官术网_书友最值得收藏!

Public, elastic, and private IPs

When we use IPv4 networks and have created some resources in a VPC subnet, we will need to make them available on the internet. As we've already mentioned, we can attach an IGW to the subnet and make it public. Once we have spun up some instances in the subnet, we can either attach a public IP address or an Elastic IP address.

Public IPs are sourced from one or more AWS-controlled public IP address pools and are attached to the instance randomly whenever an instance is started. When an instance using a public IP address fails and is recreated or shut down and restarted, it will not maintain the same public IP address.

This is probably the biggest advantage of Elastic IPs. An Elastic IP address is associated with your account and is persistent. This means that you have the ability to assign the Elastic IP to your instance to retain the address when it is shut down and restarted, or you can attach the same Elastic IP the failed instance was using to an instance that was recreated.

A public or Elastic IP attachment means that a virtual 1:1 DNAT connection between the public or Elastic IP is established with the instance's private IP. When the user inspects the IP address within the instance with operating system tools, they will not be seeing the public or Elastic IP. However, we do have an option to see the public or Elastic IP address from the instance itself by looking at the instance metadata. The instance metadata is available on an APIPA address of 169.254.169.254. We can see the contents of the metadata by browsing or issuing a command to inspect the address and retrieve information about our instance that would normally be invisible in the operating system. For example, when searching for the public IP, we can browse to the following URL: http://169.254.169.254/latest/meta-data/public-ipv4.

The following diagram represents a fully redundant VPC deployment with two private subnets and two public subnets. The following numbers correspond to what is labelled in the diagram:

  1. The VPC is deployed within an AWS region.
  2. The VPC network address range is designated as 10.0.0.0/20.
  3. Two public subnets are created with IP ranges 10.0.1.0/24 and 10.0.2.0/24.
  4. Two private subnets are created with IP ranges 10.0.3.0/24 and 10.0.4.0/24.
  5. All traffic between any subnets in the VPC is allowed by default as the local route points to the VPC address range of 10.0.0.0/20. Any additional subnets that are created in this network will also be accessible to all subnets.
  1. The public subnets have a connection to the internet gateway.
  2. Any EC2 instances with public or Elastic IPs assigned are accessible on the public subnet.
  3. Any private EC2 instances in the private subnet can reach the NAT gateway.
  4. The NAT gateway needs to be deployed in a public subnet and will NAT all the traffic from the EC2 instances in the public subnet in the outbound direction to the internet.
  5. The NAT gateway has an Elastic IP assigned, and any traffic being sent to the internet through the NAT gateway will always be seen as originating from this EIP:
主站蜘蛛池模板: 千阳县| 东宁县| 阿合奇县| 建宁县| 都江堰市| 镶黄旗| 新丰县| 永春县| 慈溪市| 垦利县| 西贡区| 大关县| 恩施市| 梧州市| 玉山县| 安阳市| 五台县| 胶州市| 泰兴市| 楚雄市| 桂林市| 黄大仙区| 桑植县| 天门市| 金山区| 广昌县| 尉氏县| 永善县| 泽库县| 高碑店市| 肥乡县| 香河县| 渭源县| 蓝田县| 漳州市| 屏边| 肥乡县| 贵阳市| 张家港市| 尼勒克县| 江津市|