AWS Network IP Addressing
Unlike other cloud-computing providers, which assign a fixed range of addresses to virtual machines hosted within a customer’s assigned VLANs, AWS dynamically assigns IP addresses from within its own IP address range. To start off, every instance on the network has its own virtual network interfacecard, or VNIC — a software construct that mimics the functionality of a hardware NIC.
The Xen hypervisor within AWS maps traffic between each instance’s VNIC and the actual hardware NIC on the physical server on which the Xen hypervisor runs. AWS assigns two IP addresses to an instance’s VNIC: a public IP addressand a private IP address. The latter is within the 10.X.X.X address range — a range designed to be unroutable over the public Internet and to serve to enable private traffic within data centers. Having two IP addresses means that each instance can send and receive traffic from outside AWS on a public IP address that anyone can reach.
The difference between the two IP addresses is quite important, however, for your AWS bill because traffic within the local AWS network (the 10.X.X.Xaddresses, in other words) is at a much lower cost than traffic sent to public IP addresses. The key aspect of this concept relates to network traffic sent by an instance —all inbound traffic (traffic that an instance receives) is free whether it comesfrom inside AWS or via the public Internet. Outbound traffic (traffic thatan instance sends), on the other hand, is low cost if its destination resides within the same AWS region and incurs a high network charge if the network address resides outside AWS.
Users now have three choices for network traffic:
✓ Intraregional: Traffic between AWS resources within a given region (for example, US East); free for sending and receiving traffic.
✓ Interregional: Traffic between AWS resources in different regions. For each resource, any traffic it receives is free, but traffic it sends incurs a fee (an admittedly low one).
✓ Extraregional: Traffic between an AWS resource and a non-AWS resource; traffic to the AWS resource is free, and any traffic sent by the resource incurs a full traffic fee.
Network cost is based on total gigabytes of traffic sent during a month and is based on the price per gigabyte. The first gigabyte of traffic per month is free; traffic ranging from 2 gigabytes to 10 terabytes per month is $.12 per gigabyte. As traffic increases beyond 10 terabytes per month, the cost per gigabyte decreases; at 350 terabytes per month, a gigabyte is only $.05; above that level, you’re asked to contact AWS to (presumably) strike a custom-pricing deal.
Instance IP addresses aren’t persistent. Every instance that’s launched is assigned an address from the general pool of IP addresses — clearly an issue, for two reasons:
✓ People need to be able to find your site if they want to access your application for an extended period. You want people to access your corporate website (for example, for many years), yet every time you launch an instance that runs your website, it is assigned a new public IP address. In other words, how can you manage the DNS mapping for your website when the IP address associated with your company website (say, www.example.com) changes every time you launch the website’sinstance? The answer to this question is “Elastic IP addresses" .
✓ In a complex application topology, every instance is dynamically assigned a private IP address at launch-time, and it needs to be able to find other instances. For example, you may have several web servers,a couple application servers, and a couple database servers. If a web server has just been launched and it needs to connect to the two application servers, how can it find their IP addresses so that it can send and receive network traffic to them? see section “Instance IP address communication.”