Getting Started With VPC (Virtual Private Cloud) - Part Three

From the above image we can see that here we have 2 types of subnets.

 

Public and private subnet is a concept of VPC, and the public subnet is one which is connected to the internet gateway.

 

In the previous article we have already learned what Internet gateway is; it can be thought of like a modem which is connected to the internet.

 

In public subnets,  traffic can go out and can come in from the internet.

 

For example: When we launch an EC2 instance we can easily do SSH using the intent which means that by default our instances are launched in a public subnet which can be accessed using the internet.

 

 

We cannot connect to the instances in this subnet over the internet, but if instances in a private subnet want to connect to the internet, they can do it by using the NAT gateway placed in the public subnet. For example: If we need to install a package in an app sever placed in private subnet, then this can be downloaded from the internet via NAT gateway through a public subnet.

 

NAT gateway will be connected to the internet gateway.

 

Now the next question arises as to HOW TO LOGIN TO INSTANCES IN PRIVATE SUBNETS?

 

 

For that we need to login to the EC2 instance(s) in a public subnet and from there we can do SSH to the other instances in a private subnet even if they are in a different AZ.

 

 

To achieve high availability, we need a minimum of 2 public subnets and a minimum of 2 private subnets as in the previous diagram. If Availability Zone B goes down then all the servers in Availability Zone B will not be accessible and we will not be able to access the app and DB server placed in private subnet in Availability Zone B.

 

So, if we want both public and private subnet and high availability at the same time then we need to create a minimum of 2 public subnets and 2 private ones,  and also we need to place them in different zones as shown in the diagram below.

 

Now we are going to set the same infrastructure, but before that we need to first calculate a few things so that we can easily put the values during the setting up of our VPC network.

 

For setting up VPC we need:

Let’s take the VPC range as below.

 

 

When we have a bigger network, we divide them into subnets and our requirement is to use 2 public subnets and 2 private subnets.

 

So, let's divide the IP ranges into our 4 subnets as below.

To create these 4 subnets we have used only 4 IPs of the total IPs possible from the VPC range.

 

Apart from this, we also need 1 Internet Gateway and 2 NAT Gateways.

 

As we create NAT gateway in public subnets and as we have 2 public subnets, we would be needing 2 NAT gateways, but as NAT gateways are not free, we will create only 1 NAT gateway and assign it to both the public subnets 1 and 2.

 

NAT gateway serves the private subnet, but it lives in the public subnet.

 

We also need a route table for the subnets, and we will create 2 route tables, one for public and one for private subnet.

 

These were the things required to set up a VPC.

 

 

In this article we learned the network architecture of VPC, and we also gathered information around what exactly are the requirements to actually set up VPC. In the next article we will be setting up VPC and see all this happening in real.

 

You can see some of the previous articles of this series as under,