TCP/IP model and IP addressing with AWS context
TCP/IP model and security group
TCP/IP model stands for Transmission Control Protocol/Internet Protocol and it is a concise version of the OSI model. This model works on a four-layered architecture model, where each layer implicit the required network protocols on the data to be transmitted.
Below diagram shows TCP/IP model mapping with AWS security group and IP addressing:
Security Groups follows stateful Connection: It is based on TCP Connection. TCP connection process using sockets.
A TCP connection-oriented session is a stateful connection because both systems maintain information about the
session itself during its life.
IP addresses contain 4 octets, each consisting of 8 bits giving values between 0 and 255. The decimal value that comes after the slash is the number of bits consisting of the routing prefix. This in turn can be translated into a netmask, and also designates how many available addresses are in the block
IP : 126.96.36.199 => x.x.x.x => 255.255.255.255
Bit => 0, 1 => 2
28 = 256
X = 28 = 256 = 0 – 255
IP Address Classes:
Class of an address is identified by the first byte of address. There are currently five classes A, B, C, D and E.
The range of first byte of each class is:
- Class A: 0 – 127
- Class B: 128 – 191
- Class C: 192 – 223
- Class D: 224 – 239 (Reserved for Multicasting)
- Class E: 240 – 255 (Reserved for experimental purposes only for R&D or Study)
Public IP: It is used to get internet service (Note for AWS: a public IPv4 address is mapped to the primary private IPv4 address through network address translation (NAT))
Private IP: It works only in LAN and can’t work on Internet.
Amazon EC2 instance IP addressing
Amazon EC2 and Amazon VPC support both the IPv4 and IPv6 addressing protocols. By default, Amazon VPC uses the IPv4 addressing protocol.
A public IP address is assigned to your instance from Amazon’s pool of public IPv4 addresses, and is not associated with your AWS account. When a public IP address is disassociated from your instance, It is released back into the public IPv4 address pool, and you cannot reuse it.
If you require a persistent public IP address that can be associated to and from instances you can use an Elastic IP address.
IPv6 addresses: You can optionally associate an IPv6 CIDR block with your VPC and associate IPv6 CIDR (Classless Inter-Domain Routing a notation for describing blocks of IP addresses) blocks with your subnets. The IPv6 CIDR block for your VPC is automatically assigned from Amazon’s pool of IPv6 addresses.
AWS reserved IP address
The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved :
- 10.0.0.0: Network address.
- 10.0.0.1: Reserved by AWS for the VPC router.
- 10.0.0.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two.
- 10.0.0.3: Reserved by AWS for future use.
- 10.0.0.255: Network broadcast address. We do not support broadcast in a VPC. therefore, we reserve this address.