Configuring VPC Components in AWS

VPC:

The Crispy Definition of VPC is Its a Isolated network.vpc has Several Components like NatGateway, InternetGateway, Routers, Elastic IP and Route tables ,Security Group and NACL.Lets see how to Create a vpc and configure its components.

Private IPv4 addresses
RFC1918 name IP address range Classful description
24-bit block 10.0.0.0–10.255.255.255 single class A network
20-bit block 172.16.0.0–172.31.255.255 16 contiguous class B networks
16-bit block 192.168.0.0–192.168.255.255
256 contiguous class C networks

IP addresses reserved by vpc
there are 5 IP addresses reserved by vpc

10.0.0.0: Network address.

10.0.0.1: Reserved by AWS for the VPC router.

10.0.0.2: Reserved by AWS DNS Server

10.0.0.3: Reserved by AWS for future use.

10.0.0.255: Network broadcast address. AWS do not support broadcast in a VPC, therefore its reserve this address.

step1:creating a VPC

Goto AWS console under Networking choose VPC

Fig 1 :VPC Service

click on VPC and Create a VPC with any CIDR Ranges as We Described in above IP Adresses.

IN our Example we are creating a VPC with 10.0.0.0/24 CIDR Range

Step2:

Creating Subnets

when we create a VPC its a Large network.we need to Divide it into small portion of Networks called Subnets.

One goal of a subnet is to split a large network into a grouping of smaller, interconnected networks to help minimize traffic.

we are dividing the above VPC Cidr ranges to /25 networks

Fig Subnets

In the above figure we can see two subnets

Lets create these subnets and we treat these subnets as public and Private subnets

public subnets :

public subnets are good use cases for Webservers.

Figure : Creating a public subnet.

Private subnets

private subnets are good usecases for Database servers.

Figure Private subnet

Internet Gateway

An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet. Internet gateway allows both inbound and outbound traffic.

Figure :Internet Gateway

Create the internet gateway and attach it to vpc

Route Table

A route table specifies how packets are forwarded between the subnets within your VPC, the internet, and your VPN connection.

To create a route table

here we are creating a public route table with the name “publicroutetable” in the same way create a private Route table with the name “private routetable”.

Natgateway:

Natgateway defines You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.It clearly states that nat gateway allows only outbound connections it means we must be part of the network to acess the internet.

Nat Gateway are good usecases for a data base server. for example we can do patching upadates for a DBserver as we are part of the network we can connect and update the database server.External users cannot directly hit my servers.

The instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet. … A NAT gateway must be created in a VPC with an Internet Gateway. Otherwise, the NAT gateway won’t work.

Editing Routes for public subnet:

Now we need to instruct the publicroute table how the traffic should fallow.in case of public subnet we need to instruct the route that is if the destination is internet 0.0.0.0/0 then target will be internet gateway.It means that anytime if we need to reach the internet both inbound and outbound traffic flows through internet gateway.

Figure Editing Route table for public subnet

Editing Route table for Private subnet:

Now we need to instruct the public route table how the traffic should fallow.in case of public subnet we need to instruct the route that is if the destination is internet 0.0.0.0/0 then target will be natgateway. in this case external users cannot hit the servers Directly.

Figure Editing Route table for Natgateway

Now we need to Associate the subnets for public route table:

Figure :public subnet Association

Now we need to Associate the subnets for Private Route table

Figure:private subnet Association

Now its time to Launch a server in public Subnet assume that its a data base server so open port 80 at security group

Figure configuring Security Group for public Server

Figure Creating Key pair for instance

Figure :public server.

Figure Private server

Figure Private Server

Now the two servers are ready .Assume that public server is a webserver and private server is a database server.

Lets Login to the public Server with its public IP

Here we are using Moboxterm to login if you dont have this tool for login to servers you can Download from below link:

MobaXterm free Xserver and tabbed SSH client for Windows

Figure change the permissions for Pem File

Now Lets connect the private server using its private ip .

Figure Private Ip of Private server is 10.0.0.171

Figure connecting to Private server to its private IP

In the above image we have Logged to to private server.In our case its private IP is 10.0.0.171

Now Assume that its a database server and we need to access the internet for this database server for patch updates. here as shown in below image

Clearly we can see that we have connected to private server through private IP and we can access the internet .this is where natGateway comes to its Role.

This is how we configure the VPC in Realworld environments .