Go to Qiita Advent Calendar 2024 Top
LoginSignup
3
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@xishan

AWS Network Basic Knowledge

Last updated at Posted at 2018-11-22

AWS Basic Network

Note to learn aws network.

AWS

  • Region (Barginia, Oregon, Tokyo...)
  • Availability Zone (Phisically separated, )

IP Address

  • IP Address

    • 8 bit * 4 = 32 bit 0.0.0.0 ~ 255.255.255.255
    • 00000000.00000000.00000000.0000000 ~ 11111111.11111111.11111111.11111111

  • Network part

    • 192.168.1.0 ~ 192.168.1.255 -> Network part: 192.168.1 (24bit), Host part 0, 255(8bit)
    • 192.168.0.0 ~ 192.168.255.255 -> Network part: 192.168(16bit), Host part 0.0, 255.255(16bit)

  • PrivateIP Addresses which is not used in internet

    • 10.0.0.0 ~ 10.255.255.255
    • 172.16.0.0 ~ 172.31.255.255
    • 192.168.0.0 ~ 192.168.255.255

  • CIDR notation (show network part by bit which is called prefix)

    • 192.168.0.0 ~ 192.168.255.255 -> 192.168.0.0/16 [prefix:16bit]
    • 192.168.10.0 ~ 192.168.10.255 -> 192.168.10.0/24 [prefix:24bit]

  • Subnet mask notation (show network part by 1)

    • 192.168.0.0 ~ 192.168.255.255 -> (11111111.11111111.00000000.00000000) -> 192.168.0.0/255.255.0.0
    • 192.168.10.0 ~ 192.168.10.255 -> 192.168.10.0/255.255.255.0

  • Conclusion

    • These three expressions mean the same IP address range.
      • 192.168.0.0 ~ 192.168.255.255
      • 192.168.0.0/16
      • 192.168.0.0/255.255.0.0

  • AWS Specification

    • When create VPC, more than 16 must be configured as prefix.
      • ex) 10.0.0.0/16 -> 10.0.0.0 ~ 10.0.255.255
    • Enable to confirm CIDR range easily here. http://cidr.xyz/

Practice

  • Create VPC

  • Divide VPC into Subnet

    • pre-test-public : 10.0.1.0/24
    • The reason to divide: want to attach another subnet corresponding to the physical area, want to configure other security policy

  • Connect pre-test-public to internet

    • Create an internet gateway
    • Attach VPC to the gateway

  • Configure Route table

    • Route table: Configure the route to where depending on IP address.

    • Target: Who

    • Desitnation: to where

    • Enable to configure route table in each subnet

    • Default Desitination: 10.0.0.0/16, Target: local -> Send local network to CIDR 10.0.0.0/16 -> Cannot go out internet

    • In order to connect internet, need to send packet except for destination 10.0.0.0/16 to internet gateway

      • Create New Route Table
      • Add configuration in route table Destination: 0.0.0.0/0, Target: Internet Gateway
      • Connect route table to public subnet

  • Create EC2 instance in public subnet

    • Network : Choose VPC
    • Subnet : Choose Subnet to put
    • Auto-assign Public IP: Enable
    • Network Interfaces, Primary IP: 10.0.1.10 (Public Subnet CIDR 10.0.1.0/24)
      • Cannot use top and bottom of CIDR block for instance private IP, since 10.0.1.0 means the whole subnet network, 10.0.1.255 means broadcast address( but aws does not support)
    • Skip Storage and tags and security group.

  • Security Group

    • Security: Packet filtering = Firewall
    • Inboud: Who can come in
    • Outbound: Who can go out

  • DNS

    • No pulic DNS on the instance
    • Edit DNS Hostnames on VPC
    • public DNS is attached into instances which have public ip

  • Private Subnet

    • Never connect from internet like Database
    • Enable to make subnet in other availability zone, but low latency
    • Create Subnet : Smae AZ with public subnet, CIDR block is 10.0.2.0/24
    • Unnecessary to configure route table (default is OK, since no need to connect internet)
    • Create EC2 instance as Database in private subnet
      • Network : Choose VPC
      • Subnet : Choose private Subnet to put
      • Auto-assign Public IP: Disable
      • Network Interfaces, Primary IP: 10.0.2.10 (Private Subnet CIDR 10.0.2.0/24)
      • SecurityGroup: Create a new secrutiy group.
        • Add MYSQL with 0.0.0.0/0
        • Add ALL ICMP with 0.0.0.0/0 for ping connection
        • If private IP of public subnet CIDR(10.0.1.0/24), secrutiy becomes more stronger
      • This instance does not have public IP and public DNS

  • NAT

    • Network Address Tanslation
    • Databse server cannot connect internet now. How can we install databse server? -> NAT
    • With NAT, enable to connect to internet from private subnet, but disable to connect to private subnet from internet
    • 2 way to create NAT in AWS, one is NAT instance (Community AMIs), the other is NAT Gateway
    • Create NAT
      • VPC menu -> Create a NAT gateway
      • Choose public subnet
      • Allocate Elastic IP
      • Update Route Table
        • Open Route table for private subnet and add rule Destination: 0.0.0.0/0, Target: NAT Gateway

Trouble Shoot

  • ping
    • ICMP(Internet Control Message Protocal)
    • If server does not open ICMP, ping cannot reach
  • traceroute
    • ICMP
    • Check routing table function
  • telnet
    • Check the port can be reached
    • telnet [target] [port]
  • nslookup, dig
    • Request to solve domain

tools

  • CloudWatch
    • AWS Managed Service
3
2
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
3
2

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?