What is VPC? Exploring the Basics of Virtual Private Clouds

What is Amazon VPC ?

Amazon Virtual Private Cloud (Amazon V,mPC), you can launch AWS resources in a logically isolated virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

• All new AWS accounts have a default VPC.

• New EC2 instances are launched into the default VPC if no subnet is specified.

• Default VPC has internet connectivity and all EC2 instance inside it have public Ipv4 address.

• We also get a public and private IPv4 DNS name.

• Default VPC has 3 subnet.

VPC = Virtual Private Cloud

• You can have multiple VPCs in an AWS region.

• Because VPC is private only the Private IPv4 range are allowed.

10.0.0.0 - 10.255.255.255 (10.0.0.0/8)

172.16.0.0 - 172.31.255.255 (172.16.0.0/12)

192.168.0.0 - 192.168.255.255 (192.168.0.0/16)

• Your VPC CIDR should not overlap with your other networks.

Subnet (IPv4) :

A subnet is a logical subdivision of a larger IP network, dividing it into smaller, more manageable segments.

• AWS reserves 5 IP addresses (first 4 and last 1) in each subnet.

• This 5 IP address are not available for use and can’t be assigned to an EC2 instance.

  Example : If CIDR block 10.0.0.0/24 then reserved IP address are

• 10.0.0.0 - Network address

• 10.0.0.1 - Reserved by AWS for the VPC router

• 10.0.0.2 - Reserved by AWS for mapping to amazon provided DNS

• 10.0.0.3 - Reserved by AWS for future use

• 10.0.0.255 - Network broadcast address AWS does not support broadcast in a VPC therefore the address is reserved.

  

Internet gateway (IGW) :

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

• Allow resources (Ex . : EC2 instance) in a VPC connect to the internet.

• It scale horizontally and is highly available and redundant.

• Must be created separately from VPC.

• One VPC can only be attached to one IGW and vice.

• IG on their own do not allow internet access.

• Route tables must also be edited.

NAT Gateway :

A NAT gateway enable private subnet instances to access internet, other VPCs on-premises networks; supports IPv4.

• AWS managed NAT, higher bandwidth, high availability, no administration.

• Pay per hours for usage and bandwidth.

• Nat gateway is created in a specific availability zone, uses an elastic IP.

• Can’t be used by EC2 instance in the same subnet (only from other subnets).

• Requires an IGW (private subnets => NATGW => IGW).

• 5 Gbps of bandwidth with automatic scaling up to 100 Gbps.

• No security groups to manage required.

Routing table :

A routing table is a database stored on network devices like routers, containing information about the best paths for data packets to reach their destinations over a network.

1. Create a own VPC in region.

2. Zone (subnet) in one VPC we can create at least one subnet or more than one subnet id always give base of VPC network id.

3. Create a new gateway and attach with VPC.

4. Routing table.

   Default route.

   192.168.0.0/16 local active

   0.0.0.0 IG-ID active

5. Subnet association ……… in routing table.

6. In zone A and zone B our instances they will get public IP automatically.

   We have to go inside zone (subnet).

   

Peering connection :

A peering connection is a way for two networks to connect and exchange traffic directly, without using a third party to carry the traffic across the internet.

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.

Requester : ………..> it generate peering id and send the massage to acceptor.

Acceptor when they accept the request then peering is establish.

By default one VPC they can’t communicate with other VPC.

• Privately connect two VPCs using AWS network.

• Make them behave as if they were in the same network.

• Must be not have overlapping CIDR.

• VPC must peering connection is not transitive (must be established for each VPC that need to communicate with one other).

• You must update route tables in each VPCs subnets to ensure EC2 instances can communicate with each other.

Steps to Create VPC Peering connection :

1. login in your AWS Management Console.

2. Search for VPC.

3. Create VPC.

4. Create Internet gateway and attach to VPC.

5. Create Subnet.

6. Create Route table. go to subnet associations, edit Route table.

7. Add 0.0.0.0/0 Internet gateway.

8. Create EC2 instance.

9. Firewall off.

Steps to Create VPC Peering :

1. In the left menu, click Peering Connections.

2. Peering connection name.(give any name).

3. Requester VPC – Your current VPC.

4. Select My account and region.

5. Accepter VPC – The other VPC (must be in the same account/region, unless cross-account or cross-region).

6. Click Create Peering Connection.

After that update Route table :

1. Select Route table.

2. Select Add route give IP address of next machine.

3. P-ID active and save.

After that update Security groups :

1. Go to Security group.

2. Select IPv4 Select ICMP.

3. Connect and Save.