Network HELP?????
5502george
Member Posts: 264
in Off-Topic
I need help understanding a little bit about the network side of project I am doing. I completed the project, but lack the actual understating of the network side of what I did.
So I am using Amazon Cloud for a project I am enrolled in and I the project had me do the following:
-Make a virtual private cloud (VPC) and three subnets in that VPC
-The VPC will have an IP of 10.0.0.0/16 and the subnets will be 10.0.1.0/24, 10.0.0.2.0/24, 10.0.3.0/24
-Attach an internet gateway to the VPC created
-Make a route table with the target of the internet gateway and destination of 0.0.0.0/0
-Associate the route table with the 10.0.1.0 subnet (to make subnet internet accessible)
-Deploy 3 instances in the VPC: a web server in the 10.1 subnet and databases in the 10.2.3 subnets
-Create a security group to allow SSH/HTTP and attach to the instances
-Create a security group and set inbound traffic rules to allow HTTP/HTTPS from IP 10.0.2.0/24 and outbound to all addresses
-Make network address translator NAT and assign it the VPC and use the security group you created
-Assign the NAT an elastic IP and disable source destination
-Go to NON-internet route table and add the NAT instance as the target and destination to 0.0.0.0/0
My questions are:
1. What does it mean when the VPC is 10.0.0.0/16 and the subnets are 10.0.X.0/24?
I know that the subs have 255 addresses because of the /24, but what does the /16 mean in the VPC?
Maybe if you can explain it like you were explaining it to a child it would help me understand it. Can you specifically explain what subnets are and how they fit into the 10.0.0.0/16 VPC??????
So I am using Amazon Cloud for a project I am enrolled in and I the project had me do the following:
-Make a virtual private cloud (VPC) and three subnets in that VPC
-The VPC will have an IP of 10.0.0.0/16 and the subnets will be 10.0.1.0/24, 10.0.0.2.0/24, 10.0.3.0/24
-Attach an internet gateway to the VPC created
-Make a route table with the target of the internet gateway and destination of 0.0.0.0/0
-Associate the route table with the 10.0.1.0 subnet (to make subnet internet accessible)
-Deploy 3 instances in the VPC: a web server in the 10.1 subnet and databases in the 10.2.3 subnets
-Create a security group to allow SSH/HTTP and attach to the instances
-Create a security group and set inbound traffic rules to allow HTTP/HTTPS from IP 10.0.2.0/24 and outbound to all addresses
-Make network address translator NAT and assign it the VPC and use the security group you created
-Assign the NAT an elastic IP and disable source destination
-Go to NON-internet route table and add the NAT instance as the target and destination to 0.0.0.0/0
My questions are:
1. What does it mean when the VPC is 10.0.0.0/16 and the subnets are 10.0.X.0/24?
I know that the subs have 255 addresses because of the /24, but what does the /16 mean in the VPC?
Maybe if you can explain it like you were explaining it to a child it would help me understand it. Can you specifically explain what subnets are and how they fit into the 10.0.0.0/16 VPC??????
Comments
-
Segovia
Member Posts: 119
Hello,
This is called Variable Length Subnet Masking or VLSM. The goal of VLSM is to take a larger subnet and divide it into smaller subnets. For example your 10.0.0.0/16 has 65534 IP addresses available. However this is one large network, or one broadcast domain. This means that it will be incredibly slow an inefficient to place all your hosts on this network. When you use VLSM to break down the large network into smaller ones you take the subnet mask of /16 which is 255.255.0.0 and start borrowing bits from the host side (the zeros on the right) and by doing this you create more NETWORKS while losing total amount of HOSTS.
Therefore when you break that down into /24 networks, you have many smaller networks of 253 usable hosts that go like this:
10.0.1.0/24 Range: 10.0.1.1 - 10.0.1.254 Broadcast: 10.0.1.255
10.0.2.0/24 Range: 10.0.2.1 - 10.0.2.254 Broadcast: 10.0.2.255
And so on.. But it should be noted that these are separate networks and will need some form of routing to be done on them, which it looks like in your instructions is accounted for.
Hope this helps, google vlsm tutorials if you wish to learn moreWGU BS - IT Security ... Enrollment Date 10/15 ... Progress 45/124 CU {36%} -
5502george
Member Posts: 264
Awesome! thanks for the explanation, the route tables were automatically generated once I created the subnets in the VPC so I can SSH into each of them once I access the public facing subnet using SSH and the private key...Up next is VPN.
Thanks again! -
Segovia
Member Posts: 119
You're welcome!
Sounds like a fun project, hope it all works splendidly.WGU BS - IT Security ... Enrollment Date 10/15 ... Progress 45/124 CU {36%}