堆栈内存溢出
  简体   繁体   English

为具有公共和私有子网的VPC选择一个好的网络掩码

[英]Choosing a good netmask for VPC with Public and Private Subnets

 原文  2016-09-09 09:29:20       amazon-web-services/ amazon-ec2

问题描述

I am trying out AWS free tier and choose to set up a VPC with Public and Private Subnets. 我正在尝试AWS免费套餐,并选择使用公共和私有子网设置VPC。
The IP CIDR Block is defaulted to: 10.0.0.0/16 which is 65531 ip addresses. IP CIDR块默认为:10.0.0.0/16,即65531 IP地址。 Both public and private subnets are set to 10.0.0.0/24. 公共和专用子网都设置为10.0.0.0/24。

Isn't the less the number of ip addresses that will fit my need the better for security? 满足我需要的IP地址数量越少,安全性就越好吗? So for example, if I intend to run 2 EC2 then all I need is just 2 ip addresses? 因此,例如,如果我打算运行2个EC2,那么我只需要2个IP地址?
I need to deploy a Meteor web application to be used by the public. 我需要部署一个Meteor Web应用程序以供公众使用。 Could some one please explain if I need to have the most number of ip address to server the hieghtest number of connection to my app? 能否请一个人解释一下我是否需要拥有最多数量的IP地址来服务器与我的应用的最高连接数? I am confused. 我很困惑。

1 个解决方案

解决方案1
 0 已采纳  2016-09-09 11:48:25

In VPC number of IP address does not matter as per the security goes. 在VPC中,IP地址的数量与安全性无关。 For better security it depends how you are exposing the application and the resources in your VPC to open world. 为了获得更好的安全性,这取决于您如何将应用程序和VPC中的资源暴露给开放世界。

65531 IP address means your VPC can have 65531 EC2 instances into it. 65531 IP地址意味着您的VPC可以包含65531 EC2实例。 So if your application is going to have more than 65531 EC2 instances then you need to create a new VPC. 因此,如果您的应用程序将具有65531个以上的EC2实例,则需要创建一个新的VPC。 And if you need less IP address for your VPC you can any time create another VPC with less IP address by tweaking the CIDR block as per your requirement. 而且,如果您的VPC需要更少的IP地址,则可以根据需要通过调整CIDR块随时创建另一个具有更少IP地址的VPC。

As per the security goes you need to follow the AWS best practices when you are creating the infrastructure in a AWS VPC. 根据安全性,在AWS VPC中创建基础架构时,您需要遵循AWS最佳实践。

This is a good read 这是一本好书

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html

http://harish11g.blogspot.com/2014/01/Amazon-Virtual-Private-Cloud-VPC-best-practices-tips-for-architecture-migration.html http://harish11g.blogspot.com/2014/01/Amazon-Virtual-Private-Cloud-VPC-best-practices-tips-for-architecture-migration.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有公共子网和私有子网,s3端点的VPC - VPC with Public and Private Subnets, s3 endpoints AWS VPC 模块公有和私有子网 - Terraform - AWS VPC module public and private subnets - Terraform 带公用和专用子网的VPC中的默认网关 - Default gateway in VPC with Public and Private Subnets VPC“fromLookup”导致所有私有子网和没有公共子网 - VPC "fromLookup" results in all Private Subnets and no Public Subnets AWS,带有公有和私有子网的VPC,传出安全组设置查询 - AWS, VPC with Public and Private Subnets, outgoing security group settings query 如何确定公有子网和私有子网以及 VPC 的 CIDR 块? - How do I decide the CIDR blocks for public and private subnets and VPC? AWS:私有子网的 VPC 接口终端节点 - AWS: VPC interface endpoint for private subnets AWS CLI 获取 VPC 的私有子网 - AWS CLI Get private subnets for VPC "公有子网中的 AWS NLB,私有子网中的 EC2" - AWS NLB in public subnets with EC2 in private subnets 公共子网中的 AWS Apache 和私有子网中的 Tomcat - AWS Apache in Public and Tomcat in Private Subnets
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM