Designing effective network architecture is a key component of preparing for the AWS Certified Solutions Architect – Associate (SAA-C03) exam. Throughout this article, you will learn how to design a network architecture including subnet tiers, routing and IP addressing.
Subnet Tiers
Subnet tiers separates your virtual private cloud (VPC) into logical components. It is beneficial to organize and manage your AWS services and applications effectively. The typical subnet tiers in AWS are Public, Private and Database tiers. The Public subnet is directly accessible from the internet. It typically hosts online application servers and load balancers. The Private subnet is protected and inaccessible directly from the internet. It usually hosts application servers, web servers etc. The Database tier is highly protected and hosts the databases.
In designing these tiers, you should determine the size of each subnet based on the expected number of instances in each tier. Also, plan for enough capacity for potential growth and unexpected peak periods.
Routing
The Routing aspect of your network determines how your network traffic gets from one place to another. AWS provides Virtual Private Gateways (VGWs) and Internet Gateways (IGWs) as the primary routing channels in a VPC. An IGW allows traffic between your VPC and the internet, whereas a VGW enables traffic between your VPC and your on-premises network over a secure VPN connection.
Each subnet within the VPC is associated with a route table which controls the flow of traffic from and to the subnet. A route table consists of a set of rules, known as routes, which are used to determine where network traffic is directed.
IP Addressing
AWS VPC allows you to select your own IP address range by specifying a CIDR (Classless Inter-Domain Routing) block. The size of the CIDR block can range from /16 (65,536 IP addresses) to /28(16 IP addresses). IP addressing can be quite detailed depending on your network needs.
When assigning IP addresses, it is important to plan accordingly. This requires understanding your company’s needs in terms of the number of required IP addresses and where those addresses will be used. Make sure to always leave enough spare IP addresses for future growth.
Conclusion
Designing a network architecture for a AWS VPC involves subnetting, routing and IP addressing. Think of it as creating a blueprint for how all the components of your AWS applications will interact with one another.
Remember, good architecture design is not just about technical factors. It should take into account business requirements, cost efficiency and future growth. With experience and learning from AWS documentation, you will be well equipped to excel in the AWS Certified Solutions Architect – Associate (SAA-C03) exam and in your journey as an AWS Solutions Architect.
Practice Test
Multiple Select: Which of the following are key considerations when designing network architecture?
- a. Capacity of network devices
- b. Security and privacy requirements
- c. Budget considerations
- d. All of the above
Answer: d. All of the above
Explanation: All these factors are critical to design an efficient, reliable, and safe network architecture.
True/False: In Amazon VPC, one can host web servers, databases, and application servers on the public subnet and backend servers on the private subnet.
Answer: True
Explanation: This is a common practice in AWS to enhance the security and accessibility of applications.
Single Select: When dividing an IP address into network and host parts, which following subnet mask refers to the first 16 bits for network and the rest for the host?
- a. 0
- b. 0
- c. 0
- d. 255
Answer: c. 0
Explanation: This subnet mask indicates that the first 16 bits of the IP address are used for the network part, and the rest are for the host part.
True/False: Amazon Route 53 is a scalable DNS and domain name registration service.
Answer: True
Explanation: Amazon Route 53 offers these exact services and is used in network architecture to route end users to Internet applications.
Multiple Select: What are some benefits of using IPv6 addresses when designing a network architecture on AWS?
- a. Larger addressing space
- b. Simplified address assignment
- c. Enhances security
- d. All of the above
Answer: d. All of the above
Explanation: IPv6 offers these advantages over its predecessor IPv4 so it’s recommended for network architecture design.
True/False: A NAT gateway in a VPC enables instances in a private subnet to connect to the internet.
Answer: True
Explanation: A NAT gateway allows instances in the private subnet to reach out to the internet while preventing the internet from initiating connections with those instances.
Single Select: How many subnets can you have per VPC in AWS?
- a. 100
- b. 200
- c. 500
- d. 1000
Answer: b. 200
Explanation: Per AWS’ current limitation, a user can have up to 200 subnets per VPC.
True/False: EC2 instances within a subnet in AWS can talk to each other by default.
Answer: True
Explanation: AWS enables communication within a subnet by default. It’s important to configure security groups and network ACLs for securing communication.
Single Select: Which of the following is a popular method to enhance network security in AWS?
- a. AWS Shield
- b. AWS WAF
- c. Both a and b
- d. None of the above
Answer: c. Both a and b
Explanation: AWS Shield and AWS WAF are services that help protect applications against DDoS (Distributed Denial of Service) and other security vulnerabilities.
True/False: Direct Connect provides a dedicated private connection from a remote network to the AWS cloud.
Answer: True
Explanation: AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS.
Multiple Select: When designing a network architecture, what are some of the AWS best practices?
- a. Design for future growth
- b. Consider the implications of architectural decisions.
- c. Optimize for cost.
- d. All of the above
Answer: d. All of the above
Explanation: All of these practices are recommended by AWS when designing a network architecture.
Interview Questions
What is Network Architecture in the context of AWS?
Network architecture in AWS refers to the design of an organization’s network that is built on AWS services. This typically involves the strategic placement and configuration of VPCs, Subnets, security groups, NACLs, peering connections, routing tables, etc.
What is meant by subnet tiers in network architecture?
Subnet tiers, also known as layers, correspond to the various parts of the network architecture that manage different types of traffic. In AWS, there are typically three subnet tiers: public, private, and database.
What is the primary purpose of routing in AWS network architecture?
Routing in AWS network architecture determines the path that network traffic will take from its source to its destination. This is managed primarily through route tables that dictate how traffic flows between subnets and to other AWS resources or the internet.
How is IP Addressing used in AWS networking?
IP Addressing in AWS is managed through the Amazon VPC. You can assign private IPv4 addresses, IPv6 addresses and elastic IP addresses to your instances in your VPC depending on your networking requirements.
What is a VPC in AWS?
VPC or Virtual Private Cloud is a virtual network dedicated to your AWS account. It enables you to launch AWS resources into a virtual network that you define. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefit of utilizing the scalable infrastructure of AWS.
What is a subnet in AWS?
A subnet refers to a range of IP addresses in your VPC. When you create a subnet, you specify the CIDR block for the subnet, which is a subset of the VPC CIDR block.
How can you manage access to your instances in your VPC?
You can manage access to your instances in your VPC using security groups and network ACLs. Security groups act as a virtual firewall for controlling inbound and outbound traffic whereas network ACLs provide a layer of security that act as a firewall for controlling traffic in and out across the subnets.
What is an elastic IP address in AWS?
An elastic IP address is a static, IPv4 address designed for dynamic cloud computing in AWS. It’s associated with your AWS account, not a specific instance, and remains until it is explicitly disassociated.
What is a routing table in AWS?
A routing table contains a set of rules, called routes, used to determine where network traffic is directed. Each subnet in an Amazon VPC must be associated with a routing table.
What are the types of routing policies available in Amazon Route 53?
The types of routing policies available in Amazon Route 53 are Simple, Weighted, Latency, Failover, and Geolocation routing.
In relation to AWS, what is edge location?
In AWS, edge locations refer to sites that are set up in different physical locations worldwide to distribute content to users efficiently, reducing latency. AWS services like Cloudfront and Route53 make use of these edge locations.
What is Amazon Route 53?
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses a reliable way to route end users to internet applications by translating human-friendly names like www.example.com, into numeric IP addresses.
What is the purpose of Internet Gateways in AWS?
An internet gateway is a horizontally scalable, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. It therefore imposes no availability risks or bandwidth constraints on your network traffic.
How is Network Load Balancing done in AWS?
Network Load Balancing is done in AWS using Elastic Load Balancer (ELB) which automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions.