SlideShare a Scribd company logo

ENT303 Another Day, Another Billion Packets

Amazon Web Services
Amazon Web Services

In this session, we will walk through the Amazon VPC network presentation and describe the problems we were trying to solve when we created it. Next, we will discuss how these problems are traditionally solved, and why those solutions are not scalable, inexpensive, or secure enough for AWS. Finally, we will provide an overview of the solution that we've implemented and discuss some of the unique mechanisms that we use to ensure customer isolation, get packets into and out of the network, and support new features like VPC endpoints.

Technology
1 of 48
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Matt Lehwess, Principal Solutions Architect Amazon Web Services August 14, 2017 Another Day, Another Billion Packets
We have the cloud Amazon EBS Amazon RDS Amazon ElastiCache Amazon Redshift Amazon EC2 Elastic Load Balancing
Customers have data centers
Whiteboard engineering Amazon EBS Amazon ElastiCache Amazon Redshift Elastic Load Balancing Amazon RDS Amazon EC2
Amazon EC2 as it was 10.44.12.4 10.44.12.5 10.44.92.17 10.44.12.27 10.108.6.4
Why that doesn’t work 192.168.0.0/16 Routing Table • 192.168.0.0/16: stay here • 10.44.12.4/32: AWS • 10.44.92.17/32: AWS • 10.108.6.4/32: AWS 10.44.0.0/16 10.44.12.4 10.44.12.5 10.44.92.17 10.44.12.27 10.108.6.4
Requirements Customer selected IP addresses Route aggregation for external connectivity Conformance with existing network designs
172.31.0.0/18 192.168.0.0/16 Routing Table • 192.168.0.0/16: stay here • 172.31.0.0/18: AWS 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.1.8 172.31.1.9 172.31.2.12 172.31.2.51 Amazon Virtual Private Cloud (Amazon VPC)
This is just virtual networking! Subnet ~= VLAN VPC ~= VRF (virtual routing and forwarding) But…
Scaling challenges VLAN ID space is constrained • 12 bits => 4096 total VLANs VRF support is constrained • Large routers => 1-2 thousand VRFs Fixed ratio of VLANs:VRFs
Router and capacity dimensions Big Router Data Plane Control Plane Big Router Data Plane Control Plane
An example Average router configuration line: 50 chars Config per VPC: 10 lines Subnets per VPC: 4 Config per subnet: 5 lines Total VPCs: 2,000 Config size: 3 MB
But… Doesn’t scale • 12 bit VLAN ID = 4096 VLANs (not enough) • BIG routers support 4000 VRFs ($200k+) Large VLANs make NEs cry Tied to vendor bugfix cycles (6 months +) We want commodity, fungible network gear • BIG virtual routers are built by few companies • Interoperability of advanced features is marginal
Silos of capacity A C B FE D G A AA A B C B B B B C D F FF D D B G G /4 /4 /40 /40 0 0 0 0 1324 132 C G G 3 27 D DD 9910 F F F F F 1815 40 BB B B B BB B B B BB B B B B B
Implementation requirements Scale to millions of environments the size of Amazon.com Any server, anywhere in a region can host an instance attached to any subnet in any VPC
Server: Physical host in an Amazon data center Instance: Amazon EC2 instance owned by a customer VPC: Amazon Virtual Private Cloud owned by a customer VPC ID: Identifier for a VPC such as vpc- 1a2b3c4d Mapping Service: Distributed lookup service. Maps VPC + Instance IP to server. Concepts Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 … 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service
L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? The switch floods the ARP request out all ports L2 Src: MAC(10.0.0.3) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.3 is at MAC(10.0.0.3) The switch snoops the ARP response and learns the port for MAC(10.0.0.3). L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… Layer 2 (L2): Ethernet 10.0.0.2 10.0.0.3 Ethernet Switch
L2 Src: MAC(10.0.0.3) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.3 is at MAC(10.0.0.3) Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.0.3 Src: Mapping Service Dst: 192.168.0.3 Reply: Host: 192.168.1.4 MAC: MAC(10.0.0.3) L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? Layer 2 (L2): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
Src: Mapping Service Dst: 192.168.1.4 Mapping valid: Blue 10.0.0.2 is at 192.168.0.3 Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.2 is at 192.168.0.3 L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… Src: 192.168.0.3 Dst: 192.168.1.4 VPC: Blue Server 192.168.0.3 Server 192.168.0.4 Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2 Layer 2 (L2): VPC …
Src: 192.168.0.4 Dst: Mapping Service Query: Grey 10.0.0.3 L2 Src: MAC(10.0.0.4) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? VPC isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
192.168.0.4 is not hosting any instances in VPC Blue. Mapping Denied Alarm Raised L2 Src: MAC(10.0.0.4) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? Src: 192.168.0.4 Dst: Mapping Service Query: Blue 10.0.0.3 VPC isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.4 is at 192.168.0.4 Src: 192.168.0.4 Dst: 192.168.1.4 L2 Src: MAC(10.0.0.4) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.4 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… VPC: Blue Src: Mapping Service Dst: 192.168.1.4 Mapping invalid! 192.168.1.4 does not deliver the packet to the instance. Alarm Raised. VPC isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.1? L2 Src: MAC(10.0.0.1) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.1 is at MAC(10.0.0.1) L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.1) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… Layer 3 (L3): IP routing 10.0.0.2 10.0.1.3 Ethernet Switch Router Ethernet Switch L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/…
L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.1? L2 Src: MAC(10.0.0.1) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.1 is at MAC(10.0.0.1) Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.0.1 Src: Mapping Service Dst: 192.168.0.3 Reply: Host: Gateway MAC: MAC(10.0.0.1) Layer 3 (L3): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.1.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
Src: Mapping Service Dst: 192.168.0.3 Reply: Host: 192.168.1.4 MAC: MAC(10.0.1.3) Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.2 is at 192.168.0.3 L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.1) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… Src: Mapping Service Dst: 192.168.1.4 Mapping valid: Blue 10.0.0.2 is at 192.168.0.3 Layer 3 (L3): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.1.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.1.3 10.0.0.2 VPC: Blue Src: 192.168.0.3 Dst: 192.168.1.4
Caching Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 … 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/…
10.0.0.0/18 172.16.0.0/16 10.0.0.0/24 10.0.1.0/24 10.0.0.7 10.0.0.8 10.0.0.9 10.0.1.12 10.0.1.51 Getting home – or anywhere, really VPC: Blue Src: 192.168.0.3 Dst: ??? L3 Src: 10.0.0.7 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/…
Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Edges Server 192.168.0.3 Server 192.168.0.4 … Edge 192.168.4.3 Edge 192.168.4.4 10.0.1.3 10.0.0.4 10.0.0.2 Mapping Service 10.0.0.2 VPC: Blue Host 10.0.0.4  192.168.0.4 Host 10.0.1.4  192.168.0.4 … 172.16.0.0/16  Edge 192.168.4.3 …
Edges: VPN Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… IPSEC Stuff Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… VPN
Edges: Direct Connect Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… 802.1Q VLAN Tag Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… AWS Direct Connect
Edges: Internet (IGW) Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… Internet 54.148.157.46
Edges: Recap VPN Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… IPSEC Stuff Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Direct Connect Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… 802.1Q VLAN Tag Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Internet Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… L3 Src: 54.148.157.46 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/…`
Image credit: Wikipedia https://en.wikipedia.org/wiki/1918_Eighth_Avenue A brief diversion
VPC pricing Cost per VPC: $0.00 Cost per subnet: $0.00 Upcharge per instance: $0.00
Nov 10, 2010
172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.1.8 172.31.2.12 172.31.2.51 VPC as a platform
VPC as a platform VPN and Direct Connect Security group egress filtering Network ACLs Routing tables Elastic network interfaces (ENIs) Multiple IPs
Amazon S3 endpoints 172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.2.12
Amazon S3 endpoints 172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.2.12
L3 Src: 10.0.0.2 L3 Dst: 54.231.33.89 TCP/HTTP/… Server 192.168.0.3 Server 192.168.0.4 … Edge 192.168.4.3 Edge 192.168.4.4 10.0.1.3 10.0.0.4 10.0.0.2 10.0.0.2 L3 Src: 10.0.0.2 L3 Dst: 54.231.33.89 TCP/HTTP/… VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.4 Edges Mapping Service Host 10.0.0.4  192.168.0.4 Host 10.0.1.4  192.168.0.4 … 172.16.0.0/16  Edge 192.168.4.3 S3.us-east-1  Edge 192.168.4.4 …
A new Edge: Amazon S3 Edge 192.168.4.4 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.4 L3 Src: 10.0.0.2 L3 Dst: 54.231.33.89 TCP/HTTP/… VPC Endpoint 1a2b3c4d Src: 54.68.100.245 Dst: 54.231.33.89 L3 Src: 10.0.0.2 L3 Dst: 54.231.33.89 TCP/HTTP/… Amazon S3 endpoint
Amazon S3 endpoints and policy 172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.2.12 { "Statement": [ { "Sid": "Access-to-specific-bucket-only", "Principal": "*", "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"] } ] } { "Statement": [ { "Sid": "Access-to-specific-VPC-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"], "Condition": { "StringNotEquals": { "aws:sourceVpc": "vpc-111bbb22" } } } ] }
Simple Complex Limited Flexible EC2 VPC
172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.1.8 172.31.1.9 172.31.2.12 172.31.2.51 Default VPC
Simple Complex Limited Flexible EC2 - VPC
Remember to complete your evaluations!
Thank you!

Recommended

ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsAmazon Web Services
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivAmazon Web Services
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
 
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)Amazon Web Services
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...Amazon Web Services
 
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...Amazon Web Services
 

Recommended

ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsAmazon Web Services
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivAmazon Web Services
 
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...
AWS re:Invent 2016: Mitigating DDoS Attacks on AWS: Five Vectors and Four Use...Amazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
 
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)
AWS re:Invent 2016: Another Day, Another Billion Packets (NET401)Amazon Web Services
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...Amazon Web Services
 
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...Amazon Web Services
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Web Services
 
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)Amazon Web Services
 
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxNEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxAmazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
AWS Network Topology/Architecture
AWS Network Topology/ArchitectureAWS Network Topology/Architecture
AWS Network Topology/Architecturewlscaudill
 
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovBogdan Naydenov
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAbhinav Kumar
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Amazon Web Services
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]Amazon Web Services
 
An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPCSarah Z
 
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...Amazon Web Services
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWSAmazon Web Services
 
ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 

More Related Content

What's hot

AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)Amazon Web Services
 
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxNEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxAmazon Web Services
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...Amazon Web Services
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
AWS Network Topology/Architecture
AWS Network Topology/ArchitectureAWS Network Topology/Architecture
AWS Network Topology/Architecturewlscaudill
 
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovBogdan Naydenov
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAbhinav Kumar
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Amazon Web Services
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]Amazon Web Services
 
An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPCSarah Z
 
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...Amazon Web Services
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWSAmazon Web Services
 

What's hot (19)

Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
 
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
AWS re:Invent 2016: ↑↑↓↓←→←→ BA Lambda Start (SVR305)
 
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and BloxNEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
NEW LAUNCH! Advanced Task Scheduling with Amazon ECS and Blox
 
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
AWS re:Invent 2016: Creating Your Virtual Data Center: VPC Fundamentals and C...
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
AWS Network Topology/Architecture
AWS Network Topology/ArchitectureAWS Network Topology/Architecture
AWS Network Topology/Architecture
 
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
 
AWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan NaydenovAWS VPC best practices 2016 by Bogdan Naydenov
AWS VPC best practices 2016 by Bogdan Naydenov
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic concepts
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Sum...
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
 
An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPC
 
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...
AWS re:Invent 2016: How to Migrate Microsoft Windows Applications to AWS Quic...
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
 

Similar to ENT303 Another Day, Another Billion Packets

ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
(NET403) Another Day, Another Billion Packets
(NET403) Another Day, Another Billion Packets(NET403) Another Day, Another Billion Packets
(NET403) Another Day, Another Billion PacketsAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion PacketsAmazon Web Services
 
another day, another billion packets
another day, another billion packetsanother day, another billion packets
another day, another billion packetsAmazon Web Services
 
Another day, another billion packets - Toronto
Another day, another billion packets - TorontoAnother day, another billion packets - Toronto
Another day, another billion packets - TorontoAmazon Web Services
 
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013Amazon Web Services
 
Edge to Instance - AWS Networking
Edge to Instance - AWS Networking Edge to Instance - AWS Networking
Edge to Instance - AWS Networking Amazon Web Services
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)Jeff Green
 
Multicloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPMulticloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPBob Melander
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developersWim Godden
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slidesadam_merritt
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct ConnectAmazon Web Services
 

Similar to ENT303 Another Day, Another Billion Packets (20)

ENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion PacketsENT303 Another Day, Another Billion Packets
ENT303 Another Day, Another Billion Packets
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
(NET403) Another Day, Another Billion Packets
(NET403) Another Day, Another Billion Packets(NET403) Another Day, Another Billion Packets
(NET403) Another Day, Another Billion Packets
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
Another Day, Another Billion Packets
Another Day, Another Billion PacketsAnother Day, Another Billion Packets
Another Day, Another Billion Packets
 
another day, another billion packets
another day, another billion packetsanother day, another billion packets
another day, another billion packets
 
Another day, another billion packets - Toronto
Another day, another billion packets - TorontoAnother day, another billion packets - Toronto
Another day, another billion packets - Toronto
 
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
A Day in the Life of a Billion Packets (CPN401) | AWS re:Invent 2013
 
Edge to Instance - AWS Networking
Edge to Instance - AWS Networking Edge to Instance - AWS Networking
Edge to Instance - AWS Networking
 
16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)16.) layer 3 (basic tcp ip routing)
16.) layer 3 (basic tcp ip routing)
 
R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1R bernardino hand_in_assignment_week_1
R bernardino hand_in_assignment_week_1
 
IPAddressing .pptx
IPAddressing .pptxIPAddressing .pptx
IPAddressing .pptx
 
Networking basics
Networking basicsNetworking basics
Networking basics
 
Polyraptor
PolyraptorPolyraptor
Polyraptor
 
Multicloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRPMulticloud connectivity using OpenNHRP
Multicloud connectivity using OpenNHRP
 
Your app lives on the network - networking for web developers
Your app lives on the network - networking for web developersYour app lives on the network - networking for web developers
Your app lives on the network - networking for web developers
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
I pv6 for cmu
I pv6 for cmuI pv6 for cmu
I pv6 for cmu
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

ENT303 Another Day, Another Billion Packets

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Matt Lehwess, Principal Solutions Architect Amazon Web Services August 14, 2017 Another Day, Another Billion Packets
  • 2. We have the cloud Amazon EBS Amazon RDS Amazon ElastiCache Amazon Redshift Amazon EC2 Elastic Load Balancing
  • 5.
  • 6. Amazon EC2 as it was 10.44.12.4 10.44.12.5 10.44.92.17 10.44.12.27 10.108.6.4
  • 7. Why that doesn’t work 192.168.0.0/16 Routing Table • 192.168.0.0/16: stay here • 10.44.12.4/32: AWS • 10.44.92.17/32: AWS • 10.108.6.4/32: AWS 10.44.0.0/16 10.44.12.4 10.44.12.5 10.44.92.17 10.44.12.27 10.108.6.4
  • 8. Requirements Customer selected IP addresses Route aggregation for external connectivity Conformance with existing network designs
  • 9. 172.31.0.0/18 192.168.0.0/16 Routing Table • 192.168.0.0/16: stay here • 172.31.0.0/18: AWS 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.1.8 172.31.1.9 172.31.2.12 172.31.2.51 Amazon Virtual Private Cloud (Amazon VPC)
  • 10. This is just virtual networking! Subnet ~= VLAN VPC ~= VRF (virtual routing and forwarding) But…
  • 11. Scaling challenges VLAN ID space is constrained • 12 bits => 4096 total VLANs VRF support is constrained • Large routers => 1-2 thousand VRFs Fixed ratio of VLANs:VRFs
  • 12. Router and capacity dimensions Big Router Data Plane Control Plane Big Router Data Plane Control Plane
  • 13. An example Average router configuration line: 50 chars Config per VPC: 10 lines Subnets per VPC: 4 Config per subnet: 5 lines Total VPCs: 2,000 Config size: 3 MB
  • 14. But… Doesn’t scale • 12 bit VLAN ID = 4096 VLANs (not enough) • BIG routers support 4000 VRFs ($200k+) Large VLANs make NEs cry Tied to vendor bugfix cycles (6 months +) We want commodity, fungible network gear • BIG virtual routers are built by few companies • Interoperability of advanced features is marginal
  • 15. Silos of capacity A C B FE D G A AA A B C B B B B C D F FF D D B G G /4 /4 /40 /40 0 0 0 0 1324 132 C G G 3 27 D DD 9910 F F F F F 1815 40 BB B B B BB B B B BB B B B B B
  • 16. Implementation requirements Scale to millions of environments the size of Amazon.com Any server, anywhere in a region can host an instance attached to any subnet in any VPC
  • 17. Server: Physical host in an Amazon data center Instance: Amazon EC2 instance owned by a customer VPC: Amazon Virtual Private Cloud owned by a customer VPC ID: Identifier for a VPC such as vpc- 1a2b3c4d Mapping Service: Distributed lookup service. Maps VPC + Instance IP to server. Concepts Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 … 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service
  • 18. L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? The switch floods the ARP request out all ports L2 Src: MAC(10.0.0.3) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.3 is at MAC(10.0.0.3) The switch snoops the ARP response and learns the port for MAC(10.0.0.3). L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… Layer 2 (L2): Ethernet 10.0.0.2 10.0.0.3 Ethernet Switch
  • 19. L2 Src: MAC(10.0.0.3) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.3 is at MAC(10.0.0.3) Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.0.3 Src: Mapping Service Dst: 192.168.0.3 Reply: Host: 192.168.1.4 MAC: MAC(10.0.0.3) L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? Layer 2 (L2): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 20. Src: Mapping Service Dst: 192.168.1.4 Mapping valid: Blue 10.0.0.2 is at 192.168.0.3 Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.2 is at 192.168.0.3 L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… Src: 192.168.0.3 Dst: 192.168.1.4 VPC: Blue Server 192.168.0.3 Server 192.168.0.4 Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2 Layer 2 (L2): VPC …
  • 21. Src: 192.168.0.4 Dst: Mapping Service Query: Grey 10.0.0.3 L2 Src: MAC(10.0.0.4) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? VPC isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 22. 192.168.0.4 is not hosting any instances in VPC Blue. Mapping Denied Alarm Raised L2 Src: MAC(10.0.0.4) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? Src: 192.168.0.4 Dst: Mapping Service Query: Blue 10.0.0.3 VPC isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 23. Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.4 is at 192.168.0.4 Src: 192.168.0.4 Dst: 192.168.1.4 L2 Src: MAC(10.0.0.4) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.4 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… VPC: Blue Src: Mapping Service Dst: 192.168.1.4 Mapping invalid! 192.168.1.4 does not deliver the packet to the instance. Alarm Raised. VPC isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 24. L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.1? L2 Src: MAC(10.0.0.1) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.1 is at MAC(10.0.0.1) L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.1) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… Layer 3 (L3): IP routing 10.0.0.2 10.0.1.3 Ethernet Switch Router Ethernet Switch L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/…
  • 25. L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.1? L2 Src: MAC(10.0.0.1) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.1 is at MAC(10.0.0.1) Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.0.1 Src: Mapping Service Dst: 192.168.0.3 Reply: Host: Gateway MAC: MAC(10.0.0.1) Layer 3 (L3): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.1.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 26. Src: Mapping Service Dst: 192.168.0.3 Reply: Host: 192.168.1.4 MAC: MAC(10.0.1.3) Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.2 is at 192.168.0.3 L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.1) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… Src: Mapping Service Dst: 192.168.1.4 Mapping valid: Blue 10.0.0.2 is at 192.168.0.3 Layer 3 (L3): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.1.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.1.3 10.0.0.2 VPC: Blue Src: 192.168.0.3 Dst: 192.168.1.4
  • 27. Caching Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 … 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/…
  • 28. 10.0.0.0/18 172.16.0.0/16 10.0.0.0/24 10.0.1.0/24 10.0.0.7 10.0.0.8 10.0.0.9 10.0.1.12 10.0.1.51 Getting home – or anywhere, really VPC: Blue Src: 192.168.0.3 Dst: ??? L3 Src: 10.0.0.7 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/…
  • 29. Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Edges Server 192.168.0.3 Server 192.168.0.4 … Edge 192.168.4.3 Edge 192.168.4.4 10.0.1.3 10.0.0.4 10.0.0.2 Mapping Service 10.0.0.2 VPC: Blue Host 10.0.0.4  192.168.0.4 Host 10.0.1.4  192.168.0.4 … 172.16.0.0/16  Edge 192.168.4.3 …
  • 30. Edges: VPN Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… IPSEC Stuff Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… VPN
  • 31. Edges: Direct Connect Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… 802.1Q VLAN Tag Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… AWS Direct Connect
  • 32. Edges: Internet (IGW) Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… Internet 54.148.157.46
  • 33. Edges: Recap VPN Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… IPSEC Stuff Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Direct Connect Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… 802.1Q VLAN Tag Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Internet Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… L3 Src: 54.148.157.46 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/…`
  • 35. VPC pricing Cost per VPC: $0.00 Cost per subnet: $0.00 Upcharge per instance: $0.00
  • 38. VPC as a platform VPN and Direct Connect Security group egress filtering Network ACLs Routing tables Elastic network interfaces (ENIs) Multiple IPs
  • 39. Amazon S3 endpoints 172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.2.12
  • 40. Amazon S3 endpoints 172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.2.12
  • 41. L3 Src: 10.0.0.2 L3 Dst: 54.231.33.89 TCP/HTTP/… Server 192.168.0.3 Server 192.168.0.4 … Edge 192.168.4.3 Edge 192.168.4.4 10.0.1.3 10.0.0.4 10.0.0.2 10.0.0.2 L3 Src: 10.0.0.2 L3 Dst: 54.231.33.89 TCP/HTTP/… VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.4 Edges Mapping Service Host 10.0.0.4  192.168.0.4 Host 10.0.1.4  192.168.0.4 … 172.16.0.0/16  Edge 192.168.4.3 S3.us-east-1  Edge 192.168.4.4 …
  • 42. A new Edge: Amazon S3 Edge 192.168.4.4 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.4 L3 Src: 10.0.0.2 L3 Dst: 54.231.33.89 TCP/HTTP/… VPC Endpoint 1a2b3c4d Src: 54.68.100.245 Dst: 54.231.33.89 L3 Src: 10.0.0.2 L3 Dst: 54.231.33.89 TCP/HTTP/… Amazon S3 endpoint
  • 43. Amazon S3 endpoints and policy 172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.2.12 { "Statement": [ { "Sid": "Access-to-specific-bucket-only", "Principal": "*", "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"] } ] } { "Statement": [ { "Sid": "Access-to-specific-VPC-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::my_secure_bucket", "arn:aws:s3:::my_secure_bucket/*"], "Condition": { "StringNotEquals": { "aws:sourceVpc": "vpc-111bbb22" } } } ] }