====== VPC ===== => VPC stands for Virtual Private Cloud. => VPC provides Virtual Network Environment for the AWS cloud resources. => A VPC allows users to create and manage their own isolated virtual networks within the cloud. => VPC provides flexible and secured network environment to manage our resources in AWS cloud. ================ VPC Terminology ================ 1) Isolated network 2) CIDR blocks 3) Subnets 4) Route Tables 5) Internet Gateway 6) NAT Gateway 7) VPC Peering 8) Security Groups 9) NACL =============== Types of IP's =============== 1) IPv4 2) IPv6 ========= IPV4 ========= => It represents 32 bit numeric IP address. => It contains 4 octets seperated by period (.) Ex : 172.168.98.101 Note: Each octet can contain upto 8 bits => It is most widely used IP version in the market. => It supports approximatley 4.3 billion devices =========== IPV6 =========== => It represents 128-bit alpha numeric values address. => It contains 8 octets seperated by colon (:) Ex: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 Note: Each octet can contain upto 16 bits => IPv6 provides a significantly larger address space than IPv4 => It supports approximately 340 undecillion unique addresses Note: IPv6 introduced to overcome the IPv4 address exhaustion issue and support the growing number of internet-connected devices. ============ VPC Sizing ============ => The process of deciding no.of IPs required for VPC and no.of IPs required for Subnets is called as VPC Sizing. -> VPC Sizing will be calculated in 2 power -> CIDR defines IP address range for our VPC (ex: /16, /24 etc...) CIDR = Classless Inter-Domain Routing ### Note: AWS allows VPC CIDR blocks between /16 and /28 ### 10.0.0.0/16 => 2 power (32-16) => 2 power 16 => 65, 536 10.0.0.0/32 => 2 power (32-32) => 2 power 0 => 1 10.0.0.0/31 => 2 power (32-31) => 2 power 1 => 2 10.0.0.0/30 => 2 power (32-30) => 2 power 2 => 4 10.0.0.0/29 => 2 power (32-29) => 2 power 3 => 8 10.0.0.0/24 => 2 power (32-24) => 2 power 8 => 256 Note: For VPC we will use /16 and for subnet we will use /24 as CIDR range. ================ What is Subnet ================ => VPC is a big network => A VPC is divided into mulitple smaller networks called as Subnets. => We can create 2 types of subnets Public Subnet : Connected to the internet via an Internet Gateway. Private Subnet : No direct internet access, used for internal resources. ====================== What is Route Table ======================= => It defines how traffic is routed with in VPC => Each Subnet is associated with a Route Table. ================================ What is Internet Gateway (IGW) ================================ => It is used to allow the resources to connect with Internet. => For Every VPC one Internet Gateway is required. Note: If we attach IGW to Subnet then that is called as Public Subnet. ================================ What is NAT Gateway (NGW) ================================ => NAT Gateway enables outbound internet access for private subnets. Ex : NATGateway we should create in public subnet and we will attach that to private subnet. ============== VPC Lab Task ============== ## Step-1) Create VPC (Name : ashokit-vpc) Use VPC CIDR as : 10.0.0.0/16 Note : It will create one Route Table by default. Rename it as "ashokit-private-rt" ## Step-2) Create Internet Gateway and Attach to our ashokit-VPC ## Step-3) Create 2 Subnets (Public and Private Subnets) public Subnet CIDR : 10.0.0.0/24 (256 ips) private Subnet CIDR : 10.0.1.0/24 (256 ips) ## Step-4) Create one new Route Table (Name it as public Route Table) ## Step-5) Peform Route Tables Association with Subnets => public-rt => associate with public-subnet => private-rt => associate with private-subnet ## Step-6) Attach IGW to Public Route Table in Routes, so that subnet will become public-sn (internet will be available). ## Step-7) Create One EC2 VM in public subnet and another EC2 vm in private subnet. ## Step-8) Test connectivity of both vms using SSH client. =========================================================================================== Step - 9 : Connect with 'private-sn ec2 vm' from 'public-sn ec2 vm' using 'ssh' connection =========================================================================================== Note: As both Ec2 instances are available under same VPC, we should be able to access one machine from another machine. Step-1 : Upload pem file into public-sn ec2 vm Step-2 : Give read permission for pem file $ chmod 400 Step-3 : Make SSH connection to private subnet vm using below ssh command $ ssh -i ec2-user@private-ip Note: It should establish connection (this is internal connection) ======================= NAT Gateway Lab Task ======================= 1) Create NAT gateway in public subnet 2) Add NAT gateway in 'private-subnet-routute-table' 3) After NAT Gateway attached, we should be able to ping google from 'private-sn ec2' also Note: Delete Elastic IP and NAT Gateway after practise