Day 21: πππ / ππππ:
πππ / ππππ:
π CIDR -Method for allocating IP addresses, help to define an IP address range
π Base IP/ Subnet Mask, Virtual Private Cloud
π AWS reserves 5 IP addresses (first 4 & last 1) in each subnet
CIDR (Classless Inter-Domain Routing):
CIDR is a method for allocating IP addresses and routing Internet Protocol packets. Itβs a more flexible way to allocate and specify IP addresses compared to the traditional class-based addressing (Class A, B, C).
CIDR allows for a more efficient use of IP addresses and helps simplify routing tables on routers. The notation for CIDR uses a format like βIP_address/prefix length,β where the prefix length indicates the number of bits set to 1 in the subnet mask. For example, β192.168.1.0/24β represents a subnet with a 24-bit prefix.
Base IP / Subnet Mask:
The base IP, in the context of CIDR, refers to the network address of a subnet. The subnet mask is used to divide an IP address into network and host portions. In CIDR notation, the subnet mask is represented by the number of bits set to 1 in the prefix.
For example, a subnet with a prefix of /24 has a subnet mask of 255.255.255.0.
Virtual Private Cloud (VPC):
A Virtual Private Cloud is a virtual network dedicated to your AWS account. It enables you to launch AWS resources into a virtual network that youβve defined.
This provides you with control over your virtual networking environment, including IP address range, subnets, route tables, and network gateways. In AWS, a VPC is used to create isolated sections of the cloud where you can launch resources.
AWS Reserves 5 IP Addresses in Each Subnet:
In AWS, when you create a subnet within a VPC, the platform reserves five IP addresses from the subnetβs IP address range. These are:
- Network Address: The first IP address in the subnet, which represents the network itself.
- AWS Reserved: The second IP address is reserved by AWS for DNS resolution within the VPC.
- AWS Reserved: The third IP address is reserved by AWS for future use.
- AWS Reserved: The fourth IP address is also reserved by AWS for future use.
- Broadcast Address: The last IP address in the subnet, which is reserved as the broadcast address.
These reserved addresses are part of the subnet range but are not available for use by your instances.
Therefore, the usable IP addresses for your instances will be the remaining addresses in the subnet after considering these reserved addresses.
ππ©π‘ππ¦ππ«ππ₯ ππ¨π«ππ¬ :
π Port opened by client for return response connect to a defined port
π Used in defining inbound/outbound ports for NACL
It seems there might be a slight confusion in your question, as youβve mentioned both βclientβ and βNACLβ (Network Access Control List), which are typically associated with different aspects of networking.
1. Port opened by client for return response:
In networking, a port is a communication endpoint identified by a numeric value, and itβs associated with a specific process or service on a device. Ports are used to facilitate communication between different programs or devices.
When a client initiates a connection to a server, it often opens a random high-numbered port (known as an ephemeral port) to send the request to the serverβs well-known port (e.g., port 80 for HTTP, port 443 for HTTPS). The server, in turn, responds by sending the data back to the ephemeral port opened by the client. This process ensures that multiple connections can be managed simultaneously, and responses can be directed to the correct client.
For example, in a typical HTTP request:
- The client might open an ephemeral port, say port 54321.
- It connects to the serverβs port 80 and sends the request.
- The server responds by sending the data back to port 54321 on the client.
This dynamic allocation of ports helps manage multiple connections without conflicts.
2. Used in defining inbound/outbound ports for NACL:
Network Access Control Lists (NACLs) are a set of rules defined at the subnet level to control the traffic entering and leaving a subnet in a cloud environment (e.g., AWS VPC). Each rule in a NACL is associated with a set of criteria, including source and destination IP addresses, protocols, and port ranges.
When it comes to ports in NACLs, you typically specify them to control the type of traffic allowed or denied. For example:
- Inbound Rules: To allow incoming traffic, you might specify the allowed source IP addresses, protocols (TCP, UDP, etc.), and destination port ranges.
- Outbound Rules: To control outgoing traffic, you might specify the allowed destination IP addresses, protocols, and source port ranges.
For instance, if you want to allow HTTP traffic (which uses port 80), you will set up an inbound rule allowing traffic to port 80, and if you want to allow responses back to the client, you will likely allow the corresponding outbound traffic from ephemeral ports.
