Simplest Explanation: AWS Region, AZ, and VPC

Have you ever been perplexed by the Amazon Web Services (AWS) concepts of region, Availability Zone, and Virtual Private Cloud (VPC)? You’re searching out blogs that explain the concepts of AWS region, availability zone, virtual private cloud, and subnet. You’ve arrived at the right place, and your search is over.

Let’s shed some light on the fundamentals of the AWS -Network concept (basic level of networking). We will begin with Region, AZ, and network fundamentals such as VPC, subnets, and IP addresses. If you are familiar with the network but have never done AWS then you have come to the right place. However, if you’ve already worked with AWS, this is a no-brainer for you. Let’s take a quick look at key infrastructure principles before diving into AWS concepts.

Do you ever think about how you access your mail, Facebook account, and Google account, as well as how you watch movies, videos on Netflix, YouTube? Where did your mail store? Where did videos, movies store?

Confused!!!!!

Okay, if I tell you that everything you upload to Facebook, Google Drive, and YouTube will be stored on datacenter, your first thought could be, “What is Data Center?”

If you google “What is a data center?” you’ll get a lot of different definitions.

Allow me to explain in simple words, A data center is a building, a dedicated space(room) within a building or a group of buildings used to house IT infrastructure (hardware) such as server computing units, network hardware (routers, switches, etc.), data storage, and so on. Common components of data center explained below:

Computing hardware: Computing units and data storage devices deployed in the data center (building) to provide service. Consider an example from your own home: You have a laptop or a desktop computer. These computing resources were used for office work, personal tasks (such as checking email, updating documents, watching movies, YouTube, and so on). You can compare your laptop and desktop to the server.

Network and Security: Network and Security devices (routers, switches, hub, gateways) provide foundation functionality such as internet and internal connectivity. Take a look at how you connect to the internet at home. You are connected via wifi or LAN, which is connected to the router. That router is linked via fiber optical or copper cable, which is provided by a local internet provider depending on your location and area. You Consider your wireless router to be a network device in the data center.

Racks: To maximize space utilization, compute and network devices are mounted in racks.

Power: Each machine and device in the data center requires a power supply (electricity) to operate. Like at your house, your laptop, desktop, and wifi router require electricity to operate. We required at least two power sources in the data center, which meant dual-power supplied with multiple grid connectivity. Why two power sources? If one power source fails, the data center continues to function normally. If both power sources fail, we must have a backup source, such as generators or solar panels, to ensure that your server remains operational without interruption, allowing you to access your movies, data, and email.

Cabling system: CRAC stands for Computer Room Air Conditioning. It contributes in maintaining the proper operating temperature of computing and network devices. When you use your laptop and desktop for extended periods of time and perform heavy computing, you will notice that your system generates heat if there are 100 and 1000 laptops are running. You can simply guess how much heat they are producing in order to maintain the temperature at which air conditioning is required. Similarly, we are talking about thousands of servers that are always online and available. You can imagine how much heat they generate, and in order to keep this up, we need a proper cooling system.

UPS: Uninterruptible power source systems that provide protection from short power outages.

Fire Protection: Active systems for fire protection.

Physical Security: Physical security is the safeguarding of people, property, and assets, such as hardware, software, networks, and data, against natural disasters, burglary, theft, terrorism, and other events that could cause damage or loss to an enterprise or institution.

NOC: Network Operations Centers (NOCs) are centralized locations from which an organization manages and supports its telecommunications infrastructure, and computer network detects and resolves IT incidents. ultimately, ensures the availability of its data center. First-line support

Site: Data Center required a site (a building, a dedicated space(room) within a building or a group of buildings) that was specifically designed for data centers, with connectivity to the road, power grids, and networks. For example, your home is linked to the power grid, roads, the internet, and so on. The cost of cooling may be reduced by locating data centers in cold climates.

Hoping now you have a fair idea of what a data center is. However, you can now ask me why we are discussing data centers. We’re here to talk about the region, not the data center. Let me clarify: there is no region or Availability zone concept in the absence of a data center. Normally, we have a home address like my house is located in Delhi, India. Now, Delhi is the geographical location of my home. Similarly, the location of the data center becomes its geographical location.

AWS Region

The heart of the AWS Global Cloud is the AWS Region. AWS Regions are physical locations where Amazon clusters data centers are located.

Currently, there are 25 geographic regions around the world. All Regions are completely independent and isolated from one another. For the most up-to-date information on the region and AZ, please refer the link below.

Global Infrastructure: https://aws.amazon.com/about-aws/global-infrastructure/

To find your Regions using the console

1. Open the Amazon console at https://console.aws.amazon.com/
2. From the navigation bar, view the options in the Region selector.

Note: Only 21 regions are visible through the AWS console, out of a total of 25 regions. Resets four are not visible from the AWS management console. The following is a list of the four regions.

1. Amazon Web Services China (Beijing)
2. Amazon Web Services China (Ningxia)
3. AWS GovCloud (US-East)
4. AWS GovCloud (US-West)

Customers who want to use the China Regions must sign up for a separate set of account credentials that are specific to China services. Customers who already have AWS credentials will be unable to access resources in the China Regions, and vice versa. Please visit www.amazonaws.cn to request an AWS (China) account.

AWS GovCloud (US)

AWS GovCloud (US-East) and (US-West) Regions are operated by employees who are U.S. citizens on U.S. soil. AWS GovCloud (US) is only accessible to U.S. entities and root account holders who pass a screening process. Customers must confirm that they will only use a U.S. person (green card holder or citizen as defined by the U.S. Department of State) to manage and access root account keys to these regions.

Signup into AWS GovCloud(US) using the console

1. Open the Amazon console at https://console.aws.amazon.com/
2. From the right hand click on My account.

3. GovCloud (US) login can be found by scrolling down

AWS Availability Zone

One or more data centers located at different locations within an AWS Region, each of which is equipped with redundant power, network, and connectivity are referred to as Availability Zones (AZs).

As previously stated, my home is located in Delhi, India. Now consider that I own two houses in different parts of the city, each with a different power supply, different internet connection, and a different cooling system from one another. You can think of these two houses as two availability zones within the same region, implying that each house is treated as a separate availability zone.

A similar concept applies to AWS Availability Zone (Datacenters located at different locations within an AWS Region). Each Availability Zone (AZ) has independent power, a cooling system, and physical security. Furthermore, they are linked by redundant, ultra-low-latency networks. AZs are physically separated from one another by a significant distance, measured in kilometers, despite the fact that they are all within 100 kilometers (60 miles) of one another.

Virtual Private Cloud (VPC)

Amazon definition of a VPC:

“Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.”

In simple words, VPC is nothing more than a collection(bundle) of IP addresses. I say this because when you create a VPC, you only get IP addresses. Nothing is reserved; only a virtual bounder is created within a single AWS region.

Now, you are currently thinking in your mind. What exactly is an IP address?

An IP address is a unique/different address that identifies a device on the internet or a local network. IP is an abbreviation for “Internet Protocol,” which refers to a set of rules that govern the format of data transmitted over the internet or a local area network.

let’s take an example if you want to send me a gift/courier, you must have my home address as well as write on the gift box and handover it to the courier service. or if you order from Amazon, you will be required to provide your home address in order for Amazon to deliver to your address. Similarly, an IP address is a unique address for a device (server, network). IP is the address for your system or network device allows your machine to identify the receiver and understand where he needs to send data.

Your system is assigned an IP address when you connect to your wifi router; when you access a website, your traffic is directed to the wifi router via the IP address.

When you create VPC you need to define only three things, Name Tag or you can say the name of the VPC, most importantly we need to provide CIDR block and Tenancy. Basically, a VPC has six core components that are fundamental to it and can be created by a user or by AWS as part of a default VPC. We will only cover the basics of CIDR and Subnet in this section. We will go into greater detail about VPC in other blogs that we will post in the future.

VPC elements are as follows:

1. VPC CIDR Block
2. Subnet
3. Gateways
4. Route Table
5. Network Access Control Lists (ACLs)
6. Security Group

CIDR: CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and for IP routing. In 1993, the Internet Engineering Task Force (IETF) introduced the Classless Inter-Domain Routing (CIDR) protocol to replace the previous classful network addressing architecture on the Internet.

When it comes to CIDR, the ability to group blocks of addresses into a single routing network is its distinguishing feature, and the prefix standard used for interpreting IP addresses makes this possible. I will not go into detail about how to calculate the CIDR and how it works because this is something that deserves its own blog post to define and discuss.

For your VPC, you must specify an IPv4 address range. The IPv4 address range should be specified as a Classless Inter-Domain Routing (CIDR) block, such as 10.0.0.0/16. The size of a CIDR block must be between /16 and /28 netmask.

What exactly does it mean when you create a VPC and use the CIDR range 10.0.0.0/16? In this case, it provides you with a range of IP addresses, which starts with 10.0.0.0 and ends with 10.0.255.255, which means you get a total of 65536 IP addresses in the range of 10.0.0.0 to 10.0.255.255.

I’ll instruct the simulation form to calculate how many IPs you’ll receive with CIDR. Please refer the below table.

If you work your way down the list from the top, all you have to do is divide the total number of IP addresses by 2 to get the next CIDR total IP address.

In above table /16 = 65536

What is the best way to get /17 IP rage?

= /16 Total IP divided by 2

= 65536 divided by 2 equals 32768

The total number of IP addresses for the next CIDR /17 is 32768.

Subnet:

A subnet, also known as a subnetwork, is a network that exists within another network. Subnets improve the efficiency of networks. Subnetting allows network traffic to travel a shorter distance to its destination without having to pass through any unnecessary routers.

A subnet is a smaller network area within a virtual private cloud (VPC); when you create a subnet, you must first select the VPC in which you want to create the subnet, then the name of the subnet, and then the AZ in which the subnet will be created. Additionally, you must mention CIDR rage for subnet (smaller network) within VPC CIDR.

For example, if you live in Delhi, India, and someone needs to come to your home, you must provide the correct and complete address, including the flat number, building name, area name, and city name, among other things. If someone came to Delhi looking for you and didn’t have your address, they would have to visit roughly 6.5 million houses to find you. So imagine how long it takes to just find your house to say hello. On the other hand, if he knows your complete address, he will travel directly to Delhi and the area in which your house is located. Think about how much time he saved.

In this case, you compare Delhi as a VPC (10.0.0.0/16) with a 65536 IP address, the area name as a subnet with a smaller network area within the VPC, and the flat number and building as an IP address.

A subnet must be associated with a single availability zone.

================================================================================

I hope you now have a good understanding of what an AWS region, Availability Zone, and VPC are. I’m assuming I answered all of your questions. I tried to keep this blog as layman as possible so that everyone could understand the concept.

We will go into greater detail in Network concepts like VPC in other blogs that we will post in the future.

https://www.linkedin.com/pulse/simplest-explanation-aws-region-az-vpc-rohit-malik/