The typical VPC cidr block ranges from /16 to /28. However, if you create VPC with /28 cidr block, then there is not enough number of hosts within that cidr block to partition into private and public subnets (out of the available 16 there are 5 reserved AWS for internal use). For calculating number of available hosts per subnet cidr block, you can use the below tool:-
http://mxtoolbox.com/SubnetCalculator.aspx
If your architecture requires you to have hosts that need to run in private subnets, then you can allocate a /27 VPC cidr block and then create 2 subnets (private, public) within that VPC and now you will have 11 available hosts per subnet. Once you arrive at that number, then you can provision the VPC and separate out the subnets and route tables as below:-
1. Create the VPC with /27 cidr block
**************
$aws ec2 create-vpc --cidr-block 172.168.0.0/27 --query Vpc.VpcId
"vpc-724b7e17"
**************
2. Create an internet gateway
**************
$aws ec2 create-internet-gateway --query InternetGateway.InternetGatewayId
"igw-4e68062b"
**************
3. Attach the internet gateway to the VPC
**************
$aws ec2 attach-internet-gateway --internet-gateway-id igw-4e68062b --vpc-id vpc-724b7e17
**************
4. Create a subnet within the VPC
**************
$aws ec2 create-subnet --vpc-id vpc-724b7e17 --cidr-block 172.168.0.0/28
{
"Subnet": {
"VpcId": "vpc-724b7e17",
"CidrBlock": "172.168.0.0/28",
"State": "pending",
"AvailabilityZone": "us-east-1c",
"SubnetId": "subnet-fefdcbc4",
"AvailableIpAddressCount": 11
}
}
**************
5. Create a second subnet within VPC
**************
$aws ec2 create-subnet --vpc-id vpc-724b7e17 --cidr-block 172.168.0.16/28
{
"Subnet": {
"VpcId": "vpc-724b7e17",
"CidrBlock": "172.168.0.16/28",
"State": "pending",
"AvailabilityZone": "us-east-1c",
"SubnetId": "subnet-d4faccee",
"AvailableIpAddressCount": 11
}
}
**************
6. Create a route table for the VPC
**************
$aws ec2 create-route-table --vpc-id vpc-724b7e17
{
"RouteTable": {
"Associations": [],
"RouteTableId": "rtb-a4c1c8c1",
"VpcId": "vpc-724b7e17",
"PropagatingVgws": [],
"Tags": [],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "172.168.0.0/27",
"State": "active",
"Origin": "CreateRouteTable"
}
]
}
}
**************
7. Associate the route table with a particular subnet
**************
$aws ec2 associate-route-table --route-table-id rtb-a4c1c8c1 --subnet-id subnet-fefdcbc4
{
"AssociationId": "rtbassoc-04458260"
}
**************
8. Create route for a destination cidr block via internet gateway
**************
$aws ec2 create-route --route-table-id rtb-a4c1c8c1 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-4e68062b
**************
After the above steps, you can create security groups and then creates rules for ingress and egress. Once that is done, you should be good to launch an instance in the private subnet of the above vpc.
http://mxtoolbox.com/SubnetCalculator.aspx
If your architecture requires you to have hosts that need to run in private subnets, then you can allocate a /27 VPC cidr block and then create 2 subnets (private, public) within that VPC and now you will have 11 available hosts per subnet. Once you arrive at that number, then you can provision the VPC and separate out the subnets and route tables as below:-
1. Create the VPC with /27 cidr block
**************
$aws ec2 create-vpc --cidr-block 172.168.0.0/27 --query Vpc.VpcId
"vpc-724b7e17"
**************
2. Create an internet gateway
**************
$aws ec2 create-internet-gateway --query InternetGateway.InternetGatewayId
"igw-4e68062b"
**************
3. Attach the internet gateway to the VPC
**************
$aws ec2 attach-internet-gateway --internet-gateway-id igw-4e68062b --vpc-id vpc-724b7e17
**************
4. Create a subnet within the VPC
**************
$aws ec2 create-subnet --vpc-id vpc-724b7e17 --cidr-block 172.168.0.0/28
{
"Subnet": {
"VpcId": "vpc-724b7e17",
"CidrBlock": "172.168.0.0/28",
"State": "pending",
"AvailabilityZone": "us-east-1c",
"SubnetId": "subnet-fefdcbc4",
"AvailableIpAddressCount": 11
}
}
**************
5. Create a second subnet within VPC
**************
$aws ec2 create-subnet --vpc-id vpc-724b7e17 --cidr-block 172.168.0.16/28
{
"Subnet": {
"VpcId": "vpc-724b7e17",
"CidrBlock": "172.168.0.16/28",
"State": "pending",
"AvailabilityZone": "us-east-1c",
"SubnetId": "subnet-d4faccee",
"AvailableIpAddressCount": 11
}
}
**************
6. Create a route table for the VPC
**************
$aws ec2 create-route-table --vpc-id vpc-724b7e17
{
"RouteTable": {
"Associations": [],
"RouteTableId": "rtb-a4c1c8c1",
"VpcId": "vpc-724b7e17",
"PropagatingVgws": [],
"Tags": [],
"Routes": [
{
"GatewayId": "local",
"DestinationCidrBlock": "172.168.0.0/27",
"State": "active",
"Origin": "CreateRouteTable"
}
]
}
}
**************
7. Associate the route table with a particular subnet
**************
$aws ec2 associate-route-table --route-table-id rtb-a4c1c8c1 --subnet-id subnet-fefdcbc4
{
"AssociationId": "rtbassoc-04458260"
}
**************
8. Create route for a destination cidr block via internet gateway
**************
$aws ec2 create-route --route-table-id rtb-a4c1c8c1 --destination-cidr-block 0.0.0.0/0 --gateway-id igw-4e68062b
**************
After the above steps, you can create security groups and then creates rules for ingress and egress. Once that is done, you should be good to launch an instance in the private subnet of the above vpc.
Thanks for providing this informative information you may also refer.
ReplyDeletehttp://www.s4techno.com/blog/2016/02/04/increase-the-maximum-number-of-simultaneous-users-to-log-in-to-linux-server-using-ssh/