How to plan IP Address

Consider the below questions in mind before planing out IP Addresses scheme for their network:
1.  How many IP Addresses do you need today?
2. How many IP Address will need in the future?
3. Do you have pre-existing IP scheme?

Rules for IP Addressing:

1. Each of the 4 numbers in an IP address is called and (8bits) -192.168.10.110
2. A bit is a 1 or a 0.
3. Each octet can only have a number from 0 to 255
- 00000000 = 0
- 11111111 = 255

4. The first octet cannot be 127.
5. The 127 range has been reserved for diagnostics.
6. 127.0.0.1 is known as the loopback address. (It is referred to as localhost.)
7. The host id cannot be all 0's or all 255's
- All 0's represents the network Id.
- All 255's is the broadcast address
For Example:
-192.168.10.0 is a Network ID
-192.168.10.255 is the broadcast address for the 192.168.10.0 network.

What is classful IP Addressing?
-Originally IP Addresses where divided into different class ranges:
 

                               Network Id Reserved | Subnet Mask
A Class : 1-126         [N | H | H | H]   255.0.0.0            [126 Networks, 16,777,214 Hosts]
B Class :  128-191    [N | N | H | H]   255.255.0.0        [16,384 Networks, 65,534 Hosts]
C Class :  192-223    [N | N | N | H]   255.255.255.0    [2,097,152 Networks, 254 Hosts]
D Class :  244-239    Reserved for Multicast Address
E Class :   240-243    Reserved for Experimental

Total of 3,720,314,628 host addresses available


Private vs Public Addresses:
1. Private IP ranges which have been reserved from "Public Internet use" (not accepted by the internet routers and cann't travel internet if using below IP addresses):
-10.0.0.0       - 10.255.255.255
-172.16.0.0   - 172.31.255.255
-192.168.0.0 - 192.168.255.255

-169.254.0.0 - 169.254.255.255 [not used in private network, it reserved for automatic private IP addressing that computer self assigned itself)


2. Hosts assigned private IP Addresses can get to the internet through a technology called Network Address Translation (NAT)

3. Most of today's companies use private IP addresses on their private networks.

Example:

1. find out the Network ID, Broadcast ID, Number of usable IP address's for 11.200.200.200 ?

Ans.  It is in Class A

N | H | H | H

11 0  0  0  - Network ID

11 255 255 255  Broadcast ID

11 {8 bits}  0{8 bits} 0{8 bits} 0{8 bits} - 24bits available for host use

2 power 24 - 2 = Hosts

 

 

Helpful Link: https://www.youtube.com/watch?v=_ISu9f8ofZk

AWS VPC - Amazon web services - virtual private cloud

Creating n-tier web based application architecture on aws vpc. Will have firewal rule for the servers to communicate on specific port for security purpose.

In DC:
Web Server - 2
Application Server - 2
Database Server - 2
Reporting Server - 2
File Server - 1

In DR:
Web Server - 2
Application Server - 2
Database Server - 2
Reporting Server - 2
File Server - 1

1.    By default 1 VPC available in each region
2.    By default 2 or more Availability Zones exists in each region i.e. “ap-south-1a” and “ap-south-1b”.
3.    By default, Each Availability Zone has 1 Public Subnet. So total 2 public subnet is available.
4.    We can create Private subnet in Availability Zone as mentioned in above image.
5.    Security Group – by default all ports will be blocked.
6.    Security Group – Ports need to open in security group for instance i.e. Http, SSH etc.
7.    By Default will have 1 Security Group
8.    By Default will have 1 Network ACLs
9.    Can block IP address in Network ACLs
10.    By default will have 1 Route Table when we create VPC
11.    By default will have 1 Internet Gateway
12.    All subnets will be connected to ACL’s and Route Tables
13.    All instance will be connected to Security Group.
14.    Go in “VPC Dashboard” > Your VPC > The IPv4 CIDR in VPS, specify the list of IP’s we can have in this VPC

15.    http://cidr.xyz/ to check range of IP’s
16.    Default Subnets.
17.    Instances connected with public subnet will have internet access.
18.    Instance connected with private subnet will not have internet access.
19.

20.    Instance > Subnet > Route Table > Internet Gateways = Instance having internet access and in Public Subnet
21.    Instance > Subnet > Route Table  = Instance don’t have internet access and in Private Subnet

How to plan IP Address



Exam Tips:
1.    VPC provision a logically isolated section of the AWS cloud where you can launch AWS resources in a Virtual network that you define.
2.    Complete control over virtual networking environment, including section of your own IP range, creation of subnets, and configuration and route tables and network gateways.
3.    You can use both IP4 and IPv6 in your VPC for secure and easy access to resources and applications.
4.    You can create a public facing subnet for your web servers
5.    Private subnet for application and database servers with no internet access.
6.    Can have multiple layers of security including security groups, network access control list (ACL) to help control access to EC2 instance.
7.    You can create HARDWARE VIRTUAL PRIVATE (VPN) connection between your corporate data center and your VPC and leverage the AWS cloud as an extension of your corporate data center.
8.    Pricing- this is free of cost service, however you will be charged for the resources you use.
9.    Subnet- where you define the small networks for your different requirements like Web Server subnet, DB Subnet etc.
10.    Route Table – here you define the routing paths with connecting subnets.
11.    Internet Gateway – it is used to provide the internet connectivity to your VPC resources. Only 1 internet gateway can be connected to 1 VPC.
12.    Egress Internet Gateway- Similar to internet gateway but used for IPv6 resources.
13.    Nat gateway/ Nat instances- similar to internet gateway but better choice to provide internet to your private subnet machines.
14.    VPC Peering- VPC peering is used to merge two or more VPC in same or different AWS accounts/ Subscription.
15.    Security Groups- Security groups are state full and works as firewall for instances. Rules works at instance level.
16.    NACL- network access control lists application on subnet and is stateless.
17.    Customer Gateway- you need to setup a supported device which will work as a onsite premises gateway for creating VPN.
18.    Virtual Gateway- VG will be created on AWS VPC side for setting up VPN.
19.    VNP Connection- once CG and VG ready, you can create a VPN connection.
20.    A variety of connectivity options exist for your amazon VPC. You can connect your VPC to the internet, to your data center, or other VPCs, based on the AWS resources that you want to expose publicly and those that you want to keep private.
21.    Connect directly to the internet (public subnets) - you can launch instances into a publicly accessible subnet where they can send and receive traffic from the internet.
22.    Connect to the internet using Network Address Translation (private subnets) - private subnets can be used for instances that you do not want to be directly addressable from the internet. Instances in a private subnet can access the internet without exposing their private IP address by routing their traffic through a network address translation (NAT) gateway in a public subnet.
23.    Connect securely to you corporate datacenter- All traffic to and from instances in your VPC can be routed to your corporate datacenter over an industry standard, encrypted IPsec hardware VPN connection.
24.    Connect privately to other VPCs – Peer VPCs together to share resources across multiple virtual networks owned by your or other AWS accounts.
25.    Privately connect to AWS services without using an internet gateway, NAT or firewall proxy through a VPC endpoint. Available AWS services include S3, Dynamo DB, Kinesis streams, service catalog, ec2 systems manager (SSM), Elastic load balancer (ELB) API, and Amazon Elastic compute cloud (EC2) API.
26.    Elastic IP address (EIP) - If you require a persistent public IP address that you can associate and disassociate at will, use an Elastic IP address (EIP) instead. You can allocate your own EIP, and associate it to your instance after launch.