AWS Networking Basics - IPv4, CIDR and VPC

Introduction to IP address and Networking

AWS provides 3 types of IP addresses:

Private IP
Public IP
Elastic IP.

Private IP addresses are used for internal communications within the VPC.
Public and Elastic IPs allow for establishing communication with the internet.
Differentiates these two ip if both provide access to the internet.

A Public IP address associated with an instance is not static and is lost when the instance is stopped and new public ip is allocated when instance is started again.
An Elastic IP address is a static public address associated with your AWS account. This IP address is not lost when the instance with which it is associated is stopped and it remains allocated to your AWS account until you release it. The main advantage of using Elastic IPs is that they can be moved or re-associated between instances and Elastic Network Adapters (ENAs).

Things to remember when using Elastic IP addresses.

Release unused Elastic IP addresses

AWS charges an hourly fee for Elastic IP that is not associated with any instance, or that is associated with a stopped instance.

If you do not require the Elastic IP anymore, you must release the Elastic IP back to AWS.
Additional Elastic IPs are chargeable

Elastic IP addresses are not completely free of cost. An Elastic IP address associated with a running instance does not incur any charges, but if you want to associate more than one Elastic IP with that instance, then you will be charged for the additional Elastic IP addresses.
Regional vs Global

When allocating an Elastic IP address, make sure that it is allocated in the same region in which you are running the instance as Elastic IPs are regional.
Disassociate or Reassociate Elastic IP

Elastic IPs can be easily disassociated from one resource and reassociated with another resource.

IPv4 Overview

An IPv4 address contains 32-bits. It is represented in dotted decimal notation. Computers read this information in binary form.
Converting a dotted decimal IP address to a binary is simple. Given that there are 4 numbers, each decimal number is represented in binary as an octet. The high-order bits in binary are always the leftmost ones.

Binary	1	1	1	1	1	1	1	1
Powers of 2	2⁷	2⁶	2⁵	2⁴	2³	2²	2¹	2⁰
Decimal	128	64	32	16	8	4	2	1

The largest single value of an IP address in decimal is 255. This is the sum of all the bits added together, i.e. 2⁷ + 2⁶ + 2⁵ + 2⁴ + 2³ + 2² + 2¹ + 2⁰ = 255

When all of the bits are turned off, the number is 0. hence the range of an IP address is 0 - 255, a total of 256 values.

The following ex of how the IP address 68.125.16.250 would be converted and represented in binary form.

	Decimal	Broken Down	Binary Addition	Binary
First Octet	68	64 + 4	2⁶ + 2²	01000100
Second Octet	125	64 + 32 + 16 + 8 + 4 + 1	2⁶ + 2⁵ + 2⁴ + 2³ + 2² + 2⁰	01111101
Third Octet	16	16	2⁴	00010000
Fourth Octet	250	128 + 64 + 32 + 16 + 8 + 2	2⁷ + 2⁶ + 2⁵ + 2⁴ + 2³ + 2¹	11111010

The result in binary form will look like 01000100011111010001000011111010.

What is CIDR (Classless Inter-Domain Routing)

There are 2 types of networks known as classful and classless. Initially the most widely used network by the Internet community was classful networks.
It is named because three address classes: A, B, and C was defined with assignable IP address space.
But, A new method to identify networks and allocate IP addresses was needed to support the continued growth of the Internet. The new method is named classless because it does away with the idea of classes altogether. It is commonly known as Classless Inter-Domain Routing (CIDR). It is much more flexible than classful networks and is what the Internet uses today.

There are 5 types of Ip class range

Class name	Range	Number of Hosts per Network
Class A	0-126	16,777,214
Class B	128-191	65,534
Class C	192-223	254
Class D	224-239
Class E	240-255

But we use only 3 classes: Class A, B, and C.
We don’t use Class D and E because Class D is for Multicasting and Class E is Reserved
127.0.0.1 – It is a reserved loopback IP address.

According to your server (i.e. no. of the host) requirement, you can select the ip range of that class.

The Internet Assigned Numbers Authority (IANA) has assigned several address ranges to be used by private networks.

Address ranges to be used by private networks are:

Class A: 10.0.0.0 to 10.255.255.255
Class B: 172.16.0.0 to 172.31.255.255
Class C: 192.168.0.0 to 192.168.255.255

An IP address within these ranges is considered non-routable, as it is not unique. Any private network that needs to use IP addresses internally can use any address within these ranges without any coordination with IANA or an Internet registry. Addresses within this private address space are only unique within a given private network. All addresses outside these ranges are considered public.

CIDR is a method of assigning IP addresses that improves the efficiency of address distribution and replaces the previous system based on Class A, Class B, and Class C networks.

Classless Networks

Now, forget classes A, B, and C. Classless networks don't use it at all, hence the name. Instead, CIDR networks are identified with a trailing "/" slash and a number that indicates how many bits are used to identify the network portion of the address.

Like a class C address in classful networking, a /24 would indicate that 24 bits are used to identify the network and the remaining 8-bits are used to identify the host.

CIDR Available Hosts (Supernetting)

The formula to calculate the number of assignable IP addresses to CIDR networks is similar to classful networking.
Subtract the number of network bits from 32. Raise 2 to that power and subtract 2 for the network and broadcast addresses.

For example, a /24 network has 2^32-24 - 2 addresses available for host assignment.

CIDR Notation	Host Formula	Available Hosts
/8	2^32-8 - 2	16,777,214
/9	2^32-9 - 2	8,388,606
/10	2^32-10 - 2	4,194,302
/11	2^32-11 - 2	2,097,150
/12	2^32-12 - 2	1,048,574
/13	2^32-13 - 2	524,286
/14	2^32-14 - 2	262,142
/15	2^32-15 - 2	131,070
/16	2^32-16 - 2	65,534
/17	2^32-17 - 2	32,766
/18	2^32-18 - 2	16,382
/19	2^32-19 - 2	8,190
/20	2^32-20 - 2	4,094
/21	2^32-21 - 2	2,046
/22	2^32-22 - 2	1,022
/23	2^32-23 - 2	510
/24	2^32-24 - 2	254
/25	2^32-25 - 2	126
/26	2^32-26 - 2	62
/27	2^32-27 - 2	30
/28	2^32-28 - 2	14
/29	2^32-29 - 2	6
/30	2^32-30 - 2	2

As the above table indicates, two /29 networks equals a /28 network (/29 + /29 = /28). Two /28 networks equals a /27 network. Two /27 networks equals a /26 network. And so on.
The notion of combining two smaller networks into a larger one is another benefit of classless networks named supernetting.

In order to create a supernet the smaller networks must be contiguous. For example, 192.0.2.240/29 and 192.0.2.248/29 can form a supernet 192.0.2.240/28, but 192.0.2.240/29 and 192.0.2.8/29 could not.

CIDR Available Networks (subnetting)

Q. How many /21 networks can fit into a /17 network?

Subtract the network bits from 32.
/17 = 32-17 and /21 = 32-21
Raise 2 to that power.
2^32-17 and 2^32-21
Divide the larger network by the smaller one.
2^32-17 / 2^32-21 = 2¹⁵ / 2¹¹ = 2^15-11 = 2⁴ = 16

As the example shows, a /17 network could be divided into sixteen /21 networks.

CIDR Subnet Mask

The process to determine the subnet mask for a CIDR address is simple. The number of bits in the network portion of the address are converted to 1s and right-padded with 0s until there are 32 numbers. The sequence of numbers is then divided into 4 octets. From then, it is a matter of converting the 4 octets from binary to decimal.

CIDR Notation	Convert to 1s and Right Pad	Subnet Mask
/8	11111111.00000000.00000000.00000000	255.0.0.0
/9	11111111.10000000.00000000.00000000	255.128.0.0
/10	11111111.11000000.00000000.00000000	255.192.0.0
/11	11111111.11100000.00000000.00000000	255.224.0.0
/12	11111111.11110000.00000000.00000000	255.240.0.0
/13	11111111.11111000.00000000.00000000	255.248.0.0
/14	11111111.11111100.00000000.00000000	255.252.0.0
/15	11111111.11111110.00000000.00000000	255.254.0.0
/16	11111111.11111111.00000000.00000000	255.255.0.0
/17	11111111.11111111.10000000.00000000	255.255.128.0
/18	11111111.11111111.11000000.00000000	255.255.192.0
/19	11111111.11111111.11100000.00000000	255.255.224.0
/20	11111111.11111111.11110000.00000000	255.255.240.0
/21	11111111.11111111.11111000.00000000	255.255.248.0
/22	11111111.11111111.11111100.00000000	255.255.252.0
/23	11111111.11111111.11111110.00000000	255.255.254.0
/24	11111111.11111111.11111111.00000000	255.255.255.0
/25	11111111.11111111.11111111.10000000	255.255.255.128
/26	11111111.11111111.11111111.11000000	255.255.255.192
/27	11111111.11111111.11111111.11100000	255.255.255.224
/28	11111111.11111111.11111111.11110000	255.255.255.240
/29	11111111.11111111.11111111.11111000	255.255.255.248
/30	11111111.11111111.11111111.11111100	255.255.255.252

The first four IP addresses and the last IP address (total 5) in each subnet CIDR block are not available for use, and they cannot be assigned to a resource, such as an EC2 instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved:

10.0.0.0: Network address. – 1st
10.0.0.1: Reserved by AWS for the VPC router. -2nd
10.0.0.2: Reserved by AWS.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. As AWS do not support broadcast in a VPC - last

Total usable:
ex: 10.0.0.0/24 = 32 – 24 = 8 => 2^8 = 256 => 256-5 (mentioned above) = 251 (Usable)

/24 or /16 means those bits are occupied by the network. In the below ex: 10.100.0.0/16 means 10.100 will be fixed and given to the network. The host assigned will be for the last 2 digits. Starting from 10.100.0.1 to 10.100.255.25

Introduction to Virtual Private Cloud (VPC)

Definition:
AWS VPC enables you to launch AWS resources into a virtual network that you have defined. This Virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infra of aws.

Components of VPC

VPC:

It is one private address space like your company’s private network

In that network, you would have lot of host machines that have IP addresses.
Subnet:

As VPC is a big address space, we can divide this address space into smaller ones called Subnets.

Subnets and AZ has 1:1 mapping which means 1 subnet should be associated with 1 az only.

1 subnet can not be in 2 az at the same time. We can create multiple subnets in 1 az
Route Table:

Every vpc has a Route Table that takes the routing decisions that how the traffic should come inside vpc and go out of vpc.

We’d have a lot of rules in rt which decide whether your machines are accessible over the internet or they are private.
Firewalls:

In any vpc, you could have 2 levels of firewalls:
- Firewall which works at the EC2 level called Security Group
- Firewall which works at the Subnet level called NACL (Network access control list)
Internet gateway - IGW:

This allows internet connections to your PC.
Virtual private gateway - VGW:

Allows private connection between Amazon’s network and your on-premises data center network.

Why it is used: Suppose you want your vpc very secure where you don’t want to open any connection over the internet i.e. you don’t want to put IGW but still you want to use applications that are hosted inside vpc over private IP addresses, in that case, you can connect these 2 networks using VPN Connection.

In that case, you need a gateway at amazon’s side called a virtual private gateway and then you can form a vpn tunnel between these 2 networks.

So that the machines inside vpc can access machines inside data centers

Understand VPC with the help of an example:

Let’s say there is a Society. We can call it as a VPC
We have 2 Wings in that Society (Wing-A and B) – Subnet
There will be a gate required to enter and exit the people from the building. – Internet gateway
To go to the gate the path/route will be required. – Router and Route table