Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Leadership Session: Networking (NET209-L) - AWS re:Invent 2018

630 views

Published on

Join Dave Brown, VP of EC2 Networking at AWS, to learn about the new services and features we launched this year. Dave also share our vision for the future of connectivity in the cloud and the ongoing evolution of networking capabilities. Dave covers the entire suite of networking services, including Amazon Virtual Private Cloud (Amazon VPC), Elastic Load Balancing, AWS PrivateLink, VPN, and AWS Direct Connect. In addition, Dave reviews some real-world customer scenarios and how AWS networking solves those in a secure, reliable, flexible, and highly performant way.

  • Be the first to comment

Leadership Session: Networking (NET209-L) - AWS re:Invent 2018

  1. 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Networking: what’s new in networking and content delivery Dave Brown Vice President - EC2, Compute & Networking N E T 2 0 9 - L
  2. 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Broadest customer base for networking Startup Enterprise Public Sector SI/ISV
  3. 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  4. 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. *Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Smith, Dennis, Leong, Lydia, Bala, Raj, May 2018 G00336148 This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from AWS : https://www.gartner.com/doc/reprints?id=1-2G2O5FC&ct=150519&st=sb Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. AWS positioned as a leader in the Gartner Magic Quadrant for Cloud Infrastructure as a Service
  5. 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS positioned as a leader in the IDC MarketScape: Worldwide Infrastructure as a Service 2017 Vendor Assessment *SOURCE: "IDC MarketScape: Worldwide Infrastructure as a Service 2017 Vendor Assessment", by Deepak Mohan, Erik Berggren and Laura DuBois, September 2017 IDC # US43073916. IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5- year timeframe. Vendor market share is represented by the size of the circles. Vendor year-over-year growth rate relative to the given market is indicated by a plus, neutral or minus next to the vendor name. AWS has effectively defined and led the core offering portfolio in the public cloud IaaS market. “ ”
  6. 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer obsessed of roadmap originates with customer requests
  7. 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our networking & content delivery business Edge location Route tableFlow logs Internet gateway NAT gateway Network access control list Classic load balancer Streaming distribution Peering Router VPN Connection VPN Gateway Network load balancer Download distribution Hosted zoneCustomer gateway Elastic network adapter Elastic network interface Endpoints Application load balancer Direct Connect gateway
  8. 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. A network for the world’s workloads delivered through continuous innovation
  9. 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous innovation Superior network: abundant, fast, always on
  10. 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous innovation Superior network: abundant, fast, always on
  11. 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Global Infrastructure • 19 Regions with 58 Availability Zones • 5 Regions coming soon: Bahrain, Cape Town, Hong Kong SAR, Stockholm, and second USA GovCloud
  12. 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 150 CloudFront PoPs • 139 Edge Locations • 11 Regional Edge Caches
  13. 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 89 Direct Connect Locations
  14. 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon Global Network • Redundant 100 GbE network • Private network capacity between all AWS region, except China
  15. 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why have a backbone network?
  16. 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  17. 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. HAWAIKI
  18. 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. BAY TO BAY EXPRESS
  19. 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. JUNIPER
  20. 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multiple services traverse the backbone
  21. 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Content Distribution with Amazon CloudFront Fast, massively scaled and globally distributed Highly Programmable Deep Integration with AWS Network and application protection at the edge
  22. 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private connectivity with AWS Direct Connect Dedicated private connection from on-premised to AWS Consistent network performance Reduced bandwidth costs Compatible with all AWS services
  23. 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Private connectivity with Inter-region Peering Private connectivity for two or more VPCs between regions Highly available, no single point of failure All traffic stays on the AWS global backbone network All traffic encrypted and anonymized
  24. 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multiple services traverse the backbone
  25. 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Local ISP Network A B C D E F Access Application! Accessing your application is not this straightforward!It can take many networks to reach the application Paths to and from the application may differ Each hop impacts performance and can introduce risk Introducing AWS Global Accelerator
  26. 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Local ISP AWS Network Accessing your web applications with AWS Global Accelerator Adding AWS Global Accelerator removes these inefficiencies Leverages the Global AWS Network Resulting in improved performance
  27. 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing AWS Global Accelerator 1
  28. 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multiple services traverse the backbone
  29. 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. There is no compression algorithm for experience. —Andy Jassy, CEO AWS “ ”
  30. 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  31. 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  32. 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  33. 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  34. 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  35. 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Everything fails all the time. —Werner Vogels, CTO AWS “ ”
  36. 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  37. 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  38. 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Regional Network Availability less than 1/10th the networking downtime
  39. 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  40. 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Global Network Availability Only never
  41. 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous innovation Superior network: abundant, fast, always on
  42. 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Strengthen your security posture Over 50 global compliance certifications & accreditations Benefit from AWS industry leading security teams 24/7, 365 days a year World-class network performance and capabilities Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers. Rob Alexander, CIO
  43. 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access IAM Manage user access and encryption keys Single Sign-On Cloud single sign-on for AWS accounts and business apps Directory Service Host and manage Microsoft Active Directory Organizations Manage settings for multiple accounts Resource Access Manager Share resources across multiple accounts Secrets Manager Rotate, manage, and retrieve secrets Cognito Identity management for your apps Detective controls and Management Security Hub Centrally view and manage security alerts and automate compliance checks GuardDuty Continuous threat detection & monitoring Service Catalog Create and use standardized products Launch Templates Standardize deployments across resources Config Track resource inventory and changes CloudTrail Track user activity and API usage CloudWatch Monitor resources and applications Inspector Analyze application security Artifact Self-service for AWS’ compliance reports Data protection Key Management Service Manage creation and control of encryption keys Certificate Manager Provision, manage, and deploy SSL/TSL certificates ACM Private CA Private certificate authority CloudHSM Hardware-based key storage Macie Discover, classify, and protect data Server-side Encryption Flexible data encryption options Encrypted Boot & EBS volumes Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC Flow Logs Elastic Load Balancing Secure network and application load balancing Web Application Firewall Filter malicious web traffic Shield DDoS protection Firewall Manager Manage WAF rules across accounts PrivateLink Securely access services hosted on AWS Best security building blocks in the cloud
  44. 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access Resource Access Manager Share resources across multiple accounts Detective controls and Management Data protection Networking and infrastructure Best security building blocks in the cloud
  45. 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access Resource Access Manager Share resources across multiple accounts Detective controls and Management Data protection Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC Flow Logs Best security building blocks in the cloud
  46. 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Virtual Private Cloud (VPC) security tools Virtual Private Cloud Provision a logically isolated cloud where you can launch AWS resources into a virtual network VPC Endpoints Private and secure connectivity to Amazon S3 and Amazon DynamoDB Security Groups & ACLs NAT Gateway Flow Logs
  47. 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access Resource Access Manager Share resources across multiple accounts Detective controls and Management Data protection Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC Flow Logs Best security building blocks in the cloud
  48. 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access Resource Access Manager Share resources across multiple accounts Detective controls and Management Data protection Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC Flow Logs Elastic Load Balancing Secure network and application load balancing Best security building blocks in the cloud
  49. 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Elastic Load Balancing Distributed incoming traffic across multiple targets TLS offloading and user authentication Cost effective Capable of handling rapid changes in traffic Classic Load Balancer | |
  50. 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Elastic Load Balancing security tools
  51. 51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access Resource Access Manager Share resources across multiple accounts Detective controls and Management Data protection Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC Flow Logs Elastic Load Balancing Secure network and application load balancing Best security building blocks in the cloud
  52. 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity, directory, and access Resource Access Manager Share resources across multiple accounts Detective controls and Management Data protection Networking and infrastructure Virtual Private Cloud Isolated cloud resources VPC Flow Logs Elastic Load Balancing Secure network and application load balancing PrivateLink Securely access services hosted on AWS Best security building blocks in the cloud
  53. 53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS PrivateLink Momentum Share services privately between VPCs and on-premises networks Secure. Scalable. Reliable.
  54. 54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Marketplace network security partners
  55. 55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous innovation Superior network: abundant, fast, always on
  56. 56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. World-class network performance C1 • 1 Gbps CC1 • 10 Gbps C3 • Enhanced Networking • 20x PPS • <100 µs latency C4 • EBS optimized by default C5 • ENA • 25 Gbps • <50 µs latency C5n • EFA • 100 Gbps • 3x PPS
  57. 57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fastest networking in the cloud C5n Fastest compute for high performance workloads
  58. 58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fastest networking in the cloud P3dn Fastest machine learning training in the cloud
  59. 59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Fastest networking in the cloud Elastic Fabric Adapter, best for large HPC workloads
  60. 60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous innovation Superior network: abundant, fast, always on
  61. 61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The network should not slow things down, but rather promote innovation. —David Brown “ ”
  62. 62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Critical criteria for the cloud network VPC Transit Gateway Easily scale connectivity across VPCs, accounts and on-premises networks
  63. 63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Elastic Load Balancing security tools AWS Transit Gateway radically evolved and simplified cloud networking. Using Transit Gateway, we reduced the time to interconnect new VPCs and on-premise networks from weeks to minutes while attaining consistent and more reliable network performance! Khoder Shamy, Director, Cloud Platform and Infrastructure, Fuze “ ”
  64. 64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPN connectionCustomer gateway Amazon VPC Amazon VPC AWS Direct Connect Gateway VPC peering VPC peering VPC peering Amazon VPC Amazon VPCVPC peering VPN connection VPN connection VPC peering Before Transit Gateway …
  65. 65. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. With Transit Gateway … Transit Gateway Amazon VPCAmazon VPC Amazon VPCAmazon VPC Customer gateway VPN connection AWS Direct Connect Gateway
  66. 66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Critical criteria for the cloud network Shared VPC Easily share VPC networks between AWS accounts, providing central oversight and control for networking engineers
  67. 67. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared VPC Avoid creating a single large VPC and sharing it with an entire organization. Instead, use VPC sharing together with Transit Gateway and AWS Private Link
  68. 68. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Critical criteria for the cloud network
  69. 69. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Making networking as simple and dynamic as compute and storage
  70. 70. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aviatrix Orchestration of Transit Gateway
  71. 71. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aviatrix Transit Gateway Orchestration in action 1. Create Domains e.g. Dev, Prod, Shared 2. Attach VPCs to TGW Auto-configure routes 3. Attach Direct Connect Auto-configure routes 4. Discover and attach new VPCs Dev Domain Prod Domain Edge VPC Dev VPC Dev VPC Dev VPC Prod VPC Prod VPC Route Table TRANSIT GATEWAY (TGW) Prod VPC Shared Services Domain Orchestrator for your herd of VPCs! ControllerAVX AVX Gateway Shared Services Prod cannot reach Dev TGW Route Tables
  72. 72. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Aviatrix + Transit Gateway CloudSquad™ Service: Concierge service to migrate your existing third-party transit VPC to TGW Visibility Workflow Orchestration & Automation ✓ Dynamic route propagation ✓ Advanced troubleshooting Zero-trust VPC segmentation ✓ Integrated with Route Domains ✓ Compliance reporting Edge connectivity & Multicloud ✓ Direct Connect support ✓ Egress security
  73. 73. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous innovation Superior network: abundant, fast, always on
  74. 74. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. It’s critical to provide a seamless networking experience between on-premises networks and the AWS cloud.
  75. 75. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid connectivity solutions
  76. 76. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Route 53 Resolver Managed DNS resolver service from Route 53 Enables hybrid DNS resolution over Direct Connect and VPN Create conditional forwarding rules to re-direct query traffic
  77. 77. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid connectivity solutions
  78. 78. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Client VPN
  79. 79. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid connectivity solutions AWS Outposts Run key AWS services on AWS hardware within your own data center.
  80. 80. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Announcing AWS Outposts AWS Outposts
  81. 81. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How AWS Outposts works AWS Outposts
  82. 82. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Superior network: abundant, fast, always on Continuous innovation
  83. 83. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Launched since last re:Invent Slow Start for ALB Authentication on ALB Redirects on ALB Fixed Response on ALB Network Load Balancing Support on VPC VPC Flow Logs to S3 Network Improvements for EC2 Instances AWS Direct Connect Jumbo Frames Field Level Encryption for CloudFront Error Responses from your origin on Lambda@ S3 Origin Support for Lambda@Edge Amazon Route53 AutoNaming Recent announcements AWS Global Accelerator C5n for HPC P3dn for Machine Learning Elastic Fabric Adapter for MPI Transit Gateway Shared VPC Route 53 Resolver Client VPN AWS Outposts
  84. 84. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  85. 85. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. This is our network… 144CloudFront PoPs 94Direct Connect locations
  86. 86. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Global Network • Redundant 100GbE network • Redundant private capacity between all Regions except China
  87. 87. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Simple and easy to use Application Load Balancer: rich layer 7 features Advanced request routing HTTP/HTTPS (Layer 7) Load Balancing Latest Web Protocols Container support Rapid innovation in 2018 Multiple certificates (SNI) Authentication SupportHost-based Routing

×