VPC is a logically isolated portion of the AWS cloud within a region.
So, in this architecture we can see the following things:-
Region It is a physical location around the world which has a group of data centers inside it that are also called Availability zones.
VPC: It is like a data center in which we can configure route tables , select ip ranges , create subnets and can attach internet gateway to the VPC.
Availability Zones: The blue boxes which are present in this VPC are the availability zones . They are one or more data centers present inside a region with redundant power , networking and connectivity.
Subnet: A subnet is like a segment of VPC's ip address range where we can place groups of isolated resources.
There are 2 types of subnets:-
Public Subnet: If a subnet's traffic is routed to an internet gateway, the subnet is known as a public subnet .
Private Subnet: If a subnet doesn't have a route to the internet gateway,the subnet is known as a private subnet.
Router: It connects different availability zones together and connects the VPC to the internet gateway.
Internet Gateway: An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in our VPC and the internet.
EC2 instances: It is like a virtual operating system in
Amazon's Elastic Compute Cloud(EC2) for running applications on the Amazon Web Services infrastructure.
VPC CIDR blocks
Rules and Guidelines related to VPC Cidr blocks
CIDR block size can be between /16 and /28
The CIDR block must not overlap with any existing CIDR block
that's associated with the VPC.You cannot increase or decrease the size of an existing CIDR
block.The first four and last IP address are not available for use.
AWS recommends using CIDR blocks from the RFC 1918 ranges:
VPC CIDR Blocks and Subnets
Let us take a example consider a VPC CIDR Block 10.0.0.0
with a 16 bit subnet mask 255.255.0.0 which is like this
10.0.0.0/16.
In this 10.0.0.0 block our network-id is the first 2 octets
and by seeing the subnet mask we know that the remaining
bits after this is 10.0 are host bits.
host bits are 0.0 here.
Now let's create our subnets. while creating subnets we are
going to take some of the bits from the host portion and
assign them to the network portion.We can have some of the
following subnets using this VPC CIDR block.
for example: 10.0.1.0 which means that we have borrowed all
eight bits from the host portion.
So our VPC subnets will have a longer subnet mask from the
subnet mask that they come from.
Now in this case, it's a 24-bit subnet mask.
Now What would be the next network ?
The next network is 10.0.2.0/24 and the next one is
10.0.3.0/24.
So each one of these subnets have 254 potential hosts.
Now let's go through a few additional considerations
- Ensure you have enough network and hosts.
- Bigger CIDR blocks are typically better.
- Smaller subnets are OK for most usecases.
- Consider deploying applications tiers per subnet.
- Split the High availability resources across subnets in different availability zones.
- Avoid overlapping CIDR blocks as much as possible.
So now let's have a quick look at the tool which help us in
planning out our cidr blocks and subnets
Below is the tool that we use for the folllowing purpose 👇
link for the tool url
Hands on Lab - Create a Custom Vpc with subnets.
Create a VPC
If you want to associate your instances with public ip
addresses with Dns hostnames we follow the following
procedure:
Creating 4 Subnets
2 public subnets
2 private subnets
- For creating subnets we will click on the subnet tab present on the left side and then click on the button create subnet present on the right hand side.
- Creating the subnet public-01 👇
Now let's edit the subnet settings for public-01 subnet
and enable auto assign public ip addresses so that the
instances launched in public-01 subnet will get a public
ipv4 address.
Till this we have successfully created a public subnet. So
out of 2 now we have created our first public subnet.
In the similar way we can create the other public subnet with the name of public-02.
Now let's edit the subnet settings for public-02 subnet
and enable auto assign public ip addresses so that the
instances launched in public-02 subnet will get a public
ipv4 address.
Till now we have successfully created the 2 public subnets and assigned auto public ipv4 to both of them.
Now let's start creating the remaining 2 subnets .
Creating the subnet private-01
Creating the subnet private-02
Create route table for private subnets
For creating route table click on Route Tables present on the left hand side under the drop down menu of VPC.
Then click on Create route table button
Type in the name of the route table and then the VPC to which this route table should be associated.
Now the route table has been successfully created. Now let's associate subnets with the route table of the VPC.
Select the subnets to be associated with the route table of the VPC.
So, here we can see that the route table is now associated with the 2 subnets.
Below is the main route table for our VPC 👇
Subnets associated with the main route table 👇
Create Internet Gateway
For that click on the left hand side under the drop down menu of VPC there you will find Internet Gateway just click on that and it will open up a console for creating internet gateway.
Now let's configure Internet gateway for the Vpc.
After configuring it just click on the Create Internet gateway button and now we can see that the Internet gateway is successfully created for the VPC.
Attach the Internet gateway to the VPC
Now let's just attach this internet gateway to the vpc for that click on attach to VPC button it will ask you for the VPC name to which this internet gateway should be attached. select the Vpc name for that and after selecting the name of the Vpc click on Attach Internet Gateway button.
Now let's just edit the routes of our main route table of the VPC by clicking on the Actions button and then click on the Edit routes.
In the edit routes add a route for destination 0.0.0.0/0 that is outside your VPC cidr block which means to the internet and add internet gateway as the target.
Now in the main route table we have the following routes one is to route locally with the VPC route within the cidr block.
If you want to go outside the vpc cidr block then we will use internet gateway for the outside requests.
Top comments (0)