AWS Network Basic Knowledge

AWS Network Basic Knowledge:


AWS Basic Network

Note to learn aws network.


AWS


IP Address


  • IP Address



    • 8 bit * 4 = 32 bit 0.0.0.0 ~ 255.255.255.255
    • 00000000.00000000.00000000.0000000 ~ 11111111.11111111.11111111.11111111

  • Network part



    • 192.168.1.0 ~ 192.168.1.255 -> Network part: 192.168.1 (24bit), Host part 0, 255(8bit)
    • 192.168.0.0 ~ 192.168.255.255 -> Network part: 192.168(16bit), Host part 0.0, 255.255(16bit)

  • PrivateIP Addresses which is not used in internet



    • 10.0.0.0 ~ 10.255.255.255
    • 172.16.0.0 ~ 172.31.255.255
    • 192.168.0.0 ~ 192.168.255.255

  • CIDR notation (show network part by bit which is called prefix)



    • 192.168.0.0 ~ 192.168.255.255 -> 192.168.0.0/16 [prefix:16bit]
    • 192.168.10.0 ~ 192.168.10.255 -> 192.168.10.0/32 [prefix:32bit]

  • Subnet mask notation (show network part by 1)



    • 192.168.0.0 ~ 192.168.255.255 -> (11111111.11111111.00000000.00000000) -> 192.168.0.0/255.255.0.0
    • 192.168.10.0 ~ 192.168.10.255 -> 192.168.10.0/255.255.255.0

  • Conclusion



    • These three expressions mean the same IP address range.

      • 192.168.0.0 ~ 192.168.255.255
      • 192.168.0.0/16
      • 192.168.0.0/255.255.0.0

  • AWS Specification



    • When create VPC, more than 16 must be configured as prefix.

      • ex) 10.0.0.0/16 -> 10.0.0.0 ~ 10.0.255.255


Practice


  • Create VPC




  • Divide VPC into Subnet



    • pre-test-public : 10.0.1.0/24
    • The reason to divide: want to attach another subnet corresponding to the physical area, want to configure other security policy

  • Connect pre-test-public to internet




  • Configure Route table



    • Route table: Configure the route to where depending on IP address.
    • Target: Who
    • Desitnation: to where
    • Enable to configure route table in each subnet
    • Default Desitination: 10.0.0.0/16, Target: local -> Send local network to CIDR 10.0.0.0/16 -> Cannot go out internet
    • In order to connect internet, need to send packet except for destination 10.0.0.0/16 to internet gateway

      • Create New Route Table
      • Add configuration in route table Destination: 0.0.0.0/0, Target: Internet Gateway
      • Connect route table to public subnet
    • https://docs.aws.amazon.com/ja_jp/vpc/latest/userguide/VPC_Route_Tables.html

  • Create EC2 instance in public subnet



    • Network : Choose VPC
    • Subnet : Choose Subnet to put
    • Auto-assign Public IP: Enable
    • Network Interfaces, Primary IP: 10.0.1.10 (Public Subnet CIDR 10.0.1.0/24)

      • Cannot use top and bottom of CIDR block for instance private IP, since 10.0.1.0 means the whole subnet network, 10.0.1.255 means broadcast address( but aws does not support)
    • Skip Storage and tags and security group.

  • Security Group




  • DNS




  • Private Subnet



    • Never connect from internet like Database
    • Enable to make subnet in other availability zone, but low latency
    • Create Subnet : Smae AZ with public subnet, CIDR block is 10.0.2.0/24
    • Unnecessary to configure route table (default is OK, since no need to connect internet)
    • Create EC2 instance as Database in private subnet

      • Network : Choose VPC
      • Subnet : Choose private Subnet to put
      • Auto-assign Public IP: Disable
      • Network Interfaces, Primary IP: 10.0.2.10 (Private Subnet CIDR 10.0.2.0/24)
      • SecurityGroup: Create a new secrutiy group.
      • Add MYSQL with 0.0.0.0/0
      • Add ALL ICMP with 0.0.0.0/0 for ping connection
      • If private IP of public subnet CIDR(10.0.1.0/24), secrutiy becomes more stronger
      • This instance does not have public IP and public DNS

  • NAT



    • Network Address Tanslation
    • Databse server cannot connect internet now. How can we install databse server? -> NAT
    • With NAT, enable to connect to internet from private subnet, but disable to connect to private subnet from internet
    • 2 way to create NAT in AWS, one is NAT instance (Community AMIs), the other is NAT Gateway
    • Create NAT

      • VPC menu -> Create a NAT gateway
      • Choose public subnet
      • Allocate Elastic IP
      • Update Route Table
      • Open Route table for private subnet and add rule Destination: 0.0.0.0/0, Target: NAT Gateway
    • https://docs.aws.amazon.com/ja_jp/vpc/latest/userguide/vpc-nat.html


Trouble Shoot

  • ping

    • ICMP(Internet Control Message Protocal)
    • If server does not open ICMP, ping cannot reach
  • traceroute

    • ICMP
    • Check routing table function
  • telnet

    • Check the port can be reached
    • telnet [target] [port]
  • nslookup, dig

    • Request to solve domain


tools

  • CloudWatch

    • AWS Managed Service

コメント

このブログの人気の投稿

投稿時間:2021-06-17 22:08:45 RSSフィード2021-06-17 22:00 分まとめ(2089件)

投稿時間:2021-06-20 02:06:12 RSSフィード2021-06-20 02:00 分まとめ(3871件)

投稿時間:2021-06-17 05:05:34 RSSフィード2021-06-17 05:00 分まとめ(1274件)