Welcome!! In this article, we shall learn about AWS VPC (Virtual Network), Subnet, VPC Peering, NACL, Security Groups, Site to site VPN, and Direct Connect.
VPC:-
VPC is nothing but, like On-premises network environment, where we use switches and routers to communicate with servers and clients, same as AWS Virtual Private Cloud. It is also used for communicating with AWS resources such as EC2, RDS, etc.
· Per Region, it is limited to a 100 VPCs.
VPC is isolated, based on the configuration in Network Access Control List and Security Groups, all resources within VPC can communicate with each other.
VPC is isolated, based on the configuration in Network Access Control List and Security Groups, all resources within VPC can communicate with each other.
Subnet:-
Under the VPC, we must understand the Subnet and how it works.
Subnetting is the process of dividing a network into small networks
- We can divide the VPC IP range into multiple parts of unique subnet IP ranges.
- By default the resources within the subnet will communicate with each other and also communicate across the subnets in the same VPC. We can restrict the communication across the subnet and outside
- AWS Environment with the help of NACl and Security Groups, so communication between the Subnets and Outside of the AWS Environment is up to our choice.
- Here the Security Group and NACL acts as a Firewall.
For Example: -
There are two classrooms in a school, both classrooms are restricted by Network Access Control List. Consider a classroom as a subnet
Class A leader wants to get a duster from Class B, but the class was closed, he can go by opening the door, here the door is a Network Access Control List, it will act as a firewall for subnets only.
· Resources in different VPCs can’t communicate with each other.
What should we do to communicate between two different VPC’s inside AWS?
VPC Peering:-
For Example, let me explain based on a scenario
There are two schools, School A (VPC A) and School B (VPC B)
School A students want to participate in a sports event conducted by School B, the school A must get permission and register in government CEO Office to join in this event. After getting permission they can join the event.
As same in our AWS, to communicate between two different VPC’s A and B, we must configure VPC Peering.
With the help of VPC Peering, our AWS resources can communicate with the private IP address.
VPC Peering is one best option when compared to Site to Site VPN.
VPC Peering is a seamless connection between two different VPCs, it works on the AWS backbone network which means no need for public internet.
If we want to communicate between two different VPC’s in a different region or different account, there is an option in AWS called as AWS Global VPC Peering, this too runs on AWS backbone network, no need a public network and a gateway.
Now Global VPC is generally available.
How to communicate AWS resources with On-Premises.
Site to Site VPN:-
· We can communicate with AWS to On-Premises with the help of Site to site VPN.
· Site to site VPN is like normal VPN, it is used to communicate with AWS resources.
Direct Connect:-
We can use Direct Connect to communicate between AWS and On-Premises.
· It costs huge when compare with Site to site VPN.
· Because it was the dedicated route between AWS and on-premises, for the Direct Connect the configuration we support from our On-Premises Internet Service Provider.
· My suggestion if we have a large number of resources then we can go for Direct Connect otherwise Site to site VPN is sufficient.
For Azure users, you can easily compare these service by referring below article
I hope you understood the above topics.
If you like this please like, comment and share.
Thanks for reading this article, Have a nice day.
Cheers,
Gokulakrishna
No comments:
Post a Comment