Please enable JavaScript.
Coggle requires JavaScript to display documents.
M5 (IP host address reserved (. 0 for network, . .1 is for Gw, .2 is for…
M5
IP host address reserved
-
-
-
-
.255 is for broadcase, VPC doesn't support broadcast
ENI
Secondary IP address can be assigned to any network interface, which can be attached or detached from an instance
Secondary IP address must be assigned from the CIDR block range of the subnet for the network interface
-
Secondary private IP addresses can be assigned and unassigned to ENIs attached to running or stopped instances.
Secondary private IP addresses that are assigned to a network interface can be reassigned to another one if you explicitly allow it.
Primary private IP addresses, secondary private IP addresses, and any associated Elastic IP addresses remain with the network interface when it is detached from an instance or attached to another instance.
Although primary network interface cannot be moved from an instance, the secondary private IP address of the primary network interface can be reassigned to another network interface.
-
dual home instance
App server is dual-homed instance (which has 2 ENI) receives and processes requests on the front end, initiates a connection to the backend, and then sends requests to the servers on the backend network.
can install your proxy server, your inhouse load balancer
Used case2. ’s say we have 2 Instances, one is a primary instance which hosts a web application. This has been assigned a secondary network interface. This interface has an Elastic IP assigned which is accessed by external Users. Let’s say that you have a standby instance which has the same web server installed but is in the non-active state. Only if the primary instance fails for any reason, then a failover happens to the secondary instance.Primary Instance
So now to ensure that the failover happens from the primary to secondary instance seamlessly so that the same Elastic IP address can be used for standby instance, the ENI can be shifted to the secondary Instance. It needs to be ensured that the subnets for the instances belong to the same availability zone.
Bastion host
-
-
Ports are limited to allow only the necessary access to the bastion hosts. For Linux bastion hosts, TCP port 22 for SSH connections is typically the only port allowed.
-
-
-
-
Bring your own IP
migration, whitelisting, or even IP address reputation need same ip
requirement
you will need a /24 IPv4 prefix or larger, registered to your business with APNIC)Yehavior.
-
-
CIDR
Cover range of subnet
-
- if break to smaller subnet, can support: 10.1.0.0/24, 10.1.1.0/24
-
-
DNS
Private DNS
To use private DNS, you must set the following VPC attributes to true: enableDnsHostnames and enableDnsSupport
Elastic IP Used case
When associated with and ENI so that you can hold a fixed MAC address. This is sometimes used for security and licencing. (ditto ,and the architectural best practice whitepaper)
- Where an instance may not get a Public IP address in commissioning such as when you create a VPC with the default set to no Public IP.
nat gw
-
A NAT gateway supports the following protocols: TCP, UDP, and ICMP.
-
