Router   Internet   Customer   VPN Gateway   VPN Connection         Gateway    Gateway
Internet                                                                          10.134.2.3     10.1.2.3                 ...
Internet                Public IPs  Elastic IPs                                              Public IPs  Elastic IPs      ...
Internet                                                                          10.134.2.3     10.1.2.3                 ...
Internet                                                                            10.0.1.6           10.0.0.5           ...
Internet     VPC Subnet                                                         VPC Subnet     10.0.0.5                   ...
Internet     VPC Subnet                                                                     VPC Subnet     10.0.0.5       ...
InternetX    VPN Connection                          Customer Gateway                                             Customer...
Internet                                                                 Internet Gateway     VPC Subnet                  ...
Creating a VPCC:>ec2-create-vpc 10.0.0.0/16C:>ec2-create-subnet -c vpc-eabab681 -i    10.0.0.0/24 -z us-east-1bC:>ec2-crea...
Network ACLs   Egress filtering   Change SG                       Multiple elastic membership on                    networ...
10.10.0.10      10.10.0.11   10.10.0.12
Demo
monitor.sh#!/bin/shEC2_URL=https://ec2.us-west-2.amazonaws.com. /etc/profile.d/aws-apitools-common.shecho `date` "-- Start...
Demo
Public Subnet 1    Public Subnet 2Private Subnet 1   Private Subnet 2
External LBPublic Subnet 1                   Public Subnet 2                    Internal LBPrivate Subnet 1               ...
IDS / DLP   IDS / DLPPublic Subnet 1                Public Subnet 2Private Subnet 1              Private Subnet 2
Demo
Singapore   Japan
We are sincerely eager to hear your feedback on thispresentation and on re:Invent. Please fill out an evaluation   form wh...
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012
Upcoming SlideShare
Loading in …5
×

CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012

3,230 views

Published on

Take Amazon EC2 to the next level and create a virtual network in the AWS cloud using our API-defined networking solutions. Learn how to create networks that closely resemble those used in a traditional data center, enhance your knowledge of elastic network interfaces and multiple IP addresses for EC2 instances, and learn how to leverage egress filtering and network ACLs for an additional layer of security for your network. In addition to discussing virtual network security appliances, internal load balancing, and site to site VPN connectivity, we also discuss the past, present, and future for Amazon virtual networking.

1 Comment
4 Likes
Statistics
Notes
No Downloads
Views
Total views
3,230
On SlideShare
0
From Embeds
0
Number of Embeds
896
Actions
Shares
0
Downloads
0
Comments
1
Likes
4
Embeds 0
No embeds

No notes for slide

CPN207 Virtual Networking in the Cloud - AWS re: Invent 2012

  1. 1. Router Internet Customer VPN Gateway VPN Connection Gateway Gateway
  2. 2. Internet 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1a Customer 1 Customer 2 Customer 3
  3. 3. Internet Public IPs Elastic IPs Public IPs Elastic IPs 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1a Customer 1 Customer 2 Customer 3
  4. 4. Internet 10.134.2.3 10.1.2.3 10.218.5.17 10.27.45.16 10.243.3.5 10.8.55.5 10.141.9.810.99.42.97 10.155.6.7 10.16.22.33 10.131.7.28 10.6.78.201 Availability Zone 1a Availability Zone 1a Customer 1 Customer 2 Customer 3 VPC Customer
  5. 5. Internet 10.0.1.6 10.0.0.5 10.0.1.510.0.0.6 10.0.1.8 10.0.3.5 10.0.1.25 10.0.3.17 Availability Zone 1a Availability Zone 1a VPC Customer
  6. 6. Internet VPC Subnet VPC Subnet 10.0.0.5 10.0.1.5 10.0.1.6 VPC Subnet10.0.0.6 10.0.1.8 10.0.3.5 10.0.1.25 10.0.3.17 Availability Zone 1a Availability Zone 1a VPC Customer
  7. 7. Internet VPC Subnet VPC Subnet 10.0.0.5 10.0.1.5 10.0.1.6 VPC Subnet10.0.0.6 10.0.1.8 10.0.3.5 10.0.1.25 10.0.3.17 Virtual Private Gateway Availability Zone 1a Availability Zone 1a VPN Connection Customer Gateway Customer Data Center
  8. 8. InternetX VPN Connection Customer Gateway Customer Data Center
  9. 9. Internet Internet Gateway VPC Subnet VPC Subnet 10.0.0.5 10.0.1.5 10.0.1.6 VPC Subnet10.0.0.6 10.0.1.8 10.0.3.5 10.0.1.25 10.0.3.17 Virtual Private Gateway Availability Zone 1a Availability Zone 1a VPN Connection Customer Gateway Customer Data Center
  10. 10. Creating a VPCC:>ec2-create-vpc 10.0.0.0/16C:>ec2-create-subnet -c vpc-eabab681 -i 10.0.0.0/24 -z us-east-1bC:>ec2-create-internet-gatewayC:>ec2-attach-internet-gateway igw-33bbb758 -c vpc-eabab681C:>ec2-describe-route-tablesC:>ec2-create-route rtb-e8bab683 -r 0.0.0.0/0 -g igw-33bbb758
  11. 11. Network ACLs Egress filtering Change SG Multiple elastic membership on network interfacesrunning instances Multiple IP addresses Support for all protocols
  12. 12. 10.10.0.10 10.10.0.11 10.10.0.12
  13. 13. Demo
  14. 14. monitor.sh#!/bin/shEC2_URL=https://ec2.us-west-2.amazonaws.com. /etc/profile.d/aws-apitools-common.shecho `date` "-- Starting HA monitor" > /tmp/ha_monitor.logwhile [ . ]; do pingresult=`ping -c 3 -W 1 10.10.0.12 | grep icmp | wc -l` if [ "$pingresult" == "0" ]; then echo `date` "-- HA heartbeat failed, taking over VIP" >> /tmp/ha_monitor.log ec2-assign-private-ip-addresses -n eni-a80b97c1 --secondary-private-ip-address10.10.0.10 --allow-reassignment -U $EC2_URL >> /tmp/ha_monitor.log pingresult=`ping -c 1 -W 1 10.10.0.10 | grep icmp | wc -l` if [ "$pingresult" == "0" ]; then echo `date` "--Restarting network" >> /tmp/ha_monitor.log service network restart >> /tmp/ha_monitor.log fi sleep 60 fi sleep 2done
  15. 15. Demo
  16. 16. Public Subnet 1 Public Subnet 2Private Subnet 1 Private Subnet 2
  17. 17. External LBPublic Subnet 1 Public Subnet 2 Internal LBPrivate Subnet 1 Private Subnet 2
  18. 18. IDS / DLP IDS / DLPPublic Subnet 1 Public Subnet 2Private Subnet 1 Private Subnet 2
  19. 19. Demo
  20. 20. Singapore Japan
  21. 21. We are sincerely eager to hear your feedback on thispresentation and on re:Invent. Please fill out an evaluation form when you have a chance.

×