From the course: AWS Certified DevOps Engineer Professional (DOP-C02) Cert Prep

Amazon EC2 networking

From the course: AWS Certified DevOps Engineer Professional (DOP-C02) Cert Prep

Start my 1-month free trial Buy for my team

Amazon EC2 networking

- [Instructor] The Amazon EC2 instances are all generated by physical servers, which are managed by AWS across the globe. These instances can either be accessible over the public internet or within the customer's virtual private cloud only. The network performance of this EC2 instances depends on the underlying computer that powers them. The configuration of the virtualization layer also influences how your instances can utilize the underlying physical devices. Since these instances are not physical servers, AWS attaches virtual networking devices that mimic the function of the actual ones. You can attach multiple private IPv4 and IPv6 addresses for your instances. AWS also provides a way to improve the network performance of your EC2 instances. In this lecture, we'll discuss the different networking features in Amazon EC2. From instance IP Addressing, Elastic Network Interfaces, Elastic IP addresses, Enhanced Networking, Elastic Fabric Adapter, and many more. Let's start with the concept of how AWS allocates an IP address to your EC2 instance. A network interface card is a piece of hardware that allows a computer to be connected to a computer network. Your PC, laptop, or desktop computer has this component that allows you to connect your home wifi, local area network, or LAN, as well as to the internet. An Amazon EC2 instance, is a virtual entity and it doesn't have a physical motherboard where you can attach a network card. All the networking components in Amazon EC2 are virtualized and heavily dependent on its underlying physical host. In AWS, there's a feature called an Elastic Network Interface, or ENI. An ENI is a logical networking component in your VPC that represents a virtual network card. It can include the following, a primary private IPv4 address, a secondary private IPv4 address, one elastic IP address per private IPv4 address one public IPv4 address that can be auto-assigned when you launch an instance, one or more IPv6 addresses, one or more security groups, MAC address, Source destination check flag, and a custom description that you define. You can create an ENI and attach it to an instance. You can also move an ENI by detaching it from an instance and then attaching it to another instance. You can attach multiple network interfaces to provide higher network performance and better bandwidth capabilities. By doing so, you can also have two or more IP addresses for one EC2 instance. Amazon VPC and Amazon EC2 support both the IPv4 and IPv6 addressing protocols. By default, IPv4 addressing protocol is used on your VPC and on your EC2 instances. This default behavior can't be disabled even if you enabled IPv6 on your VPC. When you launch an EC2 instance, it'll be automatically assigned with a private IPv4 address. This IP address is based on the CIDR block that is specified in your VPC. CIDR is basically an acronym for Classless Inter-Domain Routing, which is a method of allocating IP addresses and for IP routing. As you may know, a private IP address is based on the Request for Comments 1918 or popularly known as RFC 1918. This RFC is used by the internet engineering task force to direct the internet assigned numbers authority to reserve certain IPv4 address ranges for private networks. There are three classes for these IP ranges. Class A is 10.0.0.0 with the CIDR block prefix of eight. Class B is 172.16.0.0 with the CIDR block prefix of 12 and class C with 192.168.0.0 with a prefix of 16. For class A, a CIDR block prefix of eight means that you have 16 million IP addresses that you can use. You heard that right. You can allocate a total of 16 million IP addresses to our private network. The range starts from 10.0.0.0 to 10.255.255.255, so it goes from 10.0.0.1 10.0.0.2, 10.0.0.3 and increment that 16 million times. For Class B, the prefix of 12 gives you a total of over 1 million IP addresses. That's still a lot, considering that you don't actually have those thousands of computers in your private network. It starts from 172.16.0.0 to 172.31.255.255. Lastly, for Class C, the prefix is way smaller. It has a prefix of 16, which just leads to a total of over 64,000 IP addresses. It goes from 192.168.0.0 to 192.168.255.255. Okay, you might get overwhelmed by these technical terms. What this basically means is that for every computer or is the instance that you launch, a specific private IP address will be automatically assigned. It's quite easy to spot which is a private IP address or not. If an IP address is within those RFC 1918 ranges, then most likely that's a private IP, so for example, 10.0.0.10 is a private IP, 172.16.0.5 is also a private IP. The same goes for 192.168.0.9. All of these are private IP addresses. In fact, your PC, your laptop, or even your smartphone as a private IP address too. Think of your home wifi as your own personal VPC with a single subnet. When you connect to your router, your device will get a private IP address that looks similar to the RFC 1918 ranges as shown here. If you check the network settings of your laptop, you'll see an IP address that starts with 192.168 or 172.16 or ends at zero. That's basically your private IP address. It should also be the same with your mobile phones or tablets, which are connected to your home wifi. You may also see the DNS server address and net mask of your home network or LAN. If you have two laptops at home, you can actually connect to one of your computers just by using its private IP address. You can connect to it via a remote desktop connection for Windows or through the screen sharing app for MacBooks. Another way to check if you can access your devices within your home network is to use the ping command. Just open your command prompt or your terminal app and type ping, and then the private IP address of another computer that is connected to the same wifi connection. This behavior is also similar to your EC2 instances that are in the same subnet and with a non-restrictive security group. You can configure the route table of your VPC to allow the EC2 instances on one subnet to communicate with the instances on another subnet. Aside from private IP addresses, you can also connect to your instances using its internal DNS host name. This internal host name is automatically generated by the Amazon EC2 service by default and looks something like ip-10-251-50-12.ec2.internal. This host name is written on a Kebab case with dashes. It starts with the word IP dash your private IP address then .ec2.internal at the end. It's important to know that these private IP addresses are private. You can only use this on a private network such as your home wifi, on-premises corporate network, or in your Amazon VPC. If you want your instance to be accessible over the internet, you must add public IP address. In Amazon EC2, there are two types of public IP addresses. The first one is a dynamic IP address from Amazon's pool of public IPv4 addresses, and it's not associated with your AWS account. The second type is a static IP address that is associated with your account. The later is also called elastic IP address. The regular public IP address is dynamic in the sense that it could change in the event that your instance was stopped, hibernated or terminated. If you started your instance again, it'll receive a new public IP address that is different from before. On the contrary, the elastic IP address remains static and won't change no matter what state of your instances is in. If you associate an elastic IP address with your instance, AWS will release your instance public IP address. When you disassociate the elastic IP from your EC2 instance, it'll then receive a new public address. Each EC2 instance with a public IP address is also given an external DNS host name. For example, the host name ec2-136-158-28-50.compute-1.amazonaws.com is an external host name in AWS. Just like the internal host name, it's also using the Kebab format with an ec2 dash prefix, followed by the public IP address, then compute-1.amzonaws.com. An elastic IP address can also be integrated with other AWS services such as your NAT gateways or network load balancers. You can create a NAT gateway, specify its public subnet, and associate an elastic IP address with it. You can also associate an elastic IP address to our network load balancers. In elastic load balancing, AWS automatically provisions a network interface for each availability zone that you enable. This network interface is being used by each load balancer node in the availability zone to get a static IP address. You have an option to associate one elastic IP per subnet of your choice when you launch an internet facing load balancer. AWS also offers different features to enhance and accelerate the network capability of your EC2 instances. You can use enhanced networking and elastic fabric adapter. Enhanced networking is a feature that is based on the network adapter drivers of the underlying physical host that powers your EC2 instances. These drivers can be an Intel Network Adapter, virtual function driver that is used for gigabit ethernet network connections, or a custom-based network adapter driver, which is developed by Amazon itself, just like the driver of your printer that you usually download or install on your computer. These network drivers are primarily used to allow your EC2 instance to better utilize the physical networking capabilities of the underlying host computer. Enhanced networking uses single root I/O virtualization or SR-IOV to provide high performance networking capabilities. Basically, an SR-IOV is just a method of device virtualization that provides higher I/O performance and lower CPU utilization than a traditional virtualization techniques. Again, all of these are simply based on the network drivers. Enhanced networking provides higher bandwidth, consistent lower inter-instance latencies and higher packet per second performance or PPS. You can enable enhanced networking by setting up your elastic network adapter or Intel 82599 virtual function interface or VF interface. Obviously, the Intel VF interface is provided by Intel itself. The Elastic Network Adapter or ENA is developed by AWS. For the ENA, you must install the record in a module software and enable ENA support for instances. For the Intel 82599 VF interface, you have to install the Intel IXGBEVF driver instead. There's also another type of network adapter that can accelerate the network performance of your EC2 instance. This is called Elastic Fabric Adapter, or EFA and EFA is basically just an elastic network adapter with additional capabilities. It can do all of the functionalities of an ENA plus the ability to directly communicate to the network interface hardware without passing through the Linux Kernel. This is also known as OS-Bypass. By doing so, it provides low latency and reliable transport functionality to your virtual machines. This is primarily used for accelerating your high performance computing or HPC workloads. It can also be used for machine learning applications. The Elastic Fabric Adapter enhances the performance of inter-instance communication, that is absolutely critical for scaling your HPC and machine learning applications.

Contents