What is VPC?
The AWS VPC is essentially a private virtual network inside the AWS network. While AWS is
physically a shared network, each VPC is logically isolated from other AWS customers. The AWS
network supports private and public addresses for each of its customers
AWS customers are logically separated, there is no contention for IP address space between VPCs. Each VPC will
have its own routing table that is responsible for directing traffic.
Below image shows the logical isolation of AWS customers.
** What is Subnetting?**
To understand what Subnetting is, first we have to understand what
exactly is the Network and Subnet
What is Network?
A network is a group of two or more connected computing devices. Usually all devices in the network are connected to a central hub — for instance, a router. A network can also include subnetworks, or smaller subdivisions of the network
What is Subnet ?
A subnet, or subnetwork, is a network inside a network. Subnets make networks more efficient. Through subnetting, network traffic can travel a shorter distance without passing through unnecessary routers to reach its destination.
What is Subnetting ?
Subnetting/Subnetworking is how very large networks, such as those
provided by ISPs, are able to manage thousands of IP addresses and
In simple words: Dividing bigger networks into smaller networks called Subnetting.
CIDR stands for (Classless Inter-Domain Routing) -- also known as supernetting. It's a method of assigning Internet Protocol (IP) addresses that improves the efficiency of address distribution and replaces the previous system based on Class A, Class B and Class C networks.
For each VPC we setup, we have to assign a CIDR value say(10.0.0.0/16).
CIDR range depends upon the no. of servers going to be deployed.
Here, the variable values of CIDR vary from 0 to 255.
But first four values i.e, from "10.0.0.0" to "10.0.0.3/16" are reserved and "10.0.0.255/16" is also reserved.
Here '/24' means first 3 bits of IP will be kept constant.
For Subnet-1 Ip address ranges from 10.0.0.4 to 10.0.0.254.
For Subnet-2 Ip address ranges from 10.0.1.4 to 10.0.1.254.
For Subnet-3 Ip address ranges from 10.0.2.4 to 10.0.2.254.
Basically, we deploy our different services into different subnets. Such as we keep web-servers in a single subnet, Database servers in a different private subnet.
Create a VPC "Silicon-Vpc" (say).
Give an IPV4 CIDR to it (10.0.0.0/16).
Create two Subnets inside it, Web-subnet and DB-subnet.
Assign CIDR values to the subnet as "10.0.1.0/24" and "10.0.2.0/24" respectively.
We can see that for each subnet we can allocate 251 servers (According to the CIDR values available).
What is Internet Gateway?
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
An internet gateway serves two purposes:
1) to provide a target in your VPC route tables for internet-routable traffic.
2) to perform network address translation(NAT) for instances that have been assigned public IPv4 addresses.
Now we'll deploy an IGW.
Create an IGW " Silicon-IGW". Attach a vpc to it.
Now we still won't be able to connect as Route table is undefined.
So we have to create and define the route table.
What is VPC Route Table?
Your VPC has an implicit router, and you use route tables to control where network traffic is directed. Each subnet in your VPC must be associated with a routing table, which controls the routing for the subnet (subnet route table).
You can explicitly associate a subnet with a particular route table. Otherwise, the subnet is implicitly associated with the main route table.
A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same subnet route
Public Subnet: If a subnet is associated with a route table that has a route to an internet gateway, it's known as a public subnet.
Private Subnet: If a subnet is associated with a route table that does not have a route to an internet gateway, it's known as a private subnet.
In the public subnet's route table, we can specify a route for the internet gateway to all destinations not explicitly known to the route table (0.0.0.0/0 for IPv4 or ::/0 for IPv6).
Alternatively, we can scope the route to a narrower range of IP addresses; for example, the public IPv4 addresses of your company’s public endpoints outside of AWS, or the Elastic
IP addresses of other Amazon EC2 instances outside your VPC.
Now, we'll be able to connect to the web-server via ssh.
But we can't access the DB-server as it doesn't have public IP.
Similarly, we can't connect DB-server from Web-server console as we don't have access to "Db-server-key.pem' file.
Now, we've to give read-write permission to the server.
Type: "chmod 600 DB-server-key.pem"
If we want to give internet access to DB-server we have to configure it in such a manner that no one else from the internet can access it except us.
To have such kind of setup we deploy "NAT-Gateway".
"Nat-gatweway has both private and public IP associated with it.
We need to deploy it in Public subnet. Hence, the subnet having IGW access is called public subnet.
If DB-Subnet wants to have internet access then it has to connect to the public ip of NAT gateway.