Amazon AWS SysOps – Networking – VPC part 1
- Section Introduction
For networking. Also, we need to know in and out how to create, operate and manage a VPC. Troubleshooting is also very important. So we’ll look at Amazon Vpc and AWS Direct Connect in this section. Now you may be asking me, oh, I already know how to do Vpc and I say I hope you do. But trust me for to know how to do a VPC you need to look at this diagram and understand everything that goes in there. So have a good look.
If you know everything in there, you can skip discussion. If not, I strongly recommend you do this section. Take your time. It is long, there’s lots of learning and we’re going to visit a whole new set of concepts. It takes a lot of time to learn BBC. It took me a lot of time to learn Vpc. Don’t worry, we’ll go step by step and understand this in our time. Okay, let’s get started now.
- CIDR, Private vs Public IP
So before we go heads on with Vpc, we need to first understand Cider. And Ciders stands for classless inter Domain Routing. But no one says that. Everyone says cider. And this lecture is specific to iPV four. So Cider are used when you have security group rule rules, and also in general for AWS networking, as we’ll see in this section, we’ve seen Ciders when we started defining our security group. So when we have zero, zero, zero slash zero or 122 one, et cetera, 32, this was actually a Cider. But they were very specific ones. So overall, what decided to do is, well, they help define an IP address range. So we’ve seen 32, and that means one IP and we’ve seen zero. That means all IPS.
But there is in between zero and 32 a lot of numbers. So we can define, for example, 168, 192, 160, 26, which represents a range of 64 IPS from 192 one six jet zero zero to 192 one six three. So we have to see and understand why this is the case and how this works. So to understand Cider, we need to understand that there’s two components to it. The first one is the base IP, whatever you want. And then there is something called the subnet mask, the 26 bar. And the base IP represents an IP that it will be contained in the range, whereas the subnet mask will define how many bits can change in the IP. So IP, overall we see them Xxxx, but actually it’s just zeros and ones, and there are 32 of them.
Now, I don’t want to go into specifics of how AP works, but basically the subnet mask allow a few bits of the IP to change and that will define your range. Now, the subnet mask can take two form. If you have a Windows computer, maybe you’ll see this 255-255-2550, that’s less common. Or if you use AWS online or whatever, you’ll see more like 24, which is more common and easier to read. It’s up to you though. And in this lecture and its whole section in AWS, we’ll use the more common form, 24. So let’s talk about subnet mask. Now, they basically allow the underlying IP to get next values from the base IP because the underlying bits change. So if you have 32, we allow for one IP.
And how do we get that? Well, it’s two at the power zero. If we have 31, we allow for two IP, because it’s two at the power 130 is four IP, two at the power 229, it’s eight IP, two at the power 328, it’s 16 IP, two at the power four. So as you can see here, anytime we allow a number of bit to change, it’s two at the power number of bit to change, that will be added as number of IPS. And as you see, 32 corresponds to 00:31 corresponds to one. So it’s basically 32 minus this number will give us the power in here. So 27, two at the power 526 is two at the power six. So 64 IPS, 25 is two at the power 712-8256. You get the idea. Now 16 is two at the power 16, which is 65,536 IP. And then we’ll get slash zero, which allows all IPS or two at the power 32.
So you don’t need to remember all that, obviously, but you need to understand that it’s two at the power 32 minus the number right here. With a slash and quick memo, 32 means no IP number can change. 24 means the last IP number can change. 16, the last two IP numbers can change. Eight, the last three and zero, all IP numbers can change, just a quick memo. But now let’s just go ahead and practice because I guess this is a new concept for some of you. So when we have this cider, what is it? So think about it, take time to reflect. So we have an IP and we have 24. What does 24 mean? Well, that means that the last number can change. So we have this range, 1921-6800, all the way to zero, 255, and that represents 256 IP 16.
What does that mean? Well, that means that the last two number can change. So we get this range and that’s 65,536 IP. So as you can see, the last two numbers can change all the way to 255. And finally, this one. So what is it? It’s a 32. So that means that no numbers can change. So it’s just one IP we represented and already it’s all IPS. So when in doubt, you can use this little website that I like called IP addressguide. com cider and we’ll go have a look at it right now. So I like this website because it allows you to convert a cider to an IP range or an IP range to a cider. So it’s really helpful if you just know the IP range, you know, but you can’t figure out the cider right away. You just type it in there and then you get a cider.
So let’s have a look. If we do 100 00:16, well, we remember we do allow the last two numbers to change. So these two numbers should be able to change. We’ll calculate this and we get the subnet mask, which is right here, the first IP and the last IP and the total number of hosts. So perfect is what we expected, the last two numbers can change and we get 65,000 and so IP. And if we do slash 17 for something a little bit less obvious and we’ll calculate it, we’ll get the first IP and the last IP, as well as the total number of hosts. So this is really, really handy, but you could do alternatively, you can refresh this page. I’ll go back to the speed and what I can do is just enter an IP range.
So 100, zero, and then maybe this one last IP, because that’s the range I want and calculate my Cider. And automatically it says the result is 100 zero 00:17. And this is what you would use in AWS. So really, really handy, to be honest. So finally we need to define what’s the difference between the private and the public IP for iPV four. So there is this Internet authority called the Iana for Internet Assigned Numbers Authority and they basically define that certain blocks of iPV four addresses are going to be used for private purposes and the rest is going to be public. So private IPS only allow certain values and it’s quite easy to remember. The first one is 100 zero all the way to ten 2555-5255.
So that’s basically the Cider 100 zero zero H. And that’s for big networks. That allows for a lot of machines to be in that private network. Then we have 170, 2160 zero. And that’s the default one we get when we have a default Vpc created when we create a new account. And then we’ll get the 192, 116 16. And you’ve seen this, I guess, before, because this is what’s usually used when you have a home network with a WiFi and a router. That’s the kind of IPS you get on your internal home network. So all the rest of the IPS that are not in these ranges are public IP. So that’s it. We’re ready to go on with the section on Vpc now that we understand Cider in private IP. I will see you in the next lecture.
- Default VPC Overview
So before we go ahead and start creating our own Vpc, I want us to walk through the default Vpc that comes with all of our accounts when we create a new account in AWS. So as soon as you get a new account, you get a default Vpc. If you have an old account, there’s a chance you don’t have one. So try to work with a new account. If you don’t have one, new instances will be launched by default into the default Vpc if you don’t specify any subnets. And the default Vpc comes with internet connectivity and all instances of public IP. This is how we’ve been able so far to use our instances do Yum updates, installs Apache server, et cetera, et cetera. We also get a public and a private DNS for each of our instances.
And this you think is a given. But basically this was configured in the default Vpc. So now let’s go and have a look at what the default Vpc looks like in AWS. So in my management console, I’m going to go ahead and look at the Vpc service. Now in this Vpc service we get the dashboard which shows us the resources by region. So as we see we have one Vpc, three subnets, one root table, one internet gateway, one Dhcp option sets, one network SEL and twelve security groups because I created many security groups. So all these things we see right here are basically created by default for us. When we do have a new account, you can just play around, create a new account and see what is going to be there.
So in the end in this section we’re going to create our own everything. But for now it’s good to look at the state of what is already there, just to get a small idea of how things work. So if you click on your VPCs, the first thing you see is that we have a VPC right here that has been created and this is the default Vpc. It says here Default Vpc. Yes. Now if we look at the iPV, four Cider we see this is this Cider. So we’re interested, we’re intrigued, we want to know what this Cider is. So we’ll go to a website, calculate it and we see the first IP is this one and the last IP is this one. And we get about 65,000 IPS in this Cider. Okay, so this is pretty good.
We have Vpc, it has one iPV, four Cider block and there is no flow logs, there is no tags. The description seems to say that there is a network STL, a route table, Dhcp options, et cetera, et cetera. Okay, so this looks like when we create a VPC we define just a Cider. Now we go to subnets and here we know that we can launch instances into three different availability zones, into three different subnets. So here they are, we have subnet one, two and three. And these subnets have their own cider as well. So we can see that each subnet, for example, if we take this one and maybe different for you, but if we take this subnet and we calculate this cider, we can see that the first instance IP is 107 231320 and the last one is 107 2314-7255.
We get a total host of 4096. But in here we get available IP of 4091. So there’s five IP of differences. We’ll see why in the future lecture. But okay, so it looks like each subnet in there is basically having a cider that is within the Vpc cider and it looks like all these subnets have a non overlapping cider. Now each of these subnets, we can look at it, it belongs to the Vpc we have available and we have no flow logs. We have a route table basically that is in this Vpc. And so we’ll have a look at this route table in a second. And then for network sels we get allow all traffic as a network SEL and allow all outbound traffic. So it looks like all traffic is allowed in our Vpc under subnet and then we’re good.
Now if we look at root tables, it looks like we have a root table. There’s only one of it and it’s the main root table. It belongs to the default Vpc. And basically in terms of subnet association, it’s associated, not explicitly, but it’s associated with these three subnets. So look at the roots defined in this route table. Basically define how our subnets will get access to the internet. And if you look at the Internet, it looks like one of these targets is an internet gateway. So internet gateway is right here and it’s attached to the Vpc and there’s not much we can do with it. But it looks like the internet gateway is going to give us internet. So that’s all we need to see right here just to get started. But we look like a default Vpc right now.
Maybe we don’t understand anything we’ve seen, we don’t understand what is root table, what is internet gateway. And don’t worry, we’ll do this one by one. But I want you to realize what a default Vpc comes with before we go ahead and create our own Vpc. A default Vpc basically comes with a bunch of these four little little menus right here. It comes with a VPC, three subnets, one route table, one internet gateway, and then one network ACL list that allows all inbounds and all outbounds. Now we’ll see in details what this means and how this works. But before we go ahead into the next lecture, please have a look at the default Vpc. Try playing around, try to see if it means anything to you. And I will see you in the next lecture. To create our own Vpc.
- VPC Overview and Hands On
Now let’s go ahead and create our own Vpc. So Vpc stands for Virtual Private Cloud and you can have multiple Vpc in a region up to five of the maximum. But it’s a soft limit. So you can place an eight of a support ticket and then it will increase that limit for you. And each Vpc can have up to five Cider. For each Cider, the minimum size must be slash 28. So it’s 16 IP addresses and the maximum size is slash 16. So 65,536 IP addresses. Because UBC is private, only the private IP ranges are allowed. So just as a reminder, we get this range 100, zero, zero slash eight. We get this range 172, 1. 116. 00 slash twelve, and then finally the home network sort of IP address.
So 192 1680. Really interesting thing is that when you do create a VPC, the Cider you choose should not overlap with your other networks. For example, if you have a corporate network and your 172 does something, then make sure when you create a new Vpc that there is no overlapping IP ranges. Because when you start connecting all of those together, you want to make sure that the IPS are not going to be overlapping. So there’s enough IPS in this world for you to choose non overlapping Cider. Just be very careful with it. So if we look at the state of the hands on, this is what we’ll have at the end.
Within the AWS cloud, we will have a VPC with nothing in it. So let’s get started. So the really easy way to get started with a VPC would be to launch Vpc wizard, but then that would defeat the whole point of learning. So we’re going to create a VPC manually without a wizard, it’s actually going to be better. So we’ll create a VPC and for this we’ll go into your VPCs and create Vpc. The name tag will be demo Vpc. And here we have to choose an iPV four Cider block. So for this we’ll choose 100 zero, zero slash 16. That’s the biggest IP Cider block we can choose. If we do 15, there will be a problem because the block sizes must be between slash 16 and 28. So slash 16 is a great idea.
And if we want to know what slash 16 means, we can go back to our website Cider to IP four conversion type in the Cider and we see that the first IP is going to be 100 zero zero, and then the last one is going to be ten 025-5255. So that’s 65,000 IPS. All right, great. For now we’re not going to do iPV six. So we’ll leave no iPV six header block off and the tenancy is basically how we launch easy two instances within it do we want default, which means shared hardware or dedicated hardware. And this will basically be inherited by when you create an easy to instance. So we’ll select default. We don’t want to have dedicated hardware.
Otherwise we’ll pay a whole lot more money. Okay, click on create and our Vpc has been created. Now if we look at our Vpc, it looks like there is one Cider block that has been defined. So Cider block is right here. Flow logs. There is nothing. Tags, there is nothing. But it looks like when we created that demo V PC, it comes with a main root table and a main network ACL that has been created for us. Okay, so what can we look at this? Well, the one thing that you notice is that we’re not limited to just this iPV Four Cider block. If you wanted to, you’d be able to edit your ciders by clicking on Edit Cider.
And here we’re able to add iPV six Cider if we wanted to later on or add iPV four cider. So if you wanted to add a cider for iPV four, you could definitely do ten one six, which is the next Cider. And then you click on yes and automatically would associate that. So you can add up to five Vpc iPV Four Cider in there to extend your Vpc size over time. For now, I don’t need to add this one, so I’ll just just remove it. But I just wanted to show you how this would work if you wanted to add more ciders to your Vpc. Okay, so that’s it. Right now we just have the Vpc. It’s basically a big container. We haven’t defined any subnets. But guess what? We’ll do that in the next lecture.