VPC
(1) Eech subnet associated with one private IP address
(2) Every subnet has Main route table which is by default created, and we can also create the custom route table.
(3) for public subnet the route table should be public and for private subnet route table should be private
(4) There is no route table explicitly associated with any subnet, then main route of that VPC is associated with that subnet.
(5) Nat gateway helps all the internet boud traffic which is getting originated from your private instances to go to internet and it's replay send back to our private instance
========================================================
Security Groups:-
(1) Operates at the instance level (first layer of defence)
(2) Support allow users only
(3) Is statefull: Retrun traffic is automaticly allowed
(4) We evalute all rules before deciding whether to allow traffic
(5) Applies to an instance only someone specifies the security group when launcing the instance, or associates the security group with the instance later on
Network ACL:-
(1) Operates at the subnet level (second layer of defence)
(2) Support allow rules and deny rules
(3) Is statefull: Retrun traffic must be explicitly allowed by rules
(4) We process rules in munber order when deciding whether to allow traffic
(5) Automatically applies to all instances in the subnets it's associates with
(6) In NACL if rules rank is samller then prority is high
Route Tables:-
* when we create any subnet, 5 IP address reserved for internal uses (first four and last one IP address)
* When we created any VPC 1 route table also created by defaults and that is call a main routes table of VPC
* We can also create a custom route table
* Here we have created one public route table and one private route table, public route table associated with public subnet and private route table associated with private subnet
* if there is no route table explicitly associated with subnet then main route table of that VPC will be used for the subnet
* one subnet have only one route table associated with this but one route table associated with multiple subnet
========================================================================
VPC:-
Start = 10.0.0.0/26
start - 10.0.0.0
2 ^ (32-26)= 2 ^ 6 =64
End =10.0.0.63
Now we have a 64 ip address and divide into 4 subnet means every subnet have 16 IP address
* VPC exit in a particular region
First subnet - 10.0.0.0/28
Second Subnet - 10.0.0.16/28
Third Subnet - 10.0.0.32/28
Fourth Sunbet - 10.0.0.48/28
* We have allocate 16 IP address but only available IP are 11
* 5 IP address are kept for internal uses
* In public subnet can use property "Enable auto-assign public ipv4 address" it allocate public ip automaticly
* In VPC we can select edit DNS resolution as "yes"
* In VPC we can slelect edit DNS hostnames as "yes" by this can get private hostname
* When any VPC created one route table created by default and that is called main route table of VPC
* We have created two routetable one public route table and second is private routetable
* public route table associated with public subnet and private route table associated private subnet
* if any route table have not associated with any subnet then main route table would associated to all subnet in that VPC
* One subnet associated with one route table but one route table associated with multiple subnet
* For internet access from public route table internet gateway should attach to VPC and in public route table rule destination should be 0.0.0.0/ and target internet gateway
* We keep Nat gateway in public subnet and also provide an IP to Nat gateway
* Now go to private route table choose destination 0.0.0.0/0 and target Nat gateway
* So if any internet boud traffic generated by private subnet that will send to Nat gateway
* Nat Gateway is salable service, when traffic increased on need worry about this, it manage automatically
* Nat Gateway also take one private IP that's why one privat IP address got reduce from public subnet
(1) Eech subnet associated with one private IP address
(2) Every subnet has Main route table which is by default created, and we can also create the custom route table.
(3) for public subnet the route table should be public and for private subnet route table should be private
(4) There is no route table explicitly associated with any subnet, then main route of that VPC is associated with that subnet.
(5) Nat gateway helps all the internet boud traffic which is getting originated from your private instances to go to internet and it's replay send back to our private instance
========================================================
Security Groups:-
(1) Operates at the instance level (first layer of defence)
(2) Support allow users only
(3) Is statefull: Retrun traffic is automaticly allowed
(4) We evalute all rules before deciding whether to allow traffic
(5) Applies to an instance only someone specifies the security group when launcing the instance, or associates the security group with the instance later on
Network ACL:-
(1) Operates at the subnet level (second layer of defence)
(2) Support allow rules and deny rules
(3) Is statefull: Retrun traffic must be explicitly allowed by rules
(4) We process rules in munber order when deciding whether to allow traffic
(5) Automatically applies to all instances in the subnets it's associates with
(6) In NACL if rules rank is samller then prority is high
Route Tables:-
* when we create any subnet, 5 IP address reserved for internal uses (first four and last one IP address)
* When we created any VPC 1 route table also created by defaults and that is call a main routes table of VPC
* We can also create a custom route table
* Here we have created one public route table and one private route table, public route table associated with public subnet and private route table associated with private subnet
* if there is no route table explicitly associated with subnet then main route table of that VPC will be used for the subnet
* one subnet have only one route table associated with this but one route table associated with multiple subnet
========================================================================
VPC:-
Start = 10.0.0.0/26
start - 10.0.0.0
2 ^ (32-26)= 2 ^ 6 =64
End =10.0.0.63
Now we have a 64 ip address and divide into 4 subnet means every subnet have 16 IP address
* VPC exit in a particular region
First subnet - 10.0.0.0/28
Second Subnet - 10.0.0.16/28
Third Subnet - 10.0.0.32/28
Fourth Sunbet - 10.0.0.48/28
* We have allocate 16 IP address but only available IP are 11
* 5 IP address are kept for internal uses
* In public subnet can use property "Enable auto-assign public ipv4 address" it allocate public ip automaticly
* In VPC we can select edit DNS resolution as "yes"
* In VPC we can slelect edit DNS hostnames as "yes" by this can get private hostname
* When any VPC created one route table created by default and that is called main route table of VPC
* We have created two routetable one public route table and second is private routetable
* public route table associated with public subnet and private route table associated private subnet
* if any route table have not associated with any subnet then main route table would associated to all subnet in that VPC
* One subnet associated with one route table but one route table associated with multiple subnet
* For internet access from public route table internet gateway should attach to VPC and in public route table rule destination should be 0.0.0.0/ and target internet gateway
* We keep Nat gateway in public subnet and also provide an IP to Nat gateway
* Now go to private route table choose destination 0.0.0.0/0 and target Nat gateway
* So if any internet boud traffic generated by private subnet that will send to Nat gateway
* Nat Gateway is salable service, when traffic increased on need worry about this, it manage automatically
* Nat Gateway also take one private IP that's why one privat IP address got reduce from public subnet
0 coment�rios:
Note: only a member of this blog may post a comment.