An IP address is divided into a network part leftmost bits and a host part remaining bits after the network part. Originally, IP addresses were assigned to organizations and ISP networks in bulk and according to the following 3 classes: Class A IP range: First 8 bits are the network part and remaining 24 bits are the host part allowing more than 16 million hosts. Class B IP range: First 16 bits are the network part and remaining 16 bits are the host part allowing 65, IP for hosts. Class C IP range: First 24 bits are the network part and remaining 8 bits are the host part allowing IP for hosts.

Author:Nikodal Nilkis
Language:English (Spanish)
Published (Last):21 June 2009
PDF File Size:13.34 Mb
ePub File Size:14.19 Mb
Price:Free* [*Free Regsitration Required]

You can launch AWS resources into a specified subnet. Traffic between your VPC and the service does not leave the Amazon network. You cannot increase or decrease the size of an existing CIDR block. Subnet Routing Each subnet must be associated with a route table, which specifies the allowed routes for outbound traffic leaving the subnet.

Every subnet that you create is automatically associated with the main route table for the VPC. You can change the association, and you can change the contents of the main route table. To initiate outbound-only communication to the internet over IPv6, you can use an egress-only internet gateway.

Subnet Security Security Groups — control inbound and outbound traffic for your instances You can associate one or more up to five security groups to an instance in your VPC. When you create a security group, it has no inbound rules. By default, it includes an outbound rule that allows all outbound traffic.

Security groups are associated with network interfaces. If none is associated, automatically associated with the default network ACL. You can associate a network ACL with multiple subnets; however, a subnet can be associated with only one network ACL at a time. A network ACL contains a numbered list of rules that is evaluated in order, starting with the lowest numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL.

The default network ACL is configured to allow all traffic to flow in and out of the subnets to which it is associated. VPC Flow Logs can be sent directly to an Amazon S3 bucket which allows you to retrieve and analyze these logs yourself.

Flow logs do not capture IP traffic to or from these addresses. Route Tables contains a set of rules, called routes, that are used to determine where network traffic is directed. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table.

You must update the route table for any subnet that uses gateways or connections. Uses the most specific route in your route table that matches the traffic to determine how to route the traffic longest prefix match.

Imposes no availability risks or bandwidth constraints on your network traffic. Provides a target in your VPC route tables for internet-routable traffic, and performs network address translation for instances that have been assigned public IPv4 addresses.

The following table provides an overview of whether your VPC automatically comes with the components required for internet access over IPv4 or IPv6. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance Default VPC Internet gateway Yes Yes, if you created the VPC using the first or second option in the VPC wizard.

Otherwise, you must manually create and attach the internet gateway. Route table with route to internet gateway for IPv4 traffic 0. Otherwise, you must manually create the route table and add the route. Public IPv4 address automatically assigned to instance launched into subnet Yes default subnet IPv6 address automatically assigned to instance launched into subnet No default subnet No non-default subnet Egress-Only Internet Gateways VPC component that allows outbound communication over IPv6 from instances in your VPC to the Internet, and prevents the Internet from initiating an IPv6 connection with your instances.

An egress-only Internet gateway is stateful. You cannot associate a security group with an egress-only Internet gateway. You can use a network ACL to control the traffic to and from the subnet for which the egress-only Internet gateway routes traffic.

NAT Enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating connections with the instances. Each NAT gateway is created in a specific Availability Zone and implemented with redundancy in that zone. You cannot associate a security group with a NAT gateway. A NAT gateway can support up to 55, simultaneous connections to each unique destination. If you use custom DNS domain names defined in a private hosted zone in Route 53, the enableDnsHostnames and enableDnsSupport attributes must be set to true.

Instances in either VPC can communicate with each other as if they are within the same network. You can mask the failure of an instance by rapidly remapping the address to another instance in your VPC. Endpoints are virtual devices. Two Types Interface Endpoints An elastic network interface with a private IP address that serves as an entry point for traffic destined to a supported service.

For each interface endpoint, you can choose only one subnet per Availability Zone. Endpoints are supported within the same region only.

Interface endpoints do not support the use of endpoint policies. Gateway Endpoints A gateway that is a target for a specified route in your route table, used for traffic destined to a supported AWS service.

You can create multiple endpoints in a single VPC, for example, to multiple services. You can also create multiple endpoints for a single service, and use different route tables to enforce different access policies from different subnets to the same service. You cannot create an endpoint between a VPC and a service in a different region. Endpoints support IPv4 traffic only.

You are the service provider, and the AWS principals that create connections to your service are service consumers.

You configure your customer gateway on the remote side of the VPN connection. AWS does not provide or maintain third party software VPN appliances; however, you can choose from a range of products provided by partners and open source communities. If your device does not support BGP, specify static routing. VPG uses path selection to determine how to route traffic to your remote network.

Longest prefix match applies. Each VPN connection has two tunnels, with each tunnel using a unique virtual private gateway public IP address. It is important to configure both tunnels for redundancy.

Charges for unused or inactive Elastic IPs.


Subnet Cheat Sheet

Subnetting Mask Cheat Sheet In this Subnetting cheat sheet page, you can view all you need about subnetting! You can view CIDR values that is the equivalent valueof your subnet mask, address numbers that can be used with this subnet mask and wildcard masks. The decimal to binary table will also help you for your Subnet Calculations. Subnetting is one of the most important and confusing lesson of computer networking.


Classless InterDomain Routing (CIDR) Cheat Sheet – Guide & PDF Download



Subnet Mask Cheat Sheet



Subnetting Cheat Sheet


Related Articles