Amazon Virtual Private Cloud (VPC)

Why Do We Need Both Decimal and Binary Notations?
Humans find decimal numbers easier to read and understand, whereas computers prefer binary for computational efficiency. Therefore, the dotted-decimal notation serves as a more human-friendly representation of the binary data that computers use to process IP addresses.

What is Network ID and Host ID?
An IP address like 192.168.0.1 consists of two parts:

Network ID: Think of this as your "neighborhood" on the internet. In 192.168.0.1, the Network ID is 192.168.0.

Host ID: This is your specific "house number" within that internet neighborhood. In 192.168.0.1, the Host ID is 1.

CIDR Notation
For the Subnet Mask 255.255.255.0, all the 255s represent 24 bits (8 bits for each 255). So, the network and Subnet Mask can also be written as 192.168.0.1/24. The /24 indicates that the first 24 bits are used for the Network ID.

Why Do We Care?
The Network ID helps to route your data to the right general area (like getting a package to the correct city). The Host ID helps to get that data to your exact location (like getting a package to your front door).

What is a Subnet Mask?
A Subnet Mask like 255.255.255.0 separates the Network ID from the Host ID in an IP address. When written in binary, 255.255.255.0 becomes 11111111.11111111.11111111.00000000.

How Does It Work?
Use the Subnet Mask to figure out which part of the IP address is the Network ID and which part is the Host ID.

Calculating the Network ID

For the IP address 192.168.0.1 with the Subnet Mask 255.255.255.0 or /24:

The Subnet Mask in binary is 11111111.11111111.11111111.00000000.
Take the part of the IP address where you see 11111111 in the Subnet Mask. That's your Network ID.
So, with 192.168.0.1/24:

Network ID: 192.168.0 (the part covered by 255 or 11111111 in the Subnet Mask)
Host ID: 1 (the part where the Subnet Mask is 0 or 00000000)

Why is the Subnet Mask Useful?
It helps to organize your network, making it easier to manage devices and route data correctly. It's like knowing which streets in a city are residential and which ones are for businesses.
Classes of Private IPv4 Addresses for VPCs

Class A:
Private Range: 10.0.0.0/8
Subnet Mask: 255.0.0.0 or /8
First Assignable Address: 10.0.0.1
Last Assignable Address: 10.255.255.254
Total Networks: 1 (Just the 10.x.x.x network)
Usable Addresses per Network: 16,777,214 (because you reserve 2 addresses for network and broadcast)

Class B:
Private Range: 172.16.0.0/12
Subnet Mask: 255.240.0.0 or /12
First Assignable Address: 172.16.0.1
Last Assignable Address: 172.31.255.254
Total Networks: 16 (Ranges from 172.16.x.x to 172.31.x.x)
Usable Addresses per Network: 65,534 (because you reserve 2 addresses for network and broadcast)

Class C:
Private Range: 192.168.0.0/16
Subnet Mask: 255.255.0.0 or /16
First Assignable Address: 192.168.0.1
Last Assignable Address: 192.168.255.254
Total Networks: 256 (Ranges from 192.168.0.x to 192.168.255.x)
Usable Addresses per Network: 254 (because you reserve 2 addresses for network and broadcast)

How Is This Information Useful in VPC?
First and Last Assignable Addresses: These help you plan your subnets within the VPC.
Total Networks: Indicates how many subnets you can have within each class.
Usable Addresses per Network: Tells you how many VMs, containers, or services can be in each subnet.

These classes are often the foundation for IP addressing schemes in VPCs, as they allow for a wide range of IPs that won't conflict with public internet addresses.
Alright, I can totally sense the confusion you're experiencing. I can sense the way your eyebrows raised and how you took that deep breath – classic signs of Dilemma. I understand, the load of information seems overwhelming, especially since we haven't even delved into VPC and its terminology yet. So far, we've only talked about IPv4. But don't worry! Together, we're going to unwrap the layers of VPC concepts one by one, like peeling an onion.

I'm pretty certain that at some point in your life, you've encountered a situation where you had to tackle an entirely new subject. Remember that feeling of uncertainty? It's that moment when you admit you don't know much about the topic. Then you likely took a seat, opened your mind to learning, and started asking yourself questions to bridge the gaps in your understanding. Gradually, the haze started to dissipate, and you experienced that 'Aha!' sensation when things finally clicked.

You know what's amazing? The confidence you gained the next time the topic came up. It's an incredible feeling, isn't it? Well, guess what? In this journey, you'll only get that 'Aha!' moment once you dive into hands-on experience with VPC. And let me remind you of something important – "Learning is one of the greatest joys of life." Let's dive in.

What are LAN,WAN,MAN and AWS Availability Zones?
What is LAN?
Local Area Network (LAN) is a network infrastructure that operates within a limited geographic area, such as a home, office, or campus. It enables devices to connect and communicate with each other over short distances, usually within the same building or nearby buildings.

Why LAN?
Fast Data Transfer:
Imagine sending a large video file from your computer to another computer in the same room. With LAN, this transfer is fast and efficient.

Cost-Effective:
Setting up a LAN generally involves one-time costs for networking hardware, like switches and routers, but doesn't usually incur monthly fees.

Resource Sharing:
Need to print a document? LANs let you share printers, files, and other resources easily between connected devices.

Low Latency:
Forget buffering. LANs offer low latency, which is ideal for real-time applications like video conferencing and gaming.


What is WAN?
Wide Area Network (WAN) is a network that covers a broad area, typically spanning regions or even countries. WANs allow organizations to connect their local networks to other local networks, facilitating data sharing and communication over large distances.

Why WAN?
Global Reach:
Imagine being able to access your company’s data from anywhere in the world. WAN makes this possible.

Scalability:
WAN can grow as your organization expands, connecting new sites and remote offices easily.

Centralized Data:
Store your company's data in a central location and access it from anywhere using WAN.

Flexible Connections:
Connect via various methods like leased lines, broadband, or even satellite.
What is MAN?
Metropolitan Area Network (MAN) sits between a local area network (LAN) and a wide area network (WAN). It typically spans a city or a large campus and is ideal for connecting multiple LANs within a specific geographic area.

Why MAN?
High-Speed Connections:
MAN offers faster data transfer rates than WAN but covers a larger area than LAN.

Regional Networking:
Connect multiple offices within the same city effortlessly.

Cost-Effective:
For businesses operating in a metropolitan area, MAN can be more cost-effective than using multiple WAN connections.

What are AWS Availability Zones?
AWS Availability Zones (AZs) are isolated locations within an AWS region, designed to be fault-tolerant to issues like power failures, network issues, or natural disasters. Each AZ has its own power, cooling, and networking to isolate from failures in other AZs.

Why AWS Availability Zones?
High Availability:
If one zone experiences issues, your applications can continue to run in another zone.

Disaster Recovery:
In case of a disaster, data can be immediately available in another zone.

Low Latency:
Multiple zones in a region allow you to serve users with lower latency.

Data Redundancy:
Storing data in multiple zones protects it from loss due to a zone failure.

Seamless Scaling:
Quickly expand your application to other zones or even other regions as needed.

Balanced Workloads:
Distribute traffic to applications across multiple zones for balanced workloads.

AWS VPC TERMINOLOGIES

1. VPC
2. Subnets
3. Route Table
4. Internet Gateway
5. Nat Gateway
6. Security Group
7. Elastic IPs
8. NACL (Network Access Control List) [We can ignore this part for now]

Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 for most resources in your virtual private cloud, helping to ensure secure and easy access to resources and applications. To understand VPC better, it's essential to familiarize yourself with the following key terminologies:

1. VPC (Virtual Private Cloud)
What it is: A virtual network within the AWS cloud.
Example: Think of a VPC as a gated community. Inside this gated community, you have your own rules, access control, and security measures.
Why it works that way: It is isolated from other virtual networks, providing a secure environment for your AWS resources.
Why not another way: An open network would expose resources to potential threats and unauthorized access.

2. Subnet
What it is: A range of IP addresses in your VPC.
Example: Within the gated community (VPC), there are different lanes or sectors. These are your subnets.
Why it works that way: Subnets allow you to organize your network, allocate resources, and implement security policies effectively.
Why not another way: Without subnets, your VPC would be one big flat network, which could lead to inefficiencies and security risks.

3. Route Table
What it is: A set of rules that determine where network traffic is directed.
Example: Think of the route table as road signs within your gated community directing traffic to different lanes or exits.
Why it works that way: It helps in the efficient flow of data between subnets or outside the VPC.
Why not another way: Without a route table, there would be no way to manage or direct traffic, leading to chaos.

4. Internet Gateway
What it is: A horizontally scalable, redundant gateway allowing communication between resources in a VPC and the internet.
Example: This is like the main gate of your gated community that connects you to the external world.
Why it works that way: It allows resources within your VPC to access the internet securely.
Why not another way: Without an Internet Gateway, your VPC resources wouldn't be able to communicate with the outside world unless you set up a VPN or Direct Connect.

5. NAT Gateway (Network Address Translation Gateway)
What it is: A managed service that enables instances in a private subnet to connect to the internet but prevents the internet from initiating a connection with those instances.
Example: Imagine a one-way mirror at a security checkpoint within your gated community. People inside can look and go out, but those outside can't see or enter directly through it.
Why it works that way: NAT Gateway allows outbound traffic (e.g., for updates, APIs) while maintaining the private nature of the subnet.
Why not another way: Simply allowing direct two-way internet access to private resources would expose them to unnecessary risks.

NAT Gateways are generally used in conjunction with private and public subnets. Instances in a private subnet that need to access the internet can have their traffic routed through a NAT Gateway residing in a public subnet.

6. Security Group
What it is: A virtual firewall that controls inbound and outbound traffic for one or more instances.
Example: Think of security groups as the security system installed in each house within the community.
Why it works that way: Security groups are more instance-level security measures and are stateful (unlike NACLs which are stateless).
Why not another way: Without security groups, you wouldn't have fine-grained control over the network traffic to and from your instances.

7. Elastic IPs (EIP)
What it is: A static, public IPv4 address that you can allocate to your AWS account, which you can associate or disassociate with an instance on-the-fly.
Example: Imagine having a reserved parking spot in a public area. You can use this spot whenever you want, and if you change cars, you can easily reassign the spot to the new car.
Why it works that way: Elastic IPs provide a way to have a fixed public IP address that can be quickly remapped to any instance in your VPC. This can be useful for fault-tolerance and high availability.
Why not another way: Using a dynamic public IP address (which changes every time you stop and start your instance) could cause issues with DNS mapping and could complicate network configurations.

Elastic IPs are useful for various use-cases, such as:
Failover: Quickly reroute traffic to another instance.
High Availability: Swap IPs between instances in different availability zones.
DNS Mapping: Helpful when you have a domain pointing to a specific IP address, and you don't want to update DNS records if you switch instances.

8. NACL (Network Access Control List)
What it is: A layer of security that acts as a firewall for controlling network traffic in and out of a subnet.
Example: These are like the security guards at each lane or sector within your gated community.
Why it works that way: They filter traffic based on IP protocol, port number, and source/destination IP address.
Why not another way: Without NACLs, your subnets would be exposed to unauthorized or malicious traffic.

Imagine you're building a house. Before you start adding rooms and furniture, you need to set up the foundation – that's where the VPC (Virtual Private Cloud) comes in. Think of the VPC as the blueprint for your AWS infrastructure. It's like defining the boundaries of your virtual space.


Now, let's say you're building a website. You need two things: a web server to show the website and a database to store information. Just like in your house, you might have a living room and a storage room.

The web server is like your living room – it's where guests (users) come in and see the nice stuff (your website). Since you want everyone to see it, the web server needs to be accessible from the outside, which means it's in the "public" part of your virtual space.

On the other hand, the database is like your storage room – it's where you keep important things, but you don't want just anyone to access it. It's the heart of your website, so it needs to be well-protected. That's why the database is in the "private" part of your virtual space. It's not directly accessible from the outside.

Here's where it gets interesting. When a user fills out a web form on your website (let's say they're ordering a cool gadget), the web server needs to talk to the database to save that order. But you don't want the database to talk to strangers on its own – that would be risky. So, the web server acts like a bridge. It takes the user's order, walks over to the private storage room (database), and says, "Hey, store this safely for me."