Amazon AWS Certified SysOps Administrator Associate – Networking – VPC
June 19, 2023

1. Section Introduction

For networking. Also, we need to know in and out how to create, operate and manage a VPC. Troubleshooting is also very important. So we’ll look at Amazon VPC and AWS Direct Connect in this section. Now you may be asking me, oh, I already know how to do VPC and I say I hope you do. But trust me for to know how to do a VPC you need to look at this diagram and understand everything that goes in there. So have a good look.

If you know everything in there, you can skip discussion. If not, I strongly recommend you do this section. Take your time. It is long, there’s lots of learning and we’re going to visit a whole new set of concepts. It takes a lot of time to learn VPC. It took me a lot of time to learn BBC. Don’t worry, we’ll go step by step and understand this in our time. Okay, let’s get started now.

2. [SAA] CIDR, Private vs Public IP

So before we go heads on with VPC, we need to first understand Cider. And Cider stands for Classless Interdomain Routing. But no one says that. Everyone says cider. And this lecture is specific to IPV four. So Cider are used when you have security group rules and also in general for AWS networking, as we’ll see in this section, we’ve seen Ciders when we started defining our security group. So when we have zero or 122 one, et cetera, 32, this was actually a Cider. But they were very specific ones. So overall, what decider does? Well, they help define an IP address range. So we’ve seen 32, and that means one IP and we’ve seen zero, that means all IPS. But there is in between zero and 32 a lot of numbers. So we can define, for example, 168, 109, 2168-0026, which represents a range of 64 IPS from 109 216800 to 192. So we have to see and understand why this is the case and how this works. So to understand Cider, we need to understand that there is two components to it. The first one is the base IP, whatever you want. And then there is something called the subnet mask, the slash 26 bar.

And the base IP represents an IP that it will be contained in the range, whereas the subnet mask will define how many bits can change in the IP. So IP, overall we see them XXX, but actually it’s just zeros and ones, and there are 32 of them. Now, I don’t want to go into specifics of how AP works, but basically the subnet mask allow a few bits of the IP to change and that will define your range. Now, the subnet mask can take two form. If you have a Windows computer, maybe you’ll see this 255-25-5255, that’s less common. Or if you use AWS online or whatever, you’ll see more like 24, which is more common and easier to read. It’s up to you though. And in this lecture and this whole section in AWS, we’ll use the more common form, 24. So let’s talk about subnet mask. Now, they basically allow the underlying IP to get next values from the base IP because the underlying bits change. So if you have 32, we allow for one IP. And how do we get that? Well, it’s two at the power zero.

If we have 31, we allow for two IP because it’s two at the power 130 is four IP, two at the power 229, it’s eight IP, two at the power 328, it’s 16 IP, two at the power four. So as you can see here, anytime we allow a number of bit to change, it’s two at the power number of bit to change that will be added as number of IPS. And as you see, 32 corresponds to 00:31 corresponds to one. So it’s basically 32 minus this number will give us the power in here. So 27, two at the power 526 is two at the power six or 64 IPS. 25 is to at the power 712-8256. You get the idea. Now 16 is two at the power 16, which is 65,536 IP, and then we’ll get zero, which allows all IPS. So two at the power 32. So you don’t need to remember all that, obviously, but you need to understand that it’s two at the power 32 minus the number right here with the slash and quick memo.

32 means no IP number can change. Slash 24 means the last IP number can change. 16, the last two IP numbers can change. Eight, the last three, and zero, all IP numbers can change. Just a quick memo. But now let’s just go ahead and practice because I guess this is a new concept for some of you.

So when we have this cider, what is it? So think about it, take time to reflect. So we have an IP and we have 24. What does 24 mean? Well, that means that the last number can change. So we have this range, 192, 168, all the way to zero, 255, and that represents 256 IP, 16. What does that mean? Well, that means that the last two number can change, so we get this range, and that’s 65,536 IP. So as you can see, the last two numbers can change all the way to 255. And finally, this one. So what is it? It’s a slash 32. So that means that no numbers can change. So it’s just one IP we represented, and already it’s all IPS. So when in doubt, you can use this little website that I like called IP addressguide. com cider, and we’ll go have a look at it right now. So I like this website because it allows you to convert a cider to an IP range or an IP range to a cider. So it’s really helpful if you just know the IP range, you know, but you can’t figure out the cider right away.

You just type it in there and then you get a cider. So let’s have a look. If we do ten, dot, zero, zero, slash 16, well, we remember we do allow the last two numbers to change, so these two numbers should be able to change. We’ll calculate this and we get the subnet mask, which is right here, the first IP and the last IP and the total number of hosts. So perfect is what we expected. The last two numbers can change and we get 65,000 and so IP. And if we do 17 for something a little bit less obvious and we’ll calculate it, we’ll get the first IP and the last IP, as well as the total number of hosts. So this is really, really handy. But you could do alternatively, you can refresh this page. I’ll go back to the page and what I can do is just enter an IP range. So 100, zero, and then maybe this one last IP, because that’s the range I want and calculate my Cider. And automatically it says the result is 100 zero 00:17.

 And this is what you would use in AWS. So really, really handy, to be honest. So finally we need to define what’s the difference between the private and the public IP for IPV four. So there is this Internet authority called the Iana for Internet Assigned Numbers Authority, and they basically define that certain blocks of IPV four addresses are going to be used for private purposes, and the rest is going to be public. So private IPS only allow certain values, and it’s quite easy to remember. The first one is 100 zero all the way to ten, 255, 255. So that’s basically the Cider 100 zero zero H. And that’s for big networks. That allows for a lot of machines to be in that private network.

Then we have 170, 2160 zero. And that’s the default one we get when we have a default VPC created when we create a new account. And then we’ll get the 192, 160 16. And you’ve seen this, I guess, before, because this is what’s usually used when you have a home network with a WiFi I in a router. That’s the kind of IPS you get on your internal home network. So all the rest of the IPS that are not in these ranges are public IP. So that’s it. We’re ready to go on with the section on VPC now that we understand Cider and private IP. I will see you in the next lecture.

3. [SAA] Default VPC Overview

So before we go ahead and start creating our own VPC, I want us to walk through the default VPC that comes with all of our accounts when we create a new account in AWS. So as soon as you create a new account, you get a default VPC. If you have an old account, there’s a chance you don’t have one. So try to work with a new account. If you don’t have one, new instances will be launched by default into the default VPC if you don’t specify any subnets. And the default VPC comes with internet connectivity and all instances of public IP. This is how we’ve been able so far to use our instances do Yum updates, installs Apache server, et cetera, et cetera. We also get a public and a private DNS for each of our instances. And this you think is a given, but basically this was configured in the default VPC. So now let’s go and have a look at what the default VPC looks like in AWS.

So in my management console, I’m going to go ahead and look at the VPC service. Now in this VPC service we get the dashboard which shows us the resources by region. So as we see we have one VPC, three subnets, one root table, one internet gateway, one DHCP option set, one network SEL, and twelve security groups because I created many security groups. So all these things we see right here are basically created by default for us. When we do have a new account, you can just play around, create a new account and see what is going to be there.

So in the end in this section we’re going to create our own everything. But for now it’s good to look at the state of what is already there, just to get a small idea of how things work. So if you click on your VPCs, the first thing you see is that we have a VPC right here that has been created and this is the default VPC. It says here Default VPC. Yes. Now if we look at the IPV, four Cider we see this is this Cider. So we’re interested, we’re intrigued, we want to know what this Cider is. So we’ll go to our website, calculate it and we see the first IP is this one and the last IP is this one.

And we get about 65,000 IPS in this Cider. Okay, so this is pretty good. We have a VPC, it has one IPV, four Cider block and there is no flow logs, there’s no tags. The description seems to say that there is a network STL, a route table, DHCP options, et cetera, et cetera. Okay, so this looks like when we create a VPC we define just a Cider. Now we go to subnets and here we know that we can launch instances into three different availability zones, into three different subnets.

So here they are, we have subnet one, two and three. And these subnets have their own cider as well. So we can see that each subnet, for example, if we take this one, it may be different for you, but if we take this subnet and we calculate this cider, we can see that the first instance IP is 107 231320 and the last one is 107 2314-7255. We get a total host of 4096, but in here we get available IP of 4091. So there’s five IP of differences. We’ll see why in the future lecture. But okay, so it looks like each subnet in there is basically having a cider that is within the VPC cider.

And it looks like all these subnets have a non overlapping cider. Now each of these subnets, we can look at it, it belongs to the VPC we have available and we have no flow logs. We have a root table basically that is in this VPC. And so we’ll have a look at this route table in a second. And then for network sels we get allow all traffic as a network SEL and allow all outbound traffic. So it looks like all traffic is allowed in our VPC under subnet and then we’re good. Now if we look at root tables, it looks like we have a root table. There’s only one of it and it’s the main root table. It belongs to the default VPC. And basically in terms of subnet association, it’s associated, not explicitly, but it’s associated with these three subnets. So look at the roots defined in this route table.

Basically define how our subnets will get access to the internet. And if you look at the Internet, it looks like one of these targets is an internet gateway. So internet gateway is right here and it’s attached to the VPC and there’s not much we can do with it. But it looks like the internet gateway is going to give us internet. So that’s all we need to see right here just to get started. But we look like a default VPC right now. Maybe we don’t understand anything we’ve seen, we don’t understand what is root table, what is internet gateway. And don’t worry, we’ll do this one by one.

But I want you to realize what a default VPC comes with before we go ahead and create our own VPC. A default VPC basically comes with a bunch of these four little menus right here. It comes with a VPC, three subnets, one route table, one internet gateway, and then one network ACL list that allows all inbound and all outbounds. Now we’ll see in details what this means and how this works. But before we go ahead into the next lecture, please have a look at the default VPC. Try playing around, try to see if it means anything to you. And I will see you in the next lecture. To create our own VPC.

Leave a Reply

How It Works

img
Step 1. Choose Exam
on ExamLabs
Download IT Exams Questions & Answers
img
Step 2. Open Exam with
Avanset Exam Simulator
Press here to download VCE Exam Simulator that simulates real exam environment
img
Step 3. Study
& Pass
IT Exams Anywhere, Anytime!