Scribd
Upload
34 views39 pages

Mod 10 Networking 2

Uploaded by

Idris Yusuf
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
34 views39 pages

Mod 10 Networking 2

Uploaded by

Idris Yusuf
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 39

Architecting on AWS

Module 10: Networking 2

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Poll question How many VPCs does your organization use?

A. <20

B. 20 to 100

C. >100

D. I’m not sure

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2
Module overview
• Business requests
• VPC endpoints
• VPC peering
• Hybrid networking
• AWS Transit Gateway
• Present solutions
• Knowledge check

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3
Business requests The network engineer needs to know:
• What can we do to keep our connections to
AWS services private?
• How can we privately route traffic between our
VPCs?
• What are our options to connect our on-
premises network to the AWS Cloud?
• Which services can reduce the number of route
tables we need to manage our global network?
Network Engineer

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 4
VPC endpoints

“What can we do to keep our connections to AWS services private?”

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC endpoints

Access AWS services


without an internet
gateway, NAT gateway,
or public IP address.

VPC endpoints are:


• Horizontally scaled
• Redundant
• Highly available

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 6
Gateway and interface VPC endpoints

Gateway endpoint Interface endpoint

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 7
Gateway VPC endpoints

Destination Target
172.16.0.0/16 local
0.0.0.0/0 internet-
gateway-id

Destination Target
172.16.0.0/16 local
S3.prefix.list vpce-s3
DDB.prefix.list vpce-ddb

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 8
Interface VPC endpoints

Destination Target
172.16.0.0/16 local
0.0.0.0/0 internet-
gateway-id

Destination Target
172.16.0.0/16 local

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 9
VPC peering

“How can we privately route traffic between our VPCs?“

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC peering

Route Table: VPC A Route Table: VPC B


Destination Target Destination Target
VPC peering connects 10.1.0.0/16 local 10.2.0.0/16 local
networks between two
10.2.0.0/16 PCX-1 10.1.0.0/16 PCX-1
VPCs.
VPC A PCX-1 VPC B
• Intra-region and inter-
region support
• Cross-account support 10.1.0.0/16 VPC peering 10.2.0.0/16

Note: IP spaces cannot overlap

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11
Multiple VPC peering connections

Peering Peering connection


VPC A connection VPC B VPC C

10.1.0.0/16 10.2.0.0/16 10.3.0.0/16

Note: No transitive peering relationships

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 12
Benefits of VPC peering

• Bypasses the internet gateway or virtual private


gateway

• Provides highly available connections—no single point


of failure

• Avoids bandwidth bottlenecks

• Uses private IP addresses to direct traffic between


VPCs

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 13
Example: VPC peering for shared services

• App VPCs
have no
peering with
each other.

• You cannot use


the shared
services VPC
as a transit
point between
app VPCs.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 14
Example: Full mesh VPC peering
Destination Target
B Local
A PCX-1
C PCX-2
D PCX-3
E PCX-4

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 15
Hybrid networking

“What are our options to connect our on-premises network to the AWS
Cloud?”

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Site-to-Site VPN

• Managed
connection
• Static or
dynamic VPN

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 21
AWS Direct Connect
Create a fiber link from your data center to your AWS resources.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 22
Direct Connect and AWS Site-to-Site VPN pricing

Direct Connect Site-to-Site VPN

• Capacity (Mbps) • Connection fee (per hour)

• Port hours • Data transfer out (DTO)

• Time that a port is provisioned for your use in • Measured per gigabyte (GB)
the data center
• First 100 GB are at no charge

• Data transfer out (DTO)

• Measured per gigabyte (GB)

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 23
Choosing AWS VPN or Direct Connect

AWS Site-to-Site VPN Direct Connect


Limited to 1.25 Gbps connection Sub-1, 1, 10, or 100 Gbps connection
maximum options

Faster to configure than Direct Connect Requires special agreements and


physical cabling to the data center
Don’t have to pay for inactive Pay for port hours whether the
connections connection is active or not
Encrypted in transit by default, but Not encrypted by default, but it’s a
travels over public internet private, dedicated connection

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 24
AWS Transit Gateway

“Which services can reduce the number of route tables we need to manage
our global network?”

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway

• Connects up to
5,000 VPCs and
on-premises
environments
• Acts as a hub for
all traffic to flow
through
• Allows multicast
and inter-Region
peering

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 26
Scaling your network with Transit Gateway

• Attachment-
based
• Flexible
routing and
segmentation
• Simplified
connections
• Highly
available and
scalable

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 27
Transit Gateway components

Attachments Transit
gateway route
tables
VPC VPN connection

Direct Connect gateway

Transit Gateway Connect or


Transit Gateway peering

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 28
Transit Gateway setup

Networks
Attachment

• Attach VPCs, VPN,


VPC
Direct Connect
gateway, and transit
gateway peering
connections. VPN connection
• Network attachments
must be in the same
Region as the transit Direct Connect gateway
gateway. Transit Gateway

Transit gateway peering

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 29
Full connectivity

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 30
Partial connectivity

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 31
Isolation with full access from a VPN

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 32
Review

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Present Consider how you would answer the
solutions following:
• What can we do to keep our connections to
AWS services private?
• How can we privately route traffic between our
VPCs?
• What are our options to connect our on-
premises network to the AWS Cloud?
• Which services can reduce the number of route
Network Engineer tables we need to manage our global network?

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 35
Module review

In this module you learned about:


VPC endpoints Hybrid networking
VPC peering Transit Gateway

Next, you will review:


Knowledge check

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 36
Knowledge check

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved.
37
Knowledge check question 1

What is a connection to a transit gateway called?

A VPN

B Attachment

C Route

D VPC

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 38
Knowledge check question 1 and answer

What is a connection to a transit gateway called?

A VPN

B
correct Attachment

C Route

D VPC

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 39
Knowledge check question 2

What are the components of an AWS Site-to-Site VPN connection? (Select TWO.)

A Customer gateway device

B Interface endpoint

C Virtual private gateway

D VPC peering connection

E Gateway endpoint

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 40
Knowledge check question 2 and answer

What are the components of an AWS Site-to-Site VPN connection? (Select TWO.)

A
correct Customer gateway device

B Interface endpoint

C
correct Virtual private gateway

D VPC peering connection

E Gateway endpoint

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 41
Knowledge check question 3

What is true of VPC peering connections? (Select TWO.)

A Connections are one-to-many.

B Connections are one-to-one.

C Connections require a transit gateway.

D Connections can span accounts.

E Connections are transitive.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 42
Knowledge check question 3 and answer

What is true of VPC peering connections? (Select TWO.)

A Connections are one-to-many.

B
correct Connections are one-to-one.

C Connections require a transit gateway.

D
correct Connections can span accounts.

E Connections are transitive.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 43
End of Module 10

Corrections, feedback, or other questions?


Contact us at https://support.aws.amazon.com/#/contacts/aws-training.
All trademarks are the property of their owners.

© 2022, Amazon Web Services, Inc. or its affiliates. All rights reserved. 44

You might also like