官术网_书友最值得收藏!

Public, elastic, and private IPs

When we use IPv4 networks and have created some resources in a VPC subnet, we will need to make them available on the internet. As we've already mentioned, we can attach an IGW to the subnet and make it public. Once we have spun up some instances in the subnet, we can either attach a public IP address or an Elastic IP address.

Public IPs are sourced from one or more AWS-controlled public IP address pools and are attached to the instance randomly whenever an instance is started. When an instance using a public IP address fails and is recreated or shut down and restarted, it will not maintain the same public IP address.

This is probably the biggest advantage of Elastic IPs. An Elastic IP address is associated with your account and is persistent. This means that you have the ability to assign the Elastic IP to your instance to retain the address when it is shut down and restarted, or you can attach the same Elastic IP the failed instance was using to an instance that was recreated.

A public or Elastic IP attachment means that a virtual 1:1 DNAT connection between the public or Elastic IP is established with the instance's private IP. When the user inspects the IP address within the instance with operating system tools, they will not be seeing the public or Elastic IP. However, we do have an option to see the public or Elastic IP address from the instance itself by looking at the instance metadata. The instance metadata is available on an APIPA address of 169.254.169.254. We can see the contents of the metadata by browsing or issuing a command to inspect the address and retrieve information about our instance that would normally be invisible in the operating system. For example, when searching for the public IP, we can browse to the following URL: http://169.254.169.254/latest/meta-data/public-ipv4.

The following diagram represents a fully redundant VPC deployment with two private subnets and two public subnets. The following numbers correspond to what is labelled in the diagram:

  1. The VPC is deployed within an AWS region.
  2. The VPC network address range is designated as 10.0.0.0/20.
  3. Two public subnets are created with IP ranges 10.0.1.0/24 and 10.0.2.0/24.
  4. Two private subnets are created with IP ranges 10.0.3.0/24 and 10.0.4.0/24.
  5. All traffic between any subnets in the VPC is allowed by default as the local route points to the VPC address range of 10.0.0.0/20. Any additional subnets that are created in this network will also be accessible to all subnets.
  1. The public subnets have a connection to the internet gateway.
  2. Any EC2 instances with public or Elastic IPs assigned are accessible on the public subnet.
  3. Any private EC2 instances in the private subnet can reach the NAT gateway.
  4. The NAT gateway needs to be deployed in a public subnet and will NAT all the traffic from the EC2 instances in the public subnet in the outbound direction to the internet.
  5. The NAT gateway has an Elastic IP assigned, and any traffic being sent to the internet through the NAT gateway will always be seen as originating from this EIP:
主站蜘蛛池模板: 连江县| 大渡口区| 河津市| 蚌埠市| 永新县| 祁门县| 手游| 府谷县| 绥德县| 公主岭市| 元朗区| 辰溪县| 通辽市| 永福县| 竹北市| 浙江省| 垫江县| 琼结县| 界首市| 江川县| 安平县| 尖扎县| 永安市| 木里| 梧州市| 梨树县| 兴安县| 赫章县| 建宁县| 紫阳县| 博乐市| 阿拉尔市| 张家界市| 兴化市| 新闻| 乳源| 西畴县| 青岛市| 阜南县| 临泽县| 临湘市|