Successfully reported this slideshow.
Your SlideShare is downloading. ×

Serverless Networking - How We Provide Cloud-Native Connectivity for IoT Devices

Ad

Serverless Networking - How We Provide
Cloud-Na8ve Connec8vity for IoT Devices
Steffen Gebert, EMnify
emnify.com/devs

Ad

Serverless Networking –
How We Provide Cloud-Native
Connectivity for IoT Devices
Steffen Gebert
AWS Community Day – Bay Ar...

Ad

In serverless, the network is taken for granted. But what if the
network is the product? Is there a routerless? Does it st...

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Ad

Loading in …3
×

Check these out next

1 of 51 Ad
1 of 51 Ad
Advertisement

More Related Content

Slideshows for you (18)

Similar to Serverless Networking - How We Provide Cloud-Native Connectivity for IoT Devices (20)

Advertisement

More from Steffen Gebert (20)

Advertisement

Serverless Networking - How We Provide Cloud-Native Connectivity for IoT Devices

  1. 1. Serverless Networking - How We Provide Cloud-Na8ve Connec8vity for IoT Devices Steffen Gebert, EMnify emnify.com/devs
  2. 2. Serverless Networking – How We Provide Cloud-Native Connectivity for IoT Devices Steffen Gebert AWS Community Day – Bay Area, 13.11.2020
  3. 3. In serverless, the network is taken for granted. But what if the network is the product? Is there a routerless? Does it still have a CLI? Interconnecting networks on AWS - most of us think of VPCs here - felt limited to something like pulling a cable from A to B. Deeper control - for those who miss their big fat routers - required own deployments in EC2 instances. With AWS Transit Gateway, more complex networking architectures can finally be implemented in a serverless - sorry, routerless - fashion. At EMnify, we run a connectivity platform for the Internet of Things based on cellular connectivity. Our customers' IoT devices often do not require access to the Internet, but are restricted to customer- owned networks reachable through VPN for security purposes. Using AWS Transit Gateway (TGW), we are now able to wire customer VPCs securely with their IoT devices. By sharing the TGW with their AWS accounts, customer VPCs can be attached, while being isolated from other customers through in routing domains. The provisioning process is triggered by the customer through an API call and starts the execution of an AWS Step Functions workflow. The state machine ensures correct order of calls towards AWS APIs for creating resource shares, waiting up to 7 days for acceptance, and finally setting up routing in the TGW. With such state machines, not only the happy path is handled serverless - and also humanless, but also error cases are caught to ensure failed provisionings do not leave stale resources behind. Overall, serverless networking and serverless orchestration allowed us at EMnify to build our new Cloud-Native Connectivity features not only within short time, but with nearly no long-term maintenance efforts. 3All rights reserved | Confidential Abstract 17.11.20
  4. 4. Thanks to Our Sponsors! 17.11.20 @StGebert 4
  5. 5. Agenda 1. Serverless for Network Enthusiasts 2. Cellular IoT Connectivity 3. Cloud Native IoT Connectivity Data Plane Implementation Demo 🤞 Control Plane implementation
  6. 6. We ❤ serverless E V E R Y B O D Y
  7. 7. Serverless for Network Enthusiasts
  8. 8. • Joined EMnify in 2017 • Started with AWS in 2017 • PhD on software based networking from University of Würzburg, Germany About Myself @StGebert ❤ @StGebert 8
  9. 9. The Network
  10. 10. VPC Peering? @StGebert 10 VPC VPC Peering connection ImagePeggyundMarcoLachmann-AnkefromPixabay https://pixabay.com/users/peggy_marco-1553824
  11. 11. Network Functions
  12. 12. Serverless’y Network Functions @StGebert 12 Traffic mirroring NAT gateway Amazon VPC AWS PrivateLink AWS Global Accelerator AWS Transit Gateway AWS Direct Connect AWS Client VPN AWS Site-to-Site VPN Elastic Load Balancing Flexibility & Control
  13. 13. • Essentially a router • Attachments (”the cables”) • Routing table – per attachment • Separate routing domains possible • Flat, Isolated, .. • More than a just routing • Implemented by AWS HyperPlane AWS Transit Gateway 13@StGebert Source: AWS Transit Gateway Reference Architectures for Many Amazon VPCs
  14. 14. VPCs (via ENI) Attachment Types VPN (Site-to-Site IPsec) Direct Connect Other TGWs (in other regions)
  15. 15. 15 Serverless Feelings Horizontally Scalable Somebody else fixes it @StGebert API
  16. 16. Is this called “routerless”? N O B O D Y
  17. 17. Another fleet of EC2 instances to terminate S T E F F E N
  18. 18. Connecting the Internet of Things
  19. 19. 19 Cellular Connectivity Anywhere in the World @StGebert 180 countries 540 networks 2G, 3G, 4G, LTE-M, NB-IoT Pay-as-you go pricing with data pooling
  20. 20. Supporting Global IoT Deployments Home-routing of roaming SIM data prevents distributed architecture EMnify’s mobile core network is deployed in multiple AWS regions – keeping data local 20@StGebert
  21. 21. Connectivity Management Complete Cost & Network Control • SIM contract lifecycle to activate & suspend SIM at any time Real-time Insights • Visibility and management of networks, devices and connectivity • Remote Device Access • Business Reports
  22. 22. Built for Integration API-First Approach • RESTful APIs for device management, SMS & USSD webhooks • DataStreamer to cloud and 3rd party services: AWS QuicksSght, PowerBI, BigQuery, Salesforce, Keen.io, Datadog, Devicepilot, Automate.io
  23. 23. Why required in IoT B2B? • Remote access for support teams • Additional security layer • Circumvent carrier grade NAT Drawbacks • Setup and recurring costs (private APN, static IP, IPsec, RADIUS) • Complex IP config to setup redundant tunnels over public internet • Time to deliver: 2-6 weeks 23@StGebert Secure Private Network for Cellular IoT Private APN
  24. 24. Implementing EMnify’s Cloud Native Connectivity (CNC)
  25. 25. Simplifying Private Networks with EMnify & AWS @StGebert 25 AWS Native Implementation • EMnify secures data up to AWS • Private network connection using AWS-native features Benefits • No need for private APN, IPsec • Highly available by design • Available immediately
  26. 26. Roaming-based Internet Access 26 Internet Telco world GRX/IPX @StGebert
  27. 27. Private Link Transit Gateway Solution Space for Private Connectivity Limits use cases (one-way connectivity, TCP only) Limits scale 👍 VPC Peering VPN No fun area 27@StGebert
  28. 28. CNC Transit Gateway Setup @StGebert 28 Transit Gateway
  29. 29. • Regional resource • Automatically available in all AZs TGW Creation
  30. 30. CNC Transit Gateway Setup @StGebert 30 Transit Gateway EMnify Core VPC
  31. 31. • Associate with subnets in all used AZs! • Add route to routing table Attachment EMnify Core VPC
  32. 32. CNC Transit Gateway Setup @StGebert 32 Transit Gateway EMnify Core VPC Customer A VPC
  33. 33. • Resource Share needed to be later shared with specific customer accounts. Resource Share AWS Resource Access Manager
  34. 34. • Triggered by customer side Attachment Customer VPC
  35. 35. CNC Transit Gateway Setup @StGebert 35 Transit Gateway Route Table EMnify Core EMnify Core VPC Customer A VPC Customer B VPC Customer C VPC
  36. 36. • Static routes to customer VPCs Route Tables
  37. 37. • Associated with our VPC only (egress traffic from our PoV) Route Tables
  38. 38. CNC Transit Gateway Setup @StGebert 38 Transit Gateway Route Table Customers Route Table EMnify Core EMnify Core VPC Customer A VPC Customer B VPC Customer C VPC
  39. 39. Route Tables
  40. 40. CNC Transit Gateway Setup @StGebert 40 Transit Gateway Route Table Customers Route Table EMnify Core EMnify Core VPC Customer A VPC Customer B VPC Customer C VPC North- South Traffic only
  41. 41. Data Plane @StGebert 41 Traffic Flow
  42. 42. TGW Bonus Points
  43. 43. Independence of our core network deployment regions 43 Cross-Region TGW Peering @StGebert
  44. 44. • Replacing custom IPsec setups with managed AWS Site-to-Site VPN • Advantages API Highly available (BGP) Somebody else fixes it IPsec VPN ¯_(ツ)_/¯ All rights reserved | Confidential17.11.20
  45. 45. Demo
  46. 46. Control Plane
  47. 47. • Customer portal / REST API 48 Enabling Self-Service @StGebert
  48. 48. Orchestration Layer 49@StGebert
  49. 49. • More and more serverless network functions in AWS • New use cases possible “the serverless way” through TGW • Data path taken care of by AWS • Control plane accessible via APIs • EMnify’s Connectivity Platform for the IoT • Cloud Native Connectivity implementation using TGW • Fully serverless data plane and control plane • Shorter delivery time, better stability Conclusion 50@StGebert
  50. 50. Need a Lockdown Project? Go to emnify.com/devs

×