Subnets and Route Tables in VPC – A Beginner to Intermediate Guide

Introduction 🚀

If you are diving into cloud networking, understanding Virtual Private Cloud (VPC), subnets, and route tables is crucial. These components allow you to manage how resources within your private cloud communicate and connect to the internet.

In this post, we’ll explore subnets and route tables, their role in AWS VPC (or any cloud platform), and walk through examples with some technical depth.

article-#7

---

What is a VPC? 🏢

A Virtual Private Cloud (VPC) is a logically isolated network within the cloud, where you can run and secure your resources (e.g., EC2, databases). It’s similar to setting up a private data center with full control over IP addresses, routing rules, and internet access.

In AWS, each VPC spans a single region and can contain multiple subnets across different availability zones (AZs).

---

Subnets – Dividing the Network 🏠

What is a Subnet?

A subnet(Sub-Network) is a smaller network within a VPC, used to logically organize resources. Each subnet is tied to an availability zone and is defined by a range of IP addresses (CIDR block).

In AWS, subnets are either:

• Public Subnet: Allows direct communication with the internet (via Internet Gateway).

• Private Subnet: Resources are not directly accessible from the internet.

Technical Example

Imagine a VPC with a CIDR block of 10.0.0.0/16 (providing 65,536 IPs). You can divide this into:

• Public Subnet: 10.0.1.0/24 (256 IPs) having internet gateway.

• Private Subnet: 10.0.2.0/24 (256 IPs) no internet gateway access.

Each EC2 instance deployed in these subnets will receive an IP address from their respective ranges.

---

Public vs. Private Subnets Example:

1. Public Subnet (10.0.1.0/24)

   • Hosts web servers that need internet access.

   • Instances are assigned both a private IP (for internal communication) and a public IP (for external access) outbound internet traffic (e.g., software updates), they use a Internet Gateway..

2. Private Subnet (10.0.2.0/24)

   • Hosts databases or backend services that don’t need direct internet access.

   • Instances only have a private IP. For outbound internet traffic (e.g., software updates), they use a NAT Gateway.

---

Route Tables – Controlling Traffic Flow 🛣️

What is a Route Table?

A route table defines the traffic flow within and outside the VPC. It contains routing rules that specify:

• Where traffic goes (destination).

• How traffic leaves (target).

Each subnet in a VPC must be associated with a route table. If no custom route table is defined, it uses the main route table by default.

---

Components of a Route Table:

1. Destination: Defines the CIDR block of the target network (e.g., 0.0.0.0/0 for all IPs).

2. Target: The gateway or network interface where the traffic should be routed (e.g., Internet Gateway, NAT Gateway).

---

Route Table Example

Route Table for Public Subnet

Explanation:

• The public subnet route table sends internet-bound traffic through the Internet Gateway (IGW), allowing resources (e.g., web servers) to be accessed from the internet.

• Local traffic (within the VPC) flows freely between subnets using the 10.0.0.0/16 route.

Route Table for Private Subnet

Explanation:

• Outbound traffic from the private subnet (e.g., a database) goes through the NAT Gateway to access the internet for updates, but inbound traffic from the internet is blocked.

• Local traffic between resources in different subnets within the VPC is allowed using the 10.0.0.0/16 route.

---

How Subnets and Route Tables Work Together 🔗

Walkthrough Example:

Let’s say you’re running a web application with two tiers:

• Frontend Web Server in Public Subnet (10.0.1.0/24).

• Database Server in Private Subnet (10.0.2.0/24).

Here’s how traffic would flow:

1. A user on the internet sends a request to your web server in the public subnet.

   • The route table for the public subnet directs traffic to the Internet Gateway (IGW).

2. The web server in the public subnet needs to query the database in the private subnet.

   • The local route allows internal traffic between the two subnets.

3. The database server (in the private subnet) needs to download updates.

   • The route table for the private subnet directs outbound traffic to the NAT Gateway.

---

Example Architecture Diagram 🌐

Here’s how the setup might look:

• VPC CIDR Block: 10.0.0.0/16

  • Public Subnet: 10.0.1.0/24

    • Route Table: Internet Gateway (IGW) for public internet access.

    • Resources: Web Server (EC2) with public IP.

  • Private Subnet: 10.0.2.0/24

    • Route Table: NAT Gateway for outbound-only internet.

    • Resources: Database (RDS) with private IP.

---

Key Takeaways 📝

• VPC is a private network in the cloud where you control networking rules.

• Subnets divide the VPC into public and private sections, with their own IP address ranges.

• Route tables manage how traffic flows between subnets and the internet.

• Public subnets use an Internet Gateway (IGW) for inbound/outbound internet traffic.

• Private subnets use a NAT Gateway for outbound-only internet traffic.

---

Real-World Analogy:

Think of the VPC as a gated housing community:

• Public Subnet: Like a reception area open to visitors (your web servers).

• Private Subnet: Residential areas only accessible to residents (databases).

• Route Table: A map showing which roads (or gateways) to use for communication within the community or outside.

---

Conclusion 💡

Understanding subnets and route tables is essential for building secure and scalable cloud architectures. By carefully designing your subnets and managing routes, you can ensure your applications run smoothly and securely in the cloud.

Now that you’ve got the basics down, try creating a VPC in AWS with both public and private subnets. Experiment with NAT Gateways and Internet Gateways to see how traffic flows between components!

---

#CloudComputing #AWS #GCP #VPC #Networking #DevOps #Subnets #RouteTables #BeginnersGuide