Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018

1,613 views

Published on

AWS Direct Connect provides a more consistent network experience for accessing your AWS resources, typically with greater bandwidth and reduced network costs. This session dives deep into the features of AWS Direct Connect, including public and private virtual Interfaces, Direct Connect Gateway, global access, local preference communities, and more.

  • DOWNLOAD THAT BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download Full EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download Full doc Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download PDF EBOOK here { http://bit.ly/2m77EgH } ......................................................................................................................... Download EPUB Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... Download doc Ebook here { http://bit.ly/2m77EgH } ......................................................................................................................... ......................................................................................................................... ................................................................................................................................... eBook is an electronic version of a traditional print book that can be read by using a personal computer or by using an eBook reader. (An eBook reader can be a software application for use on a computer such as Microsoft's free Reader application, or a book-sized computer that is used solely as a reading device such as Nuvomedia's Rocket eBook.) Users can purchase an eBook on diskette or CD, but the most popular method of getting an eBook is to purchase a downloadable file of the eBook (or other reading material) from a Web site (such as Barnes and Noble) to be read from the user's computer or reading device. Generally, an eBook can be downloaded in five minutes or less ......................................................................................................................... .............. Browse by Genre Available eBooks .............................................................................................................................. Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, ......................................................................................................................... ......................................................................................................................... .....BEST SELLER FOR EBOOK RECOMMEND............................................................. ......................................................................................................................... Blowout: Corrupted Democracy, Rogue State Russia, and the Richest, Most Destructive Industry on Earth,-- The Ride of a Lifetime: Lessons Learned from 15 Years as CEO of the Walt Disney Company,-- Call Sign Chaos: Learning to Lead,-- StrengthsFinder 2.0,-- Stillness Is the Key,-- She Said: Breaking the Sexual Harassment Story That Helped Ignite a Movement,-- Atomic Habits: An Easy & Proven Way to Build Good Habits & Break Bad Ones,-- Everything Is Figureoutable,-- What It Takes: Lessons in the Pursuit of Excellence,-- Rich Dad Poor Dad: What the Rich Teach Their Kids About Money That the Poor and Middle Class Do Not!,-- The Total Money Makeover: Classic Edition: A Proven Plan for Financial Fitness,-- Shut Up and Listen!: Hard Business Truths that Will Help You Succeed, ......................................................................................................................... .........................................................................................................................
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y3nhqquc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018

  1. 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Direct Connect: Deep Dive Justin Davies Solutions Architect AWS/Solutions Architecture N E T 4 0 3
  2. 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What’s going on here? policy-options policy-statement TO-AWS term tag-aws from route-filter 0.0.0.0/0 exact; then community add TAG-TO-AWS; accept; community TAG-TO-AWS-HIGH-PREF members 7224:7300;
  3. 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Level set—review New features and functionality Route manipulation and traffic engineering How is AWS Direct Connect billed? How to manage hybrid DNS scenarios over AWS Direct Connect Architectural best practices and resiliency
  4. 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review On-premises
  5. 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Amazon Virtual Private Cloud (Amazon VPC) On-premises
  6. 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Availability Zone On-premises
  7. 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Availability Zone On-premises
  8. 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Subnet On-premises
  9. 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Subnet Virtual private gateway On-premises
  10. 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Subnet Virtual Private Gateway On-premises
  11. 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Subnet Virtual Private Gateway Direct Connect On-premises
  12. 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Direct Connect On-premises Customer backbone Amazon
  13. 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Direct Connect On-premises Customer backbone Amazon
  14. 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Direct Connect Amazon … Public Private
  15. 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Level set—Review Direct Connect Amazon … Public Private
  16. 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Direct Connect specifications Direct Connect 1G, 10G,
  17. 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Direct Connect specifications Direct Connect
  18. 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Direct Connect specifications Direct Connect
  19. 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Direct Connect specifications Direct Connect
  20. 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Direct Connect specifications Direct Connect
  21. 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private VIF Private Virtual Private Gateway Physical connection VLAN ID VIF name & owner On-prem ASN *AWS ASN
  22. 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private VIF Private Virtual Private Gateway Physical connection VLAN ID VIF name & owner On-prem ASN *AWS ASN 50 VIFs
  23. 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public VIF … Public Public VIF Physical connection VLAN ID VIF name & owner On-prem ASN Public peer IPs (v4)
  24. 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public VIF … Public Public VIF Physical connection VLAN ID VIF name & owner On-prem ASN Public peer IPs (v4)
  25. 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. ”Home” region https://aws.amazon.com/directconnect/features/ us-east-1 us-west-2
  26. 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Do I need to have a BGP session for every VPC?
  27. 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Can I connect to VPCs outside of my “home” region?
  28. 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Can I connect to VPCs outside of my “home” region?
  29. 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Can I reduce my BGP peers and simplify connectivity?
  30. 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. So what is a Direct Connect Gateway?
  31. 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct ConnectYou specify: “name”
  32. 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct Connect Gateway 1 2 10 Attached
  33. 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct Connect Gateway Account 1 Account 1 Account 2 Direct Connect
  34. 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. So how does this scale?
  35. 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct Connect Gateway—Scaling Account 1 Account 1 Account 1 Direct Connect Attach 10
  36. 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct Connect Gateway—Scaling Account 1 Account 1 Account 2 Direct Connect Attach 10
  37. 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct Connect Gateway—Scaling Account 1 Account 1 Account 2 Direct Connect Attach 10
  38. 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct Connect Gateway—Scaling Account 1 Account 1 Account 2 Direct Connect
  39. 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do routes work?
  40. 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do routes work?
  41. 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  42. 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Before Logical Redundancy Direct Connect CustomerDirect Connect Device
  43. 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Before Logical Redundancy Direct Connect CustomerDirect Connect
  44. 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Before Logical Redundancy Direct Connect
  45. 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Logical Redundancy (NEW) Direct Connect CustomerDirect Connect Direct Connect
  46. 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Logical Redundancy (NEW) Direct Connect Customer Direct Connect
  47. 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How does this change my physical redundancy?
  48. 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Logical & Physical Redundancy Direct Connect CustomerDirect Connect Direct Connect
  49. 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Is logical redundancy available?
  50. 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Redundant BGP Sessions
  51. 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  52. 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  53. 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  54. 54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  55. 55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  56. 56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  57. 57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  58. 58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  59. 59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  60. 60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  61. 61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  62. 62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  63. 63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  64. 64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  65. 65. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  66. 66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  67. 67. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC & Direct Connect route selection
  68. 68. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route selection East - DC West - DC East West 172.16.0.0/16 65001, 65001, 65001 172.16.0.0/16 65001, 65001 us-east-1
  69. 69. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route selection East - DC West - DC East West 172.16.0.0/16 65001, 65001, 65001 172.16.0.0/16 65001, 65001 *Preferred route leaving AWS us-east-1
  70. 70. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route selection East - DC West - DC East West 172.16.0.0/16 65001, 65001, 65001 172.16.0.0/16 65001, 65001 172.16.0.0/16 65001 *Preferred route leaving AWS us-east-1
  71. 71. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route selection East - DC West - DC East West 172.16.0.0/16 65001, 65001, 65001 172.16.0.0/16 65001, 65001 172.16.0.0/24 65001 *Preferred route leaving AWS us-east-1 *Longest prefix match
  72. 72. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. BGP communities & local—preference
  73. 73. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public VIF communities—Controls your prefix scope
  74. 74. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public VIF communities—Controls AWS prefix scope
  75. 75. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private VIF communities: AWS egress local-pref
  76. 76. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route selection East - DC West - DC East West 172.16.0.0/16 65001, 65001, 65001 172.16.0.0/16 65001, 65001 172.16.0.0/16 65001 *Preferred route leaving AWS us-east-1
  77. 77. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route selection East - DC West - DC East West 172.16.0.0/16 7224:7100 (low) 65001, 65001, 65001 172.16.0.0/16 7224:7100 (Low) 65001, 65001 172.16.0.0/16 7224:7300 (high) 65001 *Preferred route leaving AWS us-east-1
  78. 78. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Applying communities to prefixes policy-options policy-statement TO-AWS term tag-aws from route-filter 0.0.0.0/0 exact; then community add TAG-TO-AWS; accept; community TAG-TO-AWS-HIGH-PREF members 7224:7300; Juniper example
  79. 79. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Applying communities to prefixes ip bgp-community new-format ip prefix-list TAG-TO-AWS permit 0.0.0.0/0 le 32 route-map TO-AWS permit 10 match ip address prefix-list TAG-TO-AWS set community 7224:7300 router bgp 65400 address-family ipv4 neighbor 169.254.221.5 send-community neighbor 169.254.221.5 route-map TO-AWS out Cisco example
  80. 80. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  81. 81. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. I manage the network. I’m not sure what all these VPCs are really doing. How does billing work?
  82. 82. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1G = $0.30/port hour 10G = $2.25/port hour *All locations except Japan Data-Transfer-OUT Source: United States VPC, S3, DDB … Destination: Switch, SUPERNAP Las Vegas $0.0200/GB Out https://aws.amazon.com/directconnect/pricing/ Direct Connect Billing
  83. 83. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1G = $0.30/port hour 10G = $2.25/port hour *All locations except Japan Data-Transfer-OUT Source: Ireland (eu-west-1) VPC, S3, DDB … Destination: Switch, SUPERNAP Las Vegas $0.0282/GB Out https://aws.amazon.com/directconnect/pricing/ Direct Connect Billing
  84. 84. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct Connect: Port cost https://aws.amazon.com/directconnect/pricing/
  85. 85. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Direct Connect: Data-transfer-out cost https://aws.amazon.com/directconnect/pricing/
  86. 86. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. What if I have multiple accounts?
  87. 87. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account 1 Account 2 Account 3 Account 4 Organization (master payer account) Direct Connect Billing $
  88. 88. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Account 1 Account 2 Account 3 Account 4 Direct Connect Billing $ Source account
  89. 89. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  90. 90. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. I manage DNS servers on-premises today. How can I resolve resources between my VPC resources and on-premises?
  91. 91. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.0/24 (myvpc.com) 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 10.0.0.0/16 (mydc.com)
  92. 92. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Host one: Where is ”two.myvpc.com” 1 192.168.1.2 192.168.1.0/24 (myvpc.com) mydc.com
  93. 93. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Host one: Where is ”two.myvpc.com” 2. Amazon Route 53: Oh, that’s 192.168.1.11 1 192.168.1.2 192.168.1.0/24 (myvpc.com) 2 mydc.com
  94. 94. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Host one: Where is ”two.myvpc.com” 2. Amazon Route 53: Oh, that’s 192.168.1.11 1 192.168.1.2 192.168.1.0/24 (myvpc.com) 2 mydc.com
  95. 95. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 192.168.1.2 192.168.1.0/24 (myvpc.com) mydc.com 1
  96. 96. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 2. On-prem DNS: Conditional forward? 192.168.1.2 192.168.1.0/24 (myvpc.com) mydc.com 1 2
  97. 97. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 2. On-prem DNS: Conditional forward? 3. I don’t know, can’t reach 192.168.1.2 192.168.1.2 192.168.1.0/24 (myvpc.com) mydc.com 1 2 X
  98. 98. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 192.168.1.2 192.168.1.0/24 (myvpc.com) mydc.com Unbound 1
  99. 99. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 2. On-prem DNS: Forward to Unbound 192.168.1.2 192.168.1.0/24 (myvpc.com) mydc.com Unbound 1 2
  100. 100. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 2. On-prem DNS: Forward to Unbound 3. Unbound forward to Route 53 192.168.1.2 192.168.1.0/24 (myvpc.com) mydc.com Unbound 1 2 3
  101. 101. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid hosted zones 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 2. On-prem DNS: Forward to Unbound 3. Unbound forward to Route 53 4. Reply to requester 192.168.1.2 192.168.1.0/24 (myvpc.com) mydc.com Unbound 1 2 3 4
  102. 102. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Route 53 Resolver Primary Availability Zone 1 Secondary Tertiary Availability Zone 2 Availability Zone 3
  103. 103. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route 53 Resolver 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 192.168.1.0/24 (myvpc.com) mydc.com 1 192.168.1.xyz
  104. 104. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route 53 Resolver 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 2. On-prem DNS: Forward to AWS resolver192.168.1.0/24 (myvpc.com) mydc.com 1 2 192.168.1.xyz
  105. 105. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route 53 Resolver 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Client: Where is ”two.myvpc.com” 2. On-prem DNS: Forward to AWS resolver 3. Reply to requester 192.168.1.0/24 (myvpc.com) mydc.com 1 2 3 192.168.1.xyz
  106. 106. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route 53 Resolver 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1 192.168.1.0/24 (myvpc.com) mydc.com 10.0.0.7 192.168.1.xyz 1. Host one: Where is ”client.mydc.com”
  107. 107. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route 53 Resolver 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1 192.168.1.0/24 (myvpc.com) 2 mydc.com 10.0.0.7 192.168.1.xyz 1. Host one: Where is ”client.mydc.com” 2. Route 53: Forward *.mydc.com to on-prem DNS
  108. 108. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route 53 Resolver 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1 192.168.1.0/24 (myvpc.com) 2 mydc.com 3 10.0.0.7 192.168.1.xyz 1. Host one: Where is ”client.mydc.com” 2. Route 53: Forward *.mydc.com to on-prem DNS 3. On-prem DNS: Oh, that’s 10.0.0.7
  109. 109. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route 53 Resolver 192.168.1.10 one.myvpc.com 192.168.1.11 two.myvpc.com 1. Host one: Where is ”client.mydc.com” 2. Route 53: Forward *.mydc.com to on-prem DNS 3. On-prem DNS: Oh, that’s 10.0.0.7 4. Reply to requester 1 192.168.1.0/24 (myvpc.com) 2 mydc.com 3 4 10.0.0.7 192.168.1.xyz
  110. 110. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  111. 111. “Everything fails all the time.” Werner Vogels VP & CTO, AWS
  112. 112. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start with the application Availability Zone 1 Availability Zone 2
  113. 113. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start with the application us-east-1 us-west-2
  114. 114. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start with the application us-east-1 us-west-2
  115. 115. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consider the ingress and egress points Availability Zone 1 Availability Zone 2
  116. 116. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consider the ingress and egress points Availability Zone 1 Availability Zone 2
  117. 117. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consider the ingress and egress points Direct Connect On-premises
  118. 118. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Know your traffic profile Direct Connect On-premises
  119. 119. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Know your dependencies Everything API
  120. 120. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Understand impact
  121. 121. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Understand impact Guilty until proven innocent Test it! Test it often!
  122. 122. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Understand impact Guilty until proven innocent Test it! Test it often!
  123. 123. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Understand impact Guilty until proven innocent Test it! Test it often!
  124. 124. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Justin Davies @mrjustind
  125. 125. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×