VPC Peering in AWS
-
Overview
- Watch classroom recording
Communication between resources in vpc | virtual network and other services
- Using Endpoints
Azure and AWS Reserve 5 ip’s per subnet
- Azure:
- one ip for network id
- one ip for broadcast id
- one ip for route table
- One for dns
- Other reserved for future usage
- AWS
- one ip for network id
- one ip for broadcast id
- one ip for route table
- One for dns
- other reserved for future usage
TCP/OSI Model
- OSI Model is a conceptual model which has 7 layers
Security Groups and Network ACL in AWS & Network Security groups in Azure
- Security Group acts as a firewall on network interface (elastic network interface| nic) where the network interface is connected to subnet & gets a private ip address
- Rules of Security Group have two directions
- Inbound or Incoming or Ingress
- Outbound or Outgoing or Egress
AWS Security Group
- Security Group applies to network interface and will have Inbound and Outbound rules
- Security Group has
- inbound rules
- outbound rules
- Security Group has only allow rules. If not found deny
- Security Group identifies packet by
- source ip address
- port
- protocol
AWS Network ACL
- This applies at subnet level and will have Inbound and Outbound rules
- NACL has allow as well deny, To prioritize it uses Rule Number. Lower Rule numbers have higher priority
- NACL identifies packet by and it has action allow or deny
- source ip address
- port
- protocol
- Defaul NACL in every vpc allow all inbound and outbound
Azure Network Security Group (NSG)
- NSG applies to network interface and will have Inbound and Outbound rules
- Azure has allow as well deny, To prioritize it uses Rule Number. Lower Rule numbers have higher priority
- NSG identifies packet by and it has action allow or deny
- source ip address
- port
- protocol
- NSG can also be applied at subnet level.
