stackoom
  简体   繁体   中英

What does public subnet mean in AWS VPC?

 原文  2019-11-13 03:04:35       amazon-web-services/ ip/ subnet/ vpc

Question

I learnt that private IPv4 address space is:

Class A 10.0.0.0 – 10.255.255.255
Class B 172.16.0.0 – 172.31.255.255
Class C 192.168.0.0 – 192.168.255.255

A private IP address is an IP address that cannot be accessed over the Internet and normally protected by firewall.

169.254.0.0 used by Microsoft machines but not assigned by IANA

In the below AWS VPC architecture(from here ):

在此处输入图像描述

Public subnet is designated with subnet 10.0.0.0/24 , but this address is part of private address space( 10.0.0.0 – 10.255.255.255 ).

Why subnet( 10.0.0.0/24 ) is considered as public subnet?

Note: In AWS world, associating a subnet to a public route table makes it a public subnet. Route table entry having outbound traffic to IGW indicates a route table, a public route table

2 answers

solution1
 3  2019-11-13 03:14:41

All VPCs in AWS are assigned a CIDR range of IP addresses. In the above example, the VPC has been assigned a CIDR of 10.0.0.0/16 .

All resources launched in a VPC (eg EC2 instances, RDS databases, Elastic Network Interfaces) are assigned an IP address within that CIDR range.

Within AWS, a public subnet is one that has a Route Table entry that directs traffic destined for 0.0.0.0/0 to an Internet Gateway. This gives the resources on that VPC the ability to communicate with the Internet. The resources will need to be assigned a Public IP address to be able to communicate with the Internet.

A private subnet is defined as a subnet that does not have a Route Table entry that directs traffic to an Internet Gateway. There is no capability for resources in a private subnet to communicate directly with the Internet, and vice versa.

As shown in your diagram, 10.0.0.0/24 is considered public due to its Route Table entry that points to the Internet Gateway.

The concept of "public/private subnets" is separate to the concept of "public/private IP address ranges".

solution2
 1  2019-11-13 03:17:13

The terminology used by AWS here has nothing to do with IANA or the RFC 2918 up ranges. AWS uses public subnets to define a subnet within the VPC that can be exposed to requests from the internet, like a webserver front end.

The private subnet is more isolated from the internet, it can only receive requests from other hosts on the vpc. This reduces the attack surface of hosts that are not meant to accept requests from the internet directly such as with application backends.

You can read a little more here on the AWS public docs

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What is VPC, Subnet in AWS AWS public subnet VPC communication AWS VPC Private/Public Subnet What makes a subnet into a private subnet in AWS VPC? AWS VPC identify private and public subnet AWS - Create public subnet in existing VPC AWS vpc access the Internet from public subnet How to find out if an AWS VPC Subnet is a “public subnet”? What are the reasons to use private subnet in aws vpc? What are AWS VPC Subnet zoning best practices?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM