s
Amazon Virtual Private Cloud (Amazon VPC) allows you to provision resources, such as Amazon EC2 instances, into a virtual network. This virtual network is a logically isolated area within the AWS cloud that resembles a traditional network. Think about it as a private data center in the cloud.
The VPC is highly available as it spans all of the Availability Zones in the Region where you launch it. When you create a VPC, you provide a CIDR block that specifies the range of IP addresses for the VPC. For example, 10.0.0.0/16.
A VPC can contain multiple subnets where you can launch AWS resources. Each subnet will reside in one Availability Zone and you can have multiple subnets in the same Availability zone.
You must specify a CIDR block for the subnets from the range of your VPC. For example, 10.0.0.0/24 and 10.0.1.0/24. If you launch an EC2 instance inside the first subnet, it will have an IP address inside the 10.0.0.0/24 range (for example, 10.0.0.42).
The VPC has an implicit router that uses route tables to direct traffic. Each subnet is associated with a route table that controls the routing for that particular subnet. If you don’t associate explicitly a subnet with a particular route table, it will be implicitly associated with the main route table:
Destination | Target |
---|---|
10.0.0.0/16 | local |
Multiple subnets can be associated with the same route table. However, you can only associate a subnet with one route table, except for the default (or main) route table that is automatically generated at the VPC creation.
As we discussed in Traditional Networking, the first IP and the last IP of a CIDR are reserved for Network ID and Broadcast respectively. AWS reserves 5 IPs by default within each subnet:
So, if our subnet is 10.10.1.0/24, the following IPs will be reserved:
In AWS, the maximum size of a CIDR is /16 and the minimum size is /28, which means:
/28 = 1111 1111.1111 1111.1111 1111.1111 0000 = 255.255.255.240
255 - 240 = 15
Because a network starts from .0 (.0 to .15), there are 16 addresses in a /28. However, we need to remove the 5 reserved IPs, therefore it gives us 11 IPs available for use.
That means that if you need more than 11 IPs in your network, you will need to have a bigger CIDR such as /27 or above.
The final architecture of the Lab can be found in Lab Architecture section.