AWS networking fundamentals

Amazon Web Services
Amazon Web ServicesAmazon Web Services
S U M M I T L o n don
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Networking fundamentals Perry Wald & Tom Adamski AWS Solutions Architects
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introductory - 200 “These sessions provide an overview of AWS services and features, and they assume that attendees are new to the topic. These sessions highlight basic use cases, features, functions, and benefits."
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Default VPC 172.31.0.128 172.31.0.129 172.31.1.24 172.31.1.27 54.4.5.6 54.2.3.4 Amazon Virtual Private Cloud (Amazon VPC) Subnet in availability zone (AZ) 1 Subnet in availability zone (AZ) 2 /16 IPv4 CIDR block (172.31.0.0/16). /20 default subnet Connected Internet Gateway Security Group (SG) Network Access Control List (NACL)
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T IP addressing Creating subnets Routing in a VPC Security VPC concepts & fundamentals
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Choosing an IP address range
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Choosing an IP address range for your VPC 172.31.0.0/16 RFC1918 range: • 10.0.0.0/8 • 172.16.0.0/12 • 192.168.0.0/16 Recommended: /16 (65,536 addresses) Avoid ranges that overlap with other networks to which you might connect
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Creating subnets in a VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC subnets and Availability Zones 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T IPv6 in your VPC • Can have a dual-stack VPC by adding an IPv6 CIDR • Fixed sizes for VPC and subnets: • /56 VPC (4,722,366,482,869,645,213,696 addresses) • /64 subnets (18,446,744,073,709,551,616 addresses)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC subnets and Availability Zones 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c 2600:1f16:14d:6300::/56 2600:1f16:14d:6300::/64 2600:1f16:14d:6301::/64 2600:1f16:14d:6302::/64
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Routing in a VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Routing in your VPC • Route tables contain rules for which packets go where • Your VPC has a default route table • But, you can create and assign different route tables to different subnets
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Traffic destined for my VPC stays in my VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T But what about the Internet?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Internet gateway Destination Target 172.31.0.0/16 local 0.0.0.0/0 igw_id Inbound internet access 198.51.100.3 NAT gateway 198.51.100.4 Destination Target 172.31.0.0/16 local 0.0.0.0/0 Nat_gw_id Outbound internet access
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Network security Flow logsNetwork access control list Security groups
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Network security Flow logsNetwork access control list Security groups
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T “MyWebServers” security group “MyBackends” security group Allow only “MyWebServers” Security groups follow application structure
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security groups example: Web servers Allow HTTP traffic from anywhere
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security groups example: Backends Allow application traffic from web servers only
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Network security Flow logsNetwork access control list Security groups
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security groups vs. NACLs Security group Network ACL Operates at instance level Operates at subnet level Supports allow rules only Supports allow and deny rules Is stateful: return traffic is automatically allowed regardless of any rules Is stateless: return traffic must be explicitly allowed by rules All rules evaluated before deciding whether to allow traffic Rules evaluated in order when deciding whether to allow traffic Applies only to instances explicitly associated with the security group Automatically applies to all instances launched into associated subnets Doesn’t filter traffic to or from link-local addresses (169.254.0.0/16) or AWS-reserved IPv4 addresses; these are the first four IPv4 addresses of the subnet (including the Amazon VPC DNS server)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Network security Flow logsNetwork access control list Security groups
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC flow logs AZ 2AZ 1 • Visibility • Troubleshooting • Analyze traffic flow
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC flow logs: Setup VPC traffic metadata captured in Amazon S3 or Amazon CloudWatch Logs
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC flow logs format
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC flow logs format Accept ssh from public address 210.21.226.2
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DNS in a VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC DNS options Use Amazon DNS server Have EC2 auto-assign DNS host names to instances
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to other VPCs Connecting to your on-premises network Connecting your VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to other VPCs VPC Peering Transit Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to other VPCs VPC Peering Transit Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC peering
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC peering • Full private IP connectivity between two VPCs • Can peer VPCs across regions • VPCs can be in different accounts • VPC CIDR ranges must not overlap
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Establish a VPC peering: Initiate request Step 1 Initiate peering request 172.31.0.0/16 10.55.0.0/16
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Establish a VPC peering: Accept request Step 1 Initiate peering request Step 2 Accept peering request 172.31.0.0/16 10.55.0.0/16
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Establish a VPC peering: Create a route Step 1 Initiate peering request Step 2 Accept peering request Step 3 172.31.0.0/16 10.55.0.0/16 Traffic destined for the peered VPC should go to the peering
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to other VPCs VPC Peering Transit Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Before Transit Gateway …
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway …
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway … Traffic destined for any VPC in 172.16.0.0/12 range should go via TGW Route back to our VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway … Centralized private IP connectivity between multiple VPCs VPCs must be in the same region as Transit Gateway VPCs can be in different accounts
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC peering or TGW? VPC Peering Transit Gateway VPC LIMIT 125 peerings 5,000 attachments BANDWIDTH LIMIT N/A (intra-region) 50Gbps per VPC attachment MANAGEMENT Decentralised Centralised COST DIMENSIONS Data Transfer Data Transfer & Attachment
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to on-premises networks: AWS VPN AWS Direct Connect
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Extend an on-premises network into your VPC AWS VPN AWS Direct Connect
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS VPN basics customer gateway virtual private gateway Two IPSec tunnels192.168.0.0/16 172.31.0.0/16 192.168/16 Your networking device VPN connection
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Direct Connect basics AWS Direct Connect location Customer or partner cage AWS cage Customer network 192.168.0.0/16 AWS services virtual private gateway 172.31.0.0/16 Private virtual interface (VLAN) Public virtual interface (VLAN)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Direct Connect – Multiple VPCs AWS Direct Connect location Customer or partner cage AWS cage Customer network 192.168.0.0/16 Private virtual interface (VLAN) AWS Direct Connect Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Before Transit Gateway … Customer network Customer network Customer Gateway Direct Connect Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway … Customer network Customer network Direct Connect Gateway Customer Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway … Customer network Customer network Direct Connect Gateway Customer Gateway Route to on-premise via VPN (or Direct Connect) Route to on-premise via TGW
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What about DNS?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon Route 53 Resolver for hybrid clouds Conditional forwarding rules
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC Sharing VPC endpoints and AWS PrivateLink …more AWS networking Amazon Global Accelerator
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Sharing VPC resources
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC Sharing – owner account NACL NACL Infrastructure account
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC Sharing – participant account Account Web Account DB Account APP
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why VPC sharing? P r e s e r v e I P s p a c e U s e f e w e r I P v 4 C I D R s I n t e r c o n ne c tiv it y N o V P C P e e r i n g r e q u i r e d B i l l i n g a n d S e c u r i t y C o n t i n u e t o e n j o y s e g r e g a t i o n w i t h m u l t i p l e a c c o u n t s S e p a r a t i o n o f d u t i e s A c e n t r a l t e a m c a n c r e a t e a n d m a n a g e y o u r A m a z o n V P C S a m e A Z c o s t f o r d a t a t r a n s f e r i s n i l !
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC endpoints Interface VPC endpoints PrivateLinkGateway VPC endpoints
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Gateway VPC endpoints: Amazon S3 and DynamoDB S3 bucket Route S3-bound traffic to the VPC endpoint
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Interface VPC endpoints Private IP: 172.31.1.6 Private IP: 172.31.2.10 AWS Services APIs *service*.eu-west-1.amazonaws.com
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS PrivateLink: VPC endpoint services Endpoint vpce-1234 Private IP: 10.10.1.6
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon Global Accelerator
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Introducing AWS Global Accelerator Global Accelerator AWS ApplicationsClient
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Local ISP Network A B C D E F Access Application! Accessing your application is not this straightforward!It can take many networks to reach the application Paths to and from the application may differ Each hop impacts performance and can introduce risk Introducing AWS Global Accelerator
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Local ISP AWS Network Accessing your web applications with AWS Global Accelerator Adding AWS Global Accelerator removes these inefficiencies Leverages the Global AWS Network Resulting in improved performance
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DATACENTER
Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Perry Wald perrwald@amazon.co.uk Tom Adamski tomada@amazon.co.uk
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
1 of 75

AWS networking fundamentals

Download to read offline

In this session, we walk through the fundamentals of Amazon VPC. First, we cover build-out and design fundamentals for VPCs, including picking your IP space, subnetting, routing, security, NAT, and much more. We then transition to different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision makers interested in understanding the building blocks that AWS makes available with Amazon VPC. Learn how you can connect VPCs with your offices and current data center footprint.

Amazon Web Services
Amazon Web ServicesAmazon Web Services

Recommended

Introduction to AWS VPC, Guidelines, and Best Practices by
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
25.1K views24 slides
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit by
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
4.4K views97 slides
VPC Design and New Capabilities for Amazon VPC by
VPC Design and New Capabilities for Amazon VPCVPC Design and New Capabilities for Amazon VPC
VPC Design and New Capabilities for Amazon VPCAmazon Web Services
3.3K views74 slides
Deep Dive - Amazon Virtual Private Cloud (VPC) by
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
10.5K views44 slides
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ... by
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
11.5K views69 slides
Aws VPC by
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
1.5K views26 slides

More Related Content

What's hot

Introduction to AWS Lambda and Serverless Applications by
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsAmazon Web Services
11.1K views45 slides
AWS IAM Introduction by
AWS IAM IntroductionAWS IAM Introduction
AWS IAM IntroductionAmazon Web Services
13.9K views23 slides
AWS VPC Fundamentals- Webinar by
AWS VPC Fundamentals- WebinarAWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- WebinarAmazon Web Services LATAM
943 views58 slides
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv... by
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
1.3K views70 slides
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402) by
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
11.2K views118 slides
Amazon Virtual Private Cloud by
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Web Services
4K views75 slides

What's hot(20)

Introduction to AWS Lambda and Serverless Applications by Amazon Web Services
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless Applications
Amazon Web Services11.1K views
AWS IAM Introduction by Amazon Web Services
AWS IAM IntroductionAWS IAM Introduction
AWS IAM Introduction
Amazon Web Services13.9K views
AWS VPC Fundamentals- Webinar by Amazon Web Services LATAM
AWS VPC Fundamentals- WebinarAWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- Webinar
Amazon Web Services LATAM943 views
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv... by Amazon Web Services
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
Amazon Web Services1.3K views
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402) by Amazon Web Services
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
Amazon Web Services11.2K views
Amazon Virtual Private Cloud by Amazon Web Services
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
Amazon Web Services4K views
Deploy and Govern at Scale with AWS Control Tower by Amazon Web Services
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services4.3K views
AWS Route53 by zekeLabs Technologies
AWS Route53AWS Route53
AWS Route53
zekeLabs Technologies2.3K views
AWS Security Hub by Amazon Web Services
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services921 views
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit by Amazon Web Services
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Amazon Web Services533 views
Managing and governing multi-account AWS environments using AWS Organizations... by Amazon Web Services
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...
Amazon Web Services3.5K views
AWS Connectivity, VPC Design and Security Pro Tips by Shiva Narayanaswamy
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy3.6K views
Azure Messaging Services #1 by Azure Riyadh User Group
Azure Messaging Services #1Azure Messaging Services #1
Azure Messaging Services #1
Azure Riyadh User Group376 views
AWS 101 by Amazon Web Services
AWS 101AWS 101
AWS 101
Amazon Web Services1.7K views
Aws Autoscaling by Kimberly Macias
Aws AutoscalingAws Autoscaling
Aws Autoscaling
Kimberly Macias1.4K views
Security Architectures on AWS by Amazon Web Services
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services804 views
What is AWS? by Martin Yan
What is AWS?What is AWS?
What is AWS?
Martin Yan25.6K views
Microservices on AWS: Architectural Patterns and Best Practices | AWS Summit ... by Amazon Web Services
Microservices on AWS: Architectural Patterns and Best Practices | AWS Summit ...Microservices on AWS: Architectural Patterns and Best Practices | AWS Summit ...
Microservices on AWS: Architectural Patterns and Best Practices | AWS Summit ...
Amazon Web Services1.6K views
Advanced Architectures with AWS Transit Gateway by Amazon Web Services
Advanced Architectures with AWS Transit GatewayAdvanced Architectures with AWS Transit Gateway
Advanced Architectures with AWS Transit Gateway
Amazon Web Services6.4K views
Become an AWS IAM Policy Ninja by Amazon Web Services
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
Amazon Web Services1.9K views

Similar to AWS networking fundamentals

Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit by
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitAmazon Web Services
672 views96 slides
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit by
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitAmazon Web Services
1.2K views96 slides
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit by
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitAmazon Web Services
1.8K views105 slides
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit by
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
2.5K views98 slides
AWS networking fundamentals - SVC211 - São Paulo AWS Summit by
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAmazon Web Services
928 views65 slides
Black Belt Tips for Cloud Network Operations - AWS Summit Sydney by
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyBlack Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyAmazon Web Services
648 views45 slides

Similar to AWS networking fundamentals(20)

Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit by Amazon Web Services
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Amazon Web Services672 views
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit by Amazon Web Services
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Amazon Web Services1.2K views
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit by Amazon Web Services
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Amazon Web Services1.8K views
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit by Amazon Web Services
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
Amazon Web Services2.5K views
AWS networking fundamentals - SVC211 - São Paulo AWS Summit by Amazon Web Services
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS Summit
Amazon Web Services928 views
Black Belt Tips for Cloud Network Operations - AWS Summit Sydney by Amazon Web Services
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyBlack Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
Amazon Web Services648 views
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options... by Amazon Web Services
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Creating Your Virtual Data Center - VPC Fundamentals and Connectivity Options...
Amazon Web Services362 views
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv... by AWS Summits
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Summits113 views
Networking and Edge Services on AWS by Amazon Web Services
Networking and Edge Services on AWSNetworking and Edge Services on AWS
Networking and Edge Services on AWS
Amazon Web Services627 views
Network visibility into the traffic traversing your AWS infrastructure - SVC2... by Amazon Web Services
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Amazon Web Services3.2K views
Delivering applications securely with AWS - SVC303 - Chicago AWS Summit by Amazon Web Services
Delivering applications securely with AWS - SVC303 - Chicago AWS SummitDelivering applications securely with AWS - SVC303 - Chicago AWS Summit
Delivering applications securely with AWS - SVC303 - Chicago AWS Summit
Amazon Web Services415 views
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit by Amazon Web Services
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS SummitSecurely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
Securely Deliver Applications with AWS - SVC305 - Anaheim AWS Summit
Amazon Web Services517 views
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ... by Amazon Web Services
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Amazon Web Services252 views
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit by Amazon Web Services
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Amazon Web Services920 views
AWS Foundational Services - AWSome Day Philadelphia 2019 by Amazon Web Services
AWS Foundational Services - AWSome Day Philadelphia 2019AWS Foundational Services - AWSome Day Philadelphia 2019
AWS Foundational Services - AWSome Day Philadelphia 2019
Amazon Web Services1.8K views
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit by Amazon Web Services
Securely deliver applications with AWS - SVC305 - Atlanta AWS SummitSecurely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Securely deliver applications with AWS - SVC305 - Atlanta AWS Summit
Amazon Web Services217 views
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ... by Amazon Web Services
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Amazon Web Services1.8K views
Scale - Enterprise Network Architectures on AWS by Amazon Web Services
Scale - Enterprise Network Architectures on AWSScale - Enterprise Network Architectures on AWS
Scale - Enterprise Network Architectures on AWS
Amazon Web Services891 views
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ... by Amazon Web Services
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ... SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
SRV204 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity ...
Amazon Web Services546 views
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R... by Amazon Web Services
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...
Introduction to the AWS Well-Architected Framework and AWS WA Tool - SVC214-R...
Amazon Web Services664 views

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn... by
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
26.5K views46 slides
Big Data per le Startup: come creare applicazioni Big Data in modalità Server... by
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
5.6K views44 slides
Esegui pod serverless con Amazon EKS e AWS Fargate by
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
4.1K views62 slides
Costruire Applicazioni Moderne con AWS by
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
2.8K views61 slides
Come spendere fino al 90% in meno con i container e le istanze spot by
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
1.8K views21 slides
Open banking as a service by
Open banking as a serviceOpen banking as a service
Open banking as a serviceAmazon Web Services
7.1K views14 slides

More from Amazon Web Services(20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn... by Amazon Web Services
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services26.5K views
Big Data per le Startup: come creare applicazioni Big Data in modalità Server... by Amazon Web Services
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services5.6K views
Esegui pod serverless con Amazon EKS e AWS Fargate by Amazon Web Services
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services4.1K views
Costruire Applicazioni Moderne con AWS by Amazon Web Services
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services2.8K views
Come spendere fino al 90% in meno con i container e le istanze spot by Amazon Web Services
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services1.8K views
Open banking as a service by Amazon Web Services
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services7.1K views
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea... by Amazon Web Services
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services3.3K views
OpsWorks Configuration Management: automatizza la gestione e i deployment del... by Amazon Web Services
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services2.6K views
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads by Amazon Web Services
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services1.7K views
Computer Vision con AWS by Amazon Web Services
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services3.1K views
Database Oracle e VMware Cloud on AWS i miti da sfatare by Amazon Web Services
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services1.3K views
Crea la tua prima serverless ledger-based app con QLDB e NodeJS by Amazon Web Services
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services1.9K views
API moderne real-time per applicazioni mobili e web by Amazon Web Services
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services1.5K views
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare by Amazon Web Services
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services1.5K views
Tools for building your MVP on AWS by Amazon Web Services
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services2.4K views
How to Build a Winning Pitch Deck by Amazon Web Services
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services1.4K views
Building a web application without servers by Amazon Web Services
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services1.4K views
Fundraising Essentials by Amazon Web Services
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
Amazon Web Services887 views
AWS_HK_StartupDay_Building Interactive websites while automating for efficien... by Amazon Web Services
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services672 views
Introduzione a Amazon Elastic Container Service by Amazon Web Services
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services2.7K views

AWS networking fundamentals

  • 1. S U M M I T L o n don
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Networking fundamentals Perry Wald & Tom Adamski AWS Solutions Architects
  • 3. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introductory - 200 “These sessions provide an overview of AWS services and features, and they assume that attendees are new to the topic. These sessions highlight basic use cases, features, functions, and benefits."
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Default VPC 172.31.0.128 172.31.0.129 172.31.1.24 172.31.1.27 54.4.5.6 54.2.3.4 Amazon Virtual Private Cloud (Amazon VPC) Subnet in availability zone (AZ) 1 Subnet in availability zone (AZ) 2 /16 IPv4 CIDR block (172.31.0.0/16). /20 default subnet Connected Internet Gateway Security Group (SG) Network Access Control List (NACL)
  • 6. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T IP addressing Creating subnets Routing in a VPC Security VPC concepts & fundamentals
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Choosing an IP address range
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Choosing an IP address range for your VPC 172.31.0.0/16 RFC1918 range: • 10.0.0.0/8 • 172.16.0.0/12 • 192.168.0.0/16 Recommended: /16 (65,536 addresses) Avoid ranges that overlap with other networks to which you might connect
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Creating subnets in a VPC
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC subnets and Availability Zones 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T IPv6 in your VPC • Can have a dual-stack VPC by adding an IPv6 CIDR • Fixed sizes for VPC and subnets: • /56 VPC (4,722,366,482,869,645,213,696 addresses) • /64 subnets (18,446,744,073,709,551,616 addresses)
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC subnets and Availability Zones 172.31.0.0/16 Availability Zone Availability Zone Availability Zone VPC subnet VPC subnet VPC subnet 172.31.0.0/24 172.31.1.0/24 172.31.2.0/24 eu-west-1a eu-west-1b eu-west-1c 2600:1f16:14d:6300::/56 2600:1f16:14d:6300::/64 2600:1f16:14d:6301::/64 2600:1f16:14d:6302::/64
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Routing in a VPC
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Routing in your VPC • Route tables contain rules for which packets go where • Your VPC has a default route table • But, you can create and assign different route tables to different subnets
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Traffic destined for my VPC stays in my VPC
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T But what about the Internet?
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Internet gateway Destination Target 172.31.0.0/16 local 0.0.0.0/0 igw_id Inbound internet access 198.51.100.3 NAT gateway 198.51.100.4 Destination Target 172.31.0.0/16 local 0.0.0.0/0 Nat_gw_id Outbound internet access
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Network security Flow logsNetwork access control list Security groups
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Network security Flow logsNetwork access control list Security groups
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T “MyWebServers” security group “MyBackends” security group Allow only “MyWebServers” Security groups follow application structure
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security groups example: Web servers Allow HTTP traffic from anywhere
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security groups example: Backends Allow application traffic from web servers only
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Network security Flow logsNetwork access control list Security groups
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security groups vs. NACLs Security group Network ACL Operates at instance level Operates at subnet level Supports allow rules only Supports allow and deny rules Is stateful: return traffic is automatically allowed regardless of any rules Is stateless: return traffic must be explicitly allowed by rules All rules evaluated before deciding whether to allow traffic Rules evaluated in order when deciding whether to allow traffic Applies only to instances explicitly associated with the security group Automatically applies to all instances launched into associated subnets Doesn’t filter traffic to or from link-local addresses (169.254.0.0/16) or AWS-reserved IPv4 addresses; these are the first four IPv4 addresses of the subnet (including the Amazon VPC DNS server)
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Network security Flow logsNetwork access control list Security groups
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC flow logs AZ 2AZ 1 • Visibility • Troubleshooting • Analyze traffic flow
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC flow logs: Setup VPC traffic metadata captured in Amazon S3 or Amazon CloudWatch Logs
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC flow logs format
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC flow logs format Accept ssh from public address 210.21.226.2
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DNS in a VPC
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC DNS options Use Amazon DNS server Have EC2 auto-assign DNS host names to instances
  • 33. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to other VPCs Connecting to your on-premises network Connecting your VPC
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to other VPCs VPC Peering Transit Gateway
  • 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to other VPCs VPC Peering Transit Gateway
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC peering
  • 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC peering • Full private IP connectivity between two VPCs • Can peer VPCs across regions • VPCs can be in different accounts • VPC CIDR ranges must not overlap
  • 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Establish a VPC peering: Initiate request Step 1 Initiate peering request 172.31.0.0/16 10.55.0.0/16
  • 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Establish a VPC peering: Accept request Step 1 Initiate peering request Step 2 Accept peering request 172.31.0.0/16 10.55.0.0/16
  • 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Establish a VPC peering: Create a route Step 1 Initiate peering request Step 2 Accept peering request Step 3 172.31.0.0/16 10.55.0.0/16 Traffic destined for the peered VPC should go to the peering
  • 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to other VPCs VPC Peering Transit Gateway
  • 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Before Transit Gateway …
  • 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway …
  • 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway … Traffic destined for any VPC in 172.16.0.0/12 range should go via TGW Route back to our VPC
  • 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway … Centralized private IP connectivity between multiple VPCs VPCs must be in the same region as Transit Gateway VPCs can be in different accounts
  • 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC peering or TGW? VPC Peering Transit Gateway VPC LIMIT 125 peerings 5,000 attachments BANDWIDTH LIMIT N/A (intra-region) 50Gbps per VPC attachment MANAGEMENT Decentralised Centralised COST DIMENSIONS Data Transfer Data Transfer & Attachment
  • 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Connecting to on-premises networks: AWS VPN AWS Direct Connect
  • 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Extend an on-premises network into your VPC AWS VPN AWS Direct Connect
  • 50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS VPN basics customer gateway virtual private gateway Two IPSec tunnels192.168.0.0/16 172.31.0.0/16 192.168/16 Your networking device VPN connection
  • 51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Direct Connect basics AWS Direct Connect location Customer or partner cage AWS cage Customer network 192.168.0.0/16 AWS services virtual private gateway 172.31.0.0/16 Private virtual interface (VLAN) Public virtual interface (VLAN)
  • 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Direct Connect – Multiple VPCs AWS Direct Connect location Customer or partner cage AWS cage Customer network 192.168.0.0/16 Private virtual interface (VLAN) AWS Direct Connect Gateway
  • 53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Before Transit Gateway … Customer network Customer network Customer Gateway Direct Connect Gateway
  • 54. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway … Customer network Customer network Direct Connect Gateway Customer Gateway
  • 55. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T With Transit Gateway … Customer network Customer network Direct Connect Gateway Customer Gateway Route to on-premise via VPN (or Direct Connect) Route to on-premise via TGW
  • 56. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What about DNS?
  • 57. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon Route 53 Resolver for hybrid clouds Conditional forwarding rules
  • 58. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 59. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC Sharing VPC endpoints and AWS PrivateLink …more AWS networking Amazon Global Accelerator
  • 60. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Sharing VPC resources
  • 61. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC Sharing – owner account NACL NACL Infrastructure account
  • 62. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC Sharing – participant account Account Web Account DB Account APP
  • 63. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why VPC sharing? P r e s e r v e I P s p a c e U s e f e w e r I P v 4 C I D R s I n t e r c o n ne c tiv it y N o V P C P e e r i n g r e q u i r e d B i l l i n g a n d S e c u r i t y C o n t i n u e t o e n j o y s e g r e g a t i o n w i t h m u l t i p l e a c c o u n t s S e p a r a t i o n o f d u t i e s A c e n t r a l t e a m c a n c r e a t e a n d m a n a g e y o u r A m a z o n V P C S a m e A Z c o s t f o r d a t a t r a n s f e r i s n i l !
  • 64. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T VPC endpoints Interface VPC endpoints PrivateLinkGateway VPC endpoints
  • 65. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Gateway VPC endpoints: Amazon S3 and DynamoDB S3 bucket Route S3-bound traffic to the VPC endpoint
  • 66. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Interface VPC endpoints Private IP: 172.31.1.6 Private IP: 172.31.2.10 AWS Services APIs *service*.eu-west-1.amazonaws.com
  • 67. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS PrivateLink: VPC endpoint services Endpoint vpce-1234 Private IP: 10.10.1.6
  • 68. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon Global Accelerator
  • 69. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Introducing AWS Global Accelerator Global Accelerator AWS ApplicationsClient
  • 70. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Local ISP Network A B C D E F Access Application! Accessing your application is not this straightforward!It can take many networks to reach the application Paths to and from the application may differ Each hop impacts performance and can introduce risk Introducing AWS Global Accelerator
  • 71. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Local ISP AWS Network Accessing your web applications with AWS Global Accelerator Adding AWS Global Accelerator removes these inefficiencies Leverages the Global AWS Network Resulting in improved performance
  • 72. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 73. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DATACENTER
  • 74. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Perry Wald perrwald@amazon.co.uk Tom Adamski tomada@amazon.co.uk
  • 75. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.