- A subnet is an isolated local network confined in a single AZ.
- Different application tiers are in different subnets.
- 5 IPs are reserved for a subnet (ex. /24 network 251 IPs available)
- 0 (first) – Network, 1 – Router, 2 – DNS, 3 – Future, X (last) – Broadcast
- Subnets must be associated with a route table.
- Subnets are by default private unless created in a default VPC.
- The CIDR block of a subnet cannot overlap the CIDR blocks of other subnets in the same VPC.
- One route table is attached to a subnet, but multiple route tables can be created in VPC, unlike IGW.
- Every VPC has a virtual routing device called the VPC router.
- A router has a collection (route table) of rules. A route contains a destination and a target.
- Route Table is a set of rules, called routes.
- By default, all subnets’ traffic is allowed within a VPC, which is called a local route.
- If multiple routes apply, the most specific one is chosen (/32 is chosen before /24).
- A default route (0.0.0.0/0 or ::/0) can be added that match any traffic not already matched.
- The default VPC already has a main route table: local route + IGW
- Subnets can be public or private.
- A subnet is public when
- (1) The subnet has a public IP or EIP; You can modify auto-assign IP settings for a subnet.
- (2) VPC has an Internet Gateway.
- (3) The subnet has a route to send all non-local traffic to the Internet Gateway.
- And (4) Network ACL and security groups allow sending and receiving traffic from the Internet.