We all know that there are reserved IP range CIDR from the entire pool of IPV4 address range that is 2^32 (0.0.0.0 and 255.255.255.255) and that range includes 10.0.0.0/8 (10.0.0.0 - 10.255.255.255) 172.16.0.0/12 (172.16.0.0 - 172.31.255.255) 192.168.0.0/16 (192.168.0.0 - 192.168.255.255)
So if any organization were to set up its LAN (intranet), it can only use one of the above three.
But when it comes to AWS or any cloud provider, it seems they allow to create VPC using public IPV4 CIDR range which means any instance created in a private/public subnet in that VPC can default to a private IP address that can still actually be a public routable address outside of the above reserved private pool.
As stated under https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html "We refer to private IP addresses as the IP addresses that are within the IPv4 CIDR range of the VPC. Most VPC IP address ranges fall within the private (non-publicly routable) IP address ranges specified in RFC 1918; however, you can use publicly routable CIDR blocks for your VPC. Regardless of the IP address range of your VPC, we do not support direct access to the Internet from your VPC's CIDR block, including a publicly-routable CIDR block" So my question is how does AWS do this. I know DHCP/routing etc have their own mechanism, but how is it allowed to even choose a global public IPV4 address (WAN address pool) as private address inside its VPC. How does IETF/IANA allow that. Also if i were to set up my private home network why can't i then choose for my LAN those public IPV4 address range as oppossed to 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16.
I do understand that choosing public ips have their own risks since then if they conflict with actual ones on the internet i won't be able to browse those public sites from my private network. But then how does AWS manage this. Is it that it gives it the acronym as private IP and so if the same corresponding public ip is hit it will still resolve it as public and render you the site (i mean directly hitting the site public IP) or will it not see that its my own private ip and resolve it through its own private DNS
In case you choose a global public IPV4 (outside of reserved pool) as your EC2 private address, the routing tables for the subnet where the EC2 resides will decide how to resolve it and in that case the order of precedence would be how the route tables are set up . So usually its like :- Destination (your VPC CIDR) Target local
So the moment you hit that private IP from your network, the route table will see its a local VPC IP and resolve it to that EC2 private DNS, so you won't be able to resolve that to the actual global IP.