6

AWS VPC

Here is an AWS typical VPC, which is composed of the following components

  • two subnets
  • Internet Gateway
  • Route table
  • Instances

Imagine a scenario

step1, instance (private IP 172.31.0.5) in subnet1 send a packet to IP 172.31.16.5 (in subnet2).

step2, the packet reaches the route table, the route table redirect the packet to the target local.

step3, Some magic happens.

step4, instance(172.31.16.5) receives the packet.

The following questions are about the magic in step3.

  1. What does local mean in this place? the VPC network?
  2. what's the topology of vpc and subnets?
  3. How does route table know which subnet should be the right subnet to receive this packet?
  4. How does route table know which instance should be the right instance to receive this packet?
  5. How does route table redirect the packet to the instance(172.31.16.5)?
  6. If I would like to better understand it, which kind of background knowledge should I learn first?
Ryan Lyu
  • 4,180
  • 5
  • 35
  • 51
  • These are basic networking question. There is no magic in VPC. I would recommend checking out tutorials how tcp/ip addressing and subnet works. – Marcin Sep 25 '20 at 02:09

3 Answers3

5

It might become easier to understand if you replace "route table" with "router" in the steps. The Router in your diagram is the one actually routing the traffic. The route table is only part of the configuration of the Router. The Router also knows about all the subnet CIDR ranges. They are subsets of the VPC CIDR range.

In a route table, the local entry is usually configured with the CIDR range of the entire VPC. So in step 2, the Router looks up the route table, and sees that the destination is "local", i.e. another host in the same VPC. In step 3, it would then look through the subnet CIDR ranges, sees that 172.31.16.5 is in subnet2's range, and so routes the packets there.

jingx
  • 3,698
  • 3
  • 24
  • 40
  • I am connecting ec2 instance from my local machine using public ip via internet gate way. what is the usage of CIDR 0.0.0.0/0.? – user3094331 Jul 27 '22 at 04:14
3

Amazon VPC is a virtualized network, also known as a software-defined network.

Behind-the-scenes, VPC traffic is encapsulated and transferred across 'normal' network equipment, but the VPC defines a simplified set of rules that allow a network to be provisioned through clicks and API calls rather than connecting and configuring equipment.

The simple answer to your questions is... It doesn't matter.

As long as the network behaves correctly for how it has been configured, the implementation details are irrelevant.

If you are interested in learning how networks in general operate, then I would recommend learning about Ethernet, TCP/IP and network routers. A VPC is higher-layer implementation of these technologies.

To learn a little bit about how VPCs operate, I would recommend watching these YouTube videos:

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
1

Actually this works exactly like your network at home. Imagine your ISP is the equivalent of the aws internet gateway and your home router is the equivalent of the aws router. So when you configure your home router you are actually setting the routing table. Based on this config the router knows which packets are for your ISP and which are for the local network. Regarding the magic in step 3 - the router actually sees that you are trying to access another subnet based on the mask(in your case /16) and redirects the packages directly to your Availability Zone B EC2 instance

cvetomirst
  • 31
  • 1