The Crispy Definition of VPC is Its a Isolated network.vpc has Several Components like NatGateway, InternetGateway, Routers, Elastic IP and Route tables ,Security Group and NACL.Lets see how to Create a vpc and configure its components.
Private IPv4 addresses
RFC1918 name IP address range Classful description
24-bit block 10.0.0.0–10.255.255.255 single class A network
20-bit block 172.16.0.0–172.31.255.255 16 contiguous class B networks
16-bit block 192.168.0.0–192.168.255.255
256 contiguous class C networks
IP addresses reserved by vpc there are 5 IP addresses reserved by vpc
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS DNS Server
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. AWS do not support broadcast in a VPC, therefore its reserve this address.
step1:creating a VPC
Goto AWS console under Networking choose VPC
Fig 1 :VPC Service
click on VPC and Create a VPC with any CIDR Ranges as We Described in above IP Adresses.
IN our Example we are creating a VPC with 10.0.0.0/24 CIDR Range
when we create a VPC its a Large network.we need to Divide it into small portion of Networks called Subnets.
One goal of a subnet is to split a large network into a grouping of smaller, interconnected networks to help minimize traffic.
we are dividing the above VPC Cidr ranges to /25 networks
In the above figure we can see two subnets
Lets create these subnets and we treat these subnets as public and Private subnets
public subnets :
public subnets are good use cases for Webservers.
private subnets are good usecases for Database servers.
An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. Internet gateway allows both inbound and outbound traffic.
Figure :Internet Gateway
Create the internet gateway and attach it to vpc
A route table specifies how packets are forwarded between the subnets within your VPC, the internet, and your VPN connection.
To create a route table
here we are creating a public route table with the name “publicroutetable” in the same way create a private Route table with the name “private routetable”.
Natgateway defines You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.It clearly states that nat gateway allows only outbound connections it means we must be part of the network to acess the internet.
Nat Gateway are good usecases for a data base server. for example we can do patching upadates for a DBserver as we are part of the network we can connect and update the database server.External users cannot directly hit my servers.
The instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet. … A NAT gateway must be created in a VPC with an Internet Gateway. Otherwise, the NAT gateway won’t work.
Editing Routes for public subnet:
Now we need to instruct the publicroute table how the traffic should fallow.in case of public subnet we need to instruct the route that is if the destination is internet 0.0.0.0/0 then target will be internet gateway.It means that anytime if we need to reach the internet both inbound and outbound traffic flows through internet gateway.
Figure : Editing Route table for public subnet
Editing Route table for Private subnet:
Now we need to instruct the public route table how the traffic should fallow.in case of public subnet we need to instruct the route that is if the destination is internet 0.0.0.0/0 then target will be natgateway. in this case external users cannot hit the servers Directly.
Figure Editing Route table for Natgateway
Now we need to Associate the subnets for public route table:
Figure :public subnet Association
Now we need to Associate the subnets for Private Route table
Figure:private subnet Association
Now its time to Launch a server in public Subnet assume that its a data base server so open port 80 at security group
Figure configuring Security Group for public Server
Figure Creating Key pair for instance
Figure :public server.
Figure :public server.
Now the two servers are ready .Assume that public server is a webserver and private server is a database server.
Lets Login to the public Server with its public IP
Here we are using Moboxterm to login if you dont have this tool for login to servers you can Download from below link:
Figure Private Ip of Private server is 10.0.0.171
Figure connecting to Private server to its private IP
In the above image we have Logged to to private server.In our case its private IP is 10.0.0.171
Now Assume that its a database server and we need to access the internet for this database server for patch updates. here as shown in below image
Clearly we can see that we have connected to private server through private IP and we can access the internet .this is where natGateway comes to its Role.
This is how we configure the VPC in Realworld environments .