route Table tells a machine network where traffic is directed.
Directions are defined by route in Route Table.
Each subnet must be associated with a route.
All VPCs come with an implicit router and main Route Table which can be modified.
3. Internet Gateway:
A horizontally scaled redundant and highly available VPC component that allow communication between instances in your VPC and internet.
Purpose:
created to an instance
attached to an instance
detached from instance
re-attached to another instance
4. NAT (Network Address Translation):
Internet cannot initiate any connection to instances via NAT.
NAT devices enable instances in Private subnets to connect to Internet and brings response back to instance.
NAT devices are created in public subnets.
Difference between NAT Gateway and NAT instances:
NAT Gateway:
Implemented with redundancy.
Supports burst up-to 10 Gbps.
Managed by AWS.
No size.
Only NACLs can be used to filter traffic.
EIP has to be associated.
NAT Instances:
Failover has to be managed manually using script.
Depends on bandwidth of instance type.
Managed by AWS.
Instance type and size can be selected.
Both Security group and NACL can be used.
Both EIP and Public IP can be used.
Top comments (0)