官术网_书友最值得收藏!

Public, elastic, and private IPs

When we use IPv4 networks and have created some resources in a VPC subnet, we will need to make them available on the internet. As we've already mentioned, we can attach an IGW to the subnet and make it public. Once we have spun up some instances in the subnet, we can either attach a public IP address or an Elastic IP address.

Public IPs are sourced from one or more AWS-controlled public IP address pools and are attached to the instance randomly whenever an instance is started. When an instance using a public IP address fails and is recreated or shut down and restarted, it will not maintain the same public IP address.

This is probably the biggest advantage of Elastic IPs. An Elastic IP address is associated with your account and is persistent. This means that you have the ability to assign the Elastic IP to your instance to retain the address when it is shut down and restarted, or you can attach the same Elastic IP the failed instance was using to an instance that was recreated.

A public or Elastic IP attachment means that a virtual 1:1 DNAT connection between the public or Elastic IP is established with the instance's private IP. When the user inspects the IP address within the instance with operating system tools, they will not be seeing the public or Elastic IP. However, we do have an option to see the public or Elastic IP address from the instance itself by looking at the instance metadata. The instance metadata is available on an APIPA address of 169.254.169.254. We can see the contents of the metadata by browsing or issuing a command to inspect the address and retrieve information about our instance that would normally be invisible in the operating system. For example, when searching for the public IP, we can browse to the following URL: http://169.254.169.254/latest/meta-data/public-ipv4.

The following diagram represents a fully redundant VPC deployment with two private subnets and two public subnets. The following numbers correspond to what is labelled in the diagram:

  1. The VPC is deployed within an AWS region.
  2. The VPC network address range is designated as 10.0.0.0/20.
  3. Two public subnets are created with IP ranges 10.0.1.0/24 and 10.0.2.0/24.
  4. Two private subnets are created with IP ranges 10.0.3.0/24 and 10.0.4.0/24.
  5. All traffic between any subnets in the VPC is allowed by default as the local route points to the VPC address range of 10.0.0.0/20. Any additional subnets that are created in this network will also be accessible to all subnets.
  1. The public subnets have a connection to the internet gateway.
  2. Any EC2 instances with public or Elastic IPs assigned are accessible on the public subnet.
  3. Any private EC2 instances in the private subnet can reach the NAT gateway.
  4. The NAT gateway needs to be deployed in a public subnet and will NAT all the traffic from the EC2 instances in the public subnet in the outbound direction to the internet.
  5. The NAT gateway has an Elastic IP assigned, and any traffic being sent to the internet through the NAT gateway will always be seen as originating from this EIP:
主站蜘蛛池模板: 库尔勒市| 九龙坡区| 高台县| 页游| 北流市| 万年县| 汝南县| 邵阳县| 揭西县| 桐梓县| 江西省| 桓台县| 肃宁县| 孟连| 曲松县| 精河县| 长岛县| 邵阳县| 乌拉特后旗| 呈贡县| 离岛区| 托克逊县| 会同县| 康平县| 通州市| 沽源县| 平乡县| 华坪县| 越西县| 浦县| 哈密市| 绥宁县| 皮山县| 迁安市| 精河县| 瑞安市| 牙克石市| 南江县| 隆子县| 内江市| 凤冈县|