How public ipv4 addresses works in any cloud service.
Let consider GCP,
If all the Virtual Machines has public IPv4 addresses then IPv4 will runs out, because it has some limit but we can create a lot of machines on the cloud.
Same goes with either AWS or Azure.
So how they manage the IPv4 addresses?
A simple answer to your question is that cloud service providers like Azure, AWS, etc. have a pool of public IP addresses. These IP addresses are assigned to VMs when required and are released when your job is done.
You need to understand few things about IPv4 addresses.
There are two types of IPv4 addresses: Public IP address and private IP address
You can use only public IP addresses on the Internet. (Private IP addresses can be used only inside your network or company)
Every machine on the internet must have a unique IP address.
If you assign public addresses to every device (VMs) then they will get extinct. To overcome this problem we can use private IP addresses. Same Private IP addresses can be used by different organization at the same time. But what about the uniqueness? There comes the concept of NAT.
NAT allows you to use private IP addresses within an organization or your network and also allows you to communicate over Internet.
You can read more about NAT over here
In depth knowledge about NAT over here
Related
What is the real difference between Internal and Private address on GCP ?
In the documentation it's said:
"Internal IP addresses can be private addresses or privately reused public IP addresses.",
"All private IP addresses are internal IP addresses; however, not all internal IP addresses are private IP addresses."
IMHO the real difference is not explained in details.
The difference between Internal and Private IP address is described here. Resource within a VPC network communicate with one another using internal IP address. Also VM's uses internal address to communicate Google API's and services. There is a valid ranges of Private IP within the Internal IP address are 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
When using TCP/IP Sockets (IPv4) for sending data from one to another device I can only access devices over their private IP address within my own WiFi. I can not send TCPs to public IP addresses because the NAT (Network Address Translation) rejects them or struggles translating into private IPs.
But with IPv6 every device gets it's own public IP. I suppose there are no private IPs then, are there? So there should not be problems with the NAT such as symmetric NAT because there will be no need of NAT.
Assuming both devices support IPv6 and know their IPv6 addresses: can I send data directly from one to the other device?
But with IPv6 every device gets it's own public IP. I suppose there are no private IPs then, are there?
Not all IPv6 addresses are public. There are loopback addresses, link-local addresses, local addresses ... - see IPv6 - Special Addresses. Devices usually have multiple IPv6 addresses (i.e. loopback, link-local, ...), but there is no guarantee that they have a global IPv6 address. This depends a lot on the network setup.
can I send data directly from one to the other device?
If both devices have a public IP, you can send data from one to the other. Only, it might not be received by the other device since firewalls deny such traffic. It is actually pretty common that a SoHo router, at least by default, doesn't allow initiating IPv6 connections from outside. Corporate firewalls also usually deny this. There might be firewalls on the device itself, too. And so on.
I want to access localhost of a computer but other computers in the same network also has the same public IP. Can we access its localhost host by knowing both(public and private) IP address of that computer. I want to connect to it directly(not through any software like ngrok or VPN).
Thanks in advance.
You can only access localhost on the computer itself. Localhost refers to 'this node' by definition.
When communicating on an internal network you usually use the private IP addresses, not the public one(s). Connecting to a computer with a private IP behind a public IP requires reverse NAT aka destination NAT aka port mapping.
Connecting out from and right back into the same network through NAT may require a special firewall setup aka hairpinning. It's usually easier and faster to use split-brain DNS and resolve the public name to the private IP address of the device.
I'm asking about if the IP address of my router (my "public" IP address) is actually unique, i.e. it is not shared with other routers/hosts over the Internet.
If it is the case, I imagine that there will be some NAT policies applied by my ISP, which translates my "public" IP address and the port of my connection in some other IP:port pair (just like happens in local NAT).
Many operators use a version of NAT which is called by several names: Carrier Grade NAT, NAT 44, Large Scale NAT.
Essentially the operators use private addressing between the network core and the edge devices (i.e. your router) and then translate the private addresses to public addresses at the core of their network before traffic goes to another network.
There is not a one to one mapping between the private addresses and the public addresses, and even port numbers can be reused over time.
So to identify a given private address and hence user from the operator logs, you need to look at the public IP address, the public port and the timestamp (as the same public IP and port may be mapped to a different private IP at a different time).
Things start to get even more complex when you try to make the network devices as optimised as possible - there are mechanisms to try to assign to same public IP and port to a private IP that it has used previously for efficiency. This can give the impression to an end device that it has a static IP mapping in the NAT, but often this is not actually the case.
Finally, all the above is independent of any locate NAT you may have in your home or business - i.e. you can and probably will have a NAT translation on you local router for your locals devices also.
Unlike IP addresses, public IP addresses are not used in a local network but only on the internet. The routers (iphone: your box) IP address to internet, it that rent your box visible on the internet (it will respond to the ping). But also, when you use a website you use the public address of the web server.
A public IP address is unique in the world, which is not the case for private addresses which must be unique in the same local network but not at the global level since these addresses can not be routed on the internet.
Public IP addresses that list all IP addresses of classes A, B, and C that are part of the list of private addresses for those classes or class A exceptions.
I am setting up a VPC on Amazon AWS using Scenario 2: VPC with Public and Private Subnets.
In the "Adding Rules to the WebServerSG Security Group" section, it specifies to set an inbound SSH rule, specifying allowed sources to be: "Your network's public IP address range".
I have an elastic IP address assigned to my NAT EC2 device. When I created my public web server (in the public subnet) I also assigned a public IP address to it (as part of the wizard). This does not appear in my elastic IP list for some reason (although I believe them to be the same thing right?). They are are not contiguous addresses.
I am not sure exactly what is supposed to happen here. Am I supposed to be able to ssh into the web server in the public subnet? Why would I specify that the only source to be able to ssh into the web server is my network's public IP address range? When I set the allowable source address to either of the public IPs, my connection is refused. Am I supposed to be SSH-ing somewhere else.
Could someone please explain to me exactly how this setup is supposed to work, in terms of how I am supposed to be SSH-ing into the instances remotely?
"Your network's public IP address range" means the network where you are -- not EC2... it refers to the public IP address or range of the computer where you're sitting now, your office network, your home network, any network where your traffic will be be coming from when you want to access the EC2 machines remotely to administer them.