This post is for beginners.
What’s a Virtual Private Cloud (VPC)?
VLANs in networking terminology. It’s a private network in cloud where you launch our servers. VPC makes it appear as if all our servers and few cloud services are in a small private network, in complete isolation. It gives more security and control over who can talk to the internet and makes the internet unaware of how many servers are in my VPC.
Okay, how do I create one?
All cloud providers create a default VPC in every region as soon as you create an account. You may either use it or create a new VPC by navigating console. You should provide a CIDR range for your VPC. CIDR is private IPs range where you launch your servers. Generally, it’s 192.x.x.x in our homes and offices. For cloud, usual recommendations for private IP ranges fall into 10.x.x.x, 172.x.x.x and 192.x.x.x. To learn more about CIDRs, please refer here:
While VPC offers a private cloud, we want division internally to define which sets can you group together—logically dividing the earlier IP range into the desired number of smaller sets. There’s no cost of communicating across subnets if they’re in same Availability Zone. There’s some cost of traffic going between Availability zones.
Wait, what’s availability zone?
Data centres typically have multiple physical locations within the same city for redundancy.
For example, Mumbai (codeword: ap-south-1) has three physical locations in AWS. The zones are typically named as ap-south-1a, ap-south-1b, ap-south1c. You’d ideally want your servers to have replication enabled, for reliability and sustain data centre outages.
Note: ap-south-1a, 1b, 1c differ for every customer. If my ap-south-1a is in Malad, your ap-south-1a could be in Ghatkopar. They do this for optimised resource utilisation.
Okay, let’s come back. How many subnets I need?
There are several standard algorithms exist. Commonly used are two kinds.
Based on the use-case:
Ex.a database subnet, a web server subnet, a queue-consumer subnet, load balancer subnet, etc.
nature of the network:
Ex. Private subnets with outbound internet access, public subnets with inbound/outbound internet access, local subnets with no internet access.
How does subnet know which one is which? I mean, I’m just dividing the cake into pieces..
Route tables. Each subnet is associated with a route table, which holds the logic of inbound-outbound-local traffic rules.
To be continued..