2. Agenda
• Datacenter – Physical DC and concepts
• IP – Division & classification
• VPC & Subnets
• AWS Basic Architecture
• Route table
• Internet Gateway
• NAT instance & Nat Gateways
• Security Groups & Network ACLs
3. Datacenter
Team’s Contribution
• Place where we have many Storage, compute and network devices.
• Inter-connected with each other through high speed network connections
• Are available on public or private network
• It generally includes redundantor backup power supplies, redundant data communications
connections, environmental controls (e.g. air conditioning, fire suppression) and various
security devices. A large data center is an industrial-scale operation using as much electricity
as a small town.
4. IP address
An Internet Protocol address (IP address) is a numerical label assigned to each device connected to
a computer network that uses the Internet Protocol for communication.
Private and Public IP address
Your public IP address is the IP address that is logged by various servers/devices when you connect
to them through your internet connection
A private IP address is an IP address that's reserved for internal use behind a router or other
Network Address Translation (NAT) device, apart from the public.
5. A subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network
into two or more networks is called subnetting.
Number of hosts and networks can be identified/calculated as per subnet mask.
6. Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC) is a commercial cloud computing service that provides users
a virtual private cloud, by provision a logically isolated section of Amazon Web Services (AWS) Cloud
• Composed of large IP range
• 5 VPC in one region of AWS
• Contains subnets
Subnets
Subnets in VPCs are further division of network, which are created in specific availability zone of a
region.
Public Subnets – Subnet in which Instances are provided by Elastic IP(by default) can be overridden.
7. AWS Basic Architecture
All outgoing request from public subnet
Instance checks route table and as per that
Request is sent to Internet gateway.
All outgoing request from private subnet
Instance checks route table and as per that
Request is sent to NAT instance or NAT
gateway, which further send the request to
Internet Gateway.
NOTE:
For incoming requests, we need to have
proxy server or Load balancer or Web
Server for Private Subnet. NAT don’t have
any role in incoming Requests.
8. Route Table
A route table contains a set of rules, called routes, that are used to determine where network traffic
is directed.
Each subnet in your VPC must be associated with a route table; the table controls the routing for
the subnet. A subnet can only be associated with one route table at a time, but you can associate
multiple subnets with the same route table.
Internet Gateway
An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that
allows communication between instances in your VPC and the Internet. It therefore imposes no
availability risks or bandwidth constraints on your network traffic.
An Internet gateway serves two purposes: to provide a target in your VPC route tables for Internet-
routable traffic, and to perform network address translation (NAT) for instances that have been
assigned public IPv4 addresses.
9. NAT Instance & Nat Gateways
You can use a network address translation (NAT) to enable instances in a private subnet to connect
to the internet or other AWS services, but prevent the internet from initiating a connection with
those instances.
NAT instance is an instance with NAT configured and NAT gateway is a service provided by AWS
10.
11. Security Group
A security group acts as a virtual firewall that controls the traffic for one or more instances. When
you launch an instance, you associate one or more security groups with the instance.
You can modify the rules for a security group at any time; the new rules are automatically applied to
all instances that are associated with the security group. When we decide whether to allow traffic
to reach an instance, we evaluate all the rules from all the security groups that are associated with
the instance.
A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall
for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules
similar to your security groups in order to add an additional layer of security to your VPC.
Network ACL