As someone that is a total beginner in AWS, working with IP addresses may seem like a totally new type of muscle to grow. What are the numbers for? Why are there several types?
This article is not only meant to serve as a bite-sized educational blog for someone who is new to the world of cloud/networking but also for people looking for a knowledge refresher.
What are IP Addresses in the context of AWS?
An IP address has one main purpose, and that is to serve as an identifier for your resources and services.
You can think of it as a name. But not everyone only has a single name, right? We may have different names depending on the situation. A name used only by our family or close friends. A name that acquaintances or coworkers use to refer to us.
That’s where Public, Private, and Elastic IP Addresses come in.
Types of IP Addresses
- Public IP Addresses
A public IP address is known and reachable by the Internet.
It is also assigned by AWS and temporary. Every time that you start or stop an instance, its public IP address will always change.
Here’s a mini mental exercise: A private subnet can still have a public IP address. What do you think makes it different from a public subnet?
Here’s the answer: It is not the lack of a public IP address that makes a subnet private, but rather the lack of a 0.0.0.0/0 route to an Internet Gateway.
- Private IP Addresses
A private IP address is inaccessible by the Internet.
Unlike a public IP address, a private IP address is not temporary. It stays until your resource is terminated. It is automatically assigned by AWS using your subnet’s CIDR range (which we will later talk about).
What are they actually used for? We primarily use IP addresses for communicating with other resources in our VPC or network, like our app server talking to our database.
If we try to access it outside our network (by sending a request, either through a web browser or the terminal using something like cURL), we wouldn’t receive a response.
RFC 1918
Simply a consensus or agreement that reserves certain IP addresses to be strictly only used for private networks.
These ranges are:
- 10.0.0.0/8 (10.0.0.0 - 10.255.255.255)
- 172.16.0.0/12 (172.16.0.0 - 172.31.255.255)
- 192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
This is something nice to keep in mind while assigning your private IP addresses.
- Elastic IP Addresses
This is a static public IP address that doesn’t change.
For a quick review, think about how it is possible for our private resources to communicate with the Internet via the NAT gateway.
When your private resource sends traffic out to the NAT gateway, it swaps out the private IP with its Elastic IP, forwards the request to the Internet, and once it gets a response, it swaps it back and delivers it to your private resource. This process of swapping out and back is called the Network Address Translation (NAT).
IP Address Octets (IPv4)
Let’s talk about the anatomy of an IP address.
In IPv4, an IP address has four parts (called an octet), with each octet containing 8 bits. Do you still remember your binaries? If you don’t, here’s a quick refresher:
Let’s say we have this IP address:
We can see that it has four octets, each separated by a dot.
Each octet has 8 bits.
Why is this relevant? This is something important to know when we’re working with CIDR.
Classless Inter-Domain Routing (CIDR)
This is a notation for describing the range of an IP address.
The lower the subnet mask (the /n), the more IP addresses are available. On AWS, some IP addresses are reserved upon assignment.
You can look up a reference table for yourself, but here’s a trick that I use:
- /24
- The first 24 bits are locked (see the section above).
- Example: X.X.X.0/24
- The range would be: X.X.X.0/24 - X.X.X.255/24
- X means that octet is locked and cannot be changed.
- /16
- The first 16 bits are locked.
- Example: X.X.0.0/16
- The range would be: X.X.0.0/16 - X.X.255.255/16
You can basically apply the same rules with every other subnet mask.
Conclusion
I hope you found the article to be helpful with reviewing the topic of IP addresses. If I had made any mistakes (typographical or technical errors), feel free to let me know by making a comment. Thanks for reading!
About me
I’m currently an incoming junior at Cavite State University. I’ve had three past internships spanning different domains, and I’m currently a Cloud Engineering Intern at Elevate Innovations Corp.
I also regularly engage with open source projects, developer communities, and organizations.
If you want to collaborate or reach out to me, reach out to me via:
LinkedIn: https://www.linkedin.com/in/waffensultan/
Email: waffen.sultan@gmail.com
Top comments (1)
Great job on this post Waffen!