SlideShare a Scribd company logo

AWS Meetup - surviving the hybrid cloud - a network perspective

T
Tudor Paul Toma ☁

AWS Meetup - surviving the hybrid cloud - a network perspective

Technology
1 of 22
Download to read offline
©2017 Cloudreach Surviving the Hybrid Cloud Network Connectivity Tudor Paul Toma
©2017 Cloudreach Agenda Surviving the Hybrid Cloud Why Hybrid? Transitive routing Hybrid Challenges Requirements $$Cost$$ Availability / resiliency Outbound internet Summary Q&A Options (..many options) Accessing resources
©2017 Cloudreach Limited First things first … Surviving the Hybrid Cloud 3 Why On-premises? ● Medium - Large enterprise ● CAPEX investments ● Cloud Trust issues ● Monolit applications ● Security policies ● Compliance issues ● Team skills ● Ongoing partnerships
©2017 Cloudreach Limited Why Hybrid? Surviving the Hybrid Cloud 4 ● On-premise ● High fixed cost ● Known security ● Full control ● Low reskill cost On-premises Hybrid Cloud ● Necessary “evil” ● Lower cost ● Trusted security ● Partial reskill ● Elasticity/Availability ● Cloud native services ● Modern applications ● More adoption ● Organic evolution ● Less disruptive Public Cloud ● Off-premise ● Low variable cost ● New security model ● Elasticity ● Availability ● Flexibility ● Cloud native services
©2017 Cloudreach Limited Hybrid Cloud Surviving the Hybrid Cloud 5 .. a lot of them ... Access Management Network connectivity Service availability Security enforcement Network services App Extension ... App Migration Compliance
©2017 Cloudreach Limited Connectivity requirements Surviving the Hybrid Cloud 6 ● Latency - what are the acceptable limits? ● Bandwidth - what is the average need? How big are the spikes? ● Traffic type - understand the traffic type, choose the best option ● Cloud usage - primary, secondary, elastic backend ● Internet access - inbound/outbound? Use AWS IGW or existing? ● Availability - is HA valid end to end? Need for uptime ● Cost - budget? ● Maintenance/Management - network team available? willing? ● Emergency - how quickly is the connection(s) needed? ● Security - what are the accepted levels? ● Routing - static/dynamic
©2017 Cloudreach Limited Why so much planning? Surviving the Hybrid Cloud 7 ...because we want to go in holidays...
©2017 Cloudreach Limited Connectivity options (Site to site) Surviving the Hybrid Cloud 8 ● Transport - physical ○ Over Public Network ○ Over Private Line - DirectConnect ● Routing ○ Static - manually maintained routes ○ Dynamic - BGP ● Traffic engineering ○ Link resiliency ○ Link aggregation ● Access ○ Outbound Internet ○ Transitive: Meshed vs Hub and Spoke
©2017 Cloudreach Limited Options Surviving the Hybrid Cloud 9 AWS managed VPN - single connection, single location 1 VPN connection, 2 IPsec tunnels 1 location, 1 CGW 1 on-premise network 1 SA per tunnel, 2 in total
©2017 Cloudreach Limited More options Surviving the Hybrid Cloud 10 AWS managed VPN - multiple connections, single location 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 1 on-premise network 1 SA per tunnel, 4 in total For BGP: ASN (public or private), peer IPs
©2017 Cloudreach Limited Even more options Surviving the Hybrid Cloud 11 AWS managed VPN - multiple connections, multiple locations 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 2 on-premises networks
©2017 Cloudreach Limited Different options Surviving the Hybrid Cloud 12 Software VPN - customer maintained VPN appliance Vendor (Cisco CSR1000v, Sophos UTM9, Paloalto, Fortinet) or opensource (pfsense, vns3, mikrotik) Extra: - ensure tunnel availability - Ensure appliance HA - Manage patching/configuration - Manage security
©2017 Cloudreach Limited Dedicated or hosted options Surviving the Hybrid Cloud 13 Direct connect (DX) - At least 2 DX locations per region (Frankfurt has 13!!) - 3 DX transport options 1. Owned router in the location (only 1 or 10gbps) 2. Partner provided circuit (sub-gig) 3. Service provider MPLS extension - Can be paired with a hardware VPN connection
©2017 Cloudreach Limited Connectivity cost Surviving the Hybrid Cloud 14 ● Over Public Network - Internet ■ AWS Managed VPN (single or multi region) ● $0.05 / VPN connection hour (available time) ● Outbound traffic only ■ Software VPN ● Instance + license cost ● Outbound traffic only ● Over Private Line - DirectConnect ■ DX - You own location Router (1gbps or 10gbps) ● Port-hour ($0.30 or $2.25) + ● Data Out $0.02/GB (e.g. EU to EU) ■ DX - AWS Partner provided L2 circuit (>50mbps) ● Port-hour ($0.03 or $0.30) + data out ■ DX - Service Provider network (MPLS circuit) ● Circuit/colocation cost
©2017 Cloudreach Limited Connection availability Surviving the Hybrid Cloud 15 DirectConnect + VPN 2 x DX, 1 x circuit (router) 2 x DX, 2 x circuits (routers) 2 x DX, 2 x circuits (routers), 2 x DC
©2017 Cloudreach Limited Routing preference Surviving the Hybrid Cloud 16 So how is the routing decision taken in case of overlap? ● Most prefered: VPC local routes ● Then: Most specific prefix wins ● Still prefered: Static routes ● Not quite last: Dynamic DirectConnect routes ● Second last: VPN static routes ● Last resort: VPN BGP routes: shortest AS_PATH first
©2017 Cloudreach Limited Connection resiliency and aggregation Surviving the Hybrid Cloud 17 ● Active-Active ○ BGP equal-cost (ECMP) ○ Aggregate bandwidth ● Active-Standby ○ One prefered path ○ Use BGP AS_PATH or BGP local pref ● BGP fact sheet ○ Dynamic routing ○ Peering, sessions, prefix exchange ○ Uses ASN (ex. AWS has fixed ASN) ○ iBGP, eBGP
©2017 Cloudreach Limited VPC outbound internet Surviving the Hybrid Cloud 18 VGW + AWS IGW --->>> <<<--- VGW + DC Internet - Originate default route (how?) - Reuse existing connection - Control outbound connection (proxy?) - A must: VPC endpoints (S3, SSM, KMS, etc)
©2017 Cloudreach Limited Accessing VPC resources Surviving the Hybrid Cloud 19 ● Private Virtual interface to access the VPC ● The same VGW is used for both DX and Managed VPN ● Virtual Interface is mapped with a unique VLAN ID ● No transitive routing ● Hairpinning (router on a stick) possible ● Public virtual interface needed for VPC endpoints access
©2017 Cloudreach Limited Transitive routing? Surviving the Hybrid Cloud 20 WHY? ● Routing between VPCs is non-transitive ● Connection limits: ○ Managed VPN: Per region, per VGW ○ DX: per VIF, per region, routes per session ● Scale and number of VPC which participate How exactly? ● Using software VPN appliances ● Opting for ○ Partially or fully meshed design ○ Or Hub and spoke design ● Challenges: ○ Management overhead / Deploy time / Automation
©2017 Cloudreach Limited Summary Surviving the Hybrid Cloud 21 ● Understanding hybrid cloud challenges and motivation ● Focus on Network connectivity - requirements ● Connectivity options ○ VPN ■ AWS Managed ■ Software VPN ○ DX ■ Hosted equipment - full port ■ Dedicated connection (sub-gig) ■ Service Provider MPLS circuit ● Availability and resiliency ● Outbound internet ● Transitive routing
©2017 Cloudreach 22 Vielen Dank! Thank you! Mulțumesc The nice thing about standards is that you have so many to choose from. Andrew S. Tanenbaum, Computer Networks, 2nd ed.

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
johnbeverley2021
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
danishmna97
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
FIDO Alliance
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
RaviKumarDaparthi
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
ScyllaDB
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
jbellis
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
Mohamed Sweelam
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Leah Henrickson
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
yogeshlabana357357
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
中 央社
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
MarkSteadman7
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
SOFTTECHHUB
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
Hyperleger Tokyo Meetup
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
danishmna97
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 

More Related Content

Recently uploaded

ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Skynet Technologies
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Paige Cruz
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
Muhammad Subhan
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
FIDO Alliance
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
Srushith Repakula
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
SOFTTECHHUB
 

Recently uploaded (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Navigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi DaparthiNavigating the Large Language Model choices_Ravi Daparthi
Navigating the Large Language Model choices_Ravi Daparthi
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
الأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهلهالأمن السيبراني - ما لا يسع للمستخدم جهله
الأمن السيبراني - ما لا يسع للمستخدم جهله
 
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on ThanabotsContinuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots
 
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
“Iamnobody89757” Understanding the Mysterious of Digital Identity.pdf
 
AI mind or machine power point presentation
AI mind or machine power point presentationAI mind or machine power point presentation
AI mind or machine power point presentation
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
The Ultimate Prompt Engineering Guide for Generative AI: Get the Most Out of ...
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
How to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in PakistanHow to Check GPS Location with a Live Tracker in Pakistan
How to Check GPS Location with a Live Tracker in Pakistan
 

Featured

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
Simplilearn
 

Featured (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

AWS Meetup - surviving the hybrid cloud - a network perspective

  • 1. ©2017 Cloudreach Surviving the Hybrid Cloud Network Connectivity Tudor Paul Toma
  • 2. ©2017 Cloudreach Agenda Surviving the Hybrid Cloud Why Hybrid? Transitive routing Hybrid Challenges Requirements $$Cost$$ Availability / resiliency Outbound internet Summary Q&A Options (..many options) Accessing resources
  • 3. ©2017 Cloudreach Limited First things first … Surviving the Hybrid Cloud 3 Why On-premises? ● Medium - Large enterprise ● CAPEX investments ● Cloud Trust issues ● Monolit applications ● Security policies ● Compliance issues ● Team skills ● Ongoing partnerships
  • 4. ©2017 Cloudreach Limited Why Hybrid? Surviving the Hybrid Cloud 4 ● On-premise ● High fixed cost ● Known security ● Full control ● Low reskill cost On-premises Hybrid Cloud ● Necessary “evil” ● Lower cost ● Trusted security ● Partial reskill ● Elasticity/Availability ● Cloud native services ● Modern applications ● More adoption ● Organic evolution ● Less disruptive Public Cloud ● Off-premise ● Low variable cost ● New security model ● Elasticity ● Availability ● Flexibility ● Cloud native services
  • 5. ©2017 Cloudreach Limited Hybrid Cloud Surviving the Hybrid Cloud 5 .. a lot of them ... Access Management Network connectivity Service availability Security enforcement Network services App Extension ... App Migration Compliance
  • 6. ©2017 Cloudreach Limited Connectivity requirements Surviving the Hybrid Cloud 6 ● Latency - what are the acceptable limits? ● Bandwidth - what is the average need? How big are the spikes? ● Traffic type - understand the traffic type, choose the best option ● Cloud usage - primary, secondary, elastic backend ● Internet access - inbound/outbound? Use AWS IGW or existing? ● Availability - is HA valid end to end? Need for uptime ● Cost - budget? ● Maintenance/Management - network team available? willing? ● Emergency - how quickly is the connection(s) needed? ● Security - what are the accepted levels? ● Routing - static/dynamic
  • 7. ©2017 Cloudreach Limited Why so much planning? Surviving the Hybrid Cloud 7 ...because we want to go in holidays...
  • 8. ©2017 Cloudreach Limited Connectivity options (Site to site) Surviving the Hybrid Cloud 8 ● Transport - physical ○ Over Public Network ○ Over Private Line - DirectConnect ● Routing ○ Static - manually maintained routes ○ Dynamic - BGP ● Traffic engineering ○ Link resiliency ○ Link aggregation ● Access ○ Outbound Internet ○ Transitive: Meshed vs Hub and Spoke
  • 9. ©2017 Cloudreach Limited Options Surviving the Hybrid Cloud 9 AWS managed VPN - single connection, single location 1 VPN connection, 2 IPsec tunnels 1 location, 1 CGW 1 on-premise network 1 SA per tunnel, 2 in total
  • 10. ©2017 Cloudreach Limited More options Surviving the Hybrid Cloud 10 AWS managed VPN - multiple connections, single location 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 1 on-premise network 1 SA per tunnel, 4 in total For BGP: ASN (public or private), peer IPs
  • 11. ©2017 Cloudreach Limited Even more options Surviving the Hybrid Cloud 11 AWS managed VPN - multiple connections, multiple locations 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 2 on-premises networks
  • 12. ©2017 Cloudreach Limited Different options Surviving the Hybrid Cloud 12 Software VPN - customer maintained VPN appliance Vendor (Cisco CSR1000v, Sophos UTM9, Paloalto, Fortinet) or opensource (pfsense, vns3, mikrotik) Extra: - ensure tunnel availability - Ensure appliance HA - Manage patching/configuration - Manage security
  • 13. ©2017 Cloudreach Limited Dedicated or hosted options Surviving the Hybrid Cloud 13 Direct connect (DX) - At least 2 DX locations per region (Frankfurt has 13!!) - 3 DX transport options 1. Owned router in the location (only 1 or 10gbps) 2. Partner provided circuit (sub-gig) 3. Service provider MPLS extension - Can be paired with a hardware VPN connection
  • 14. ©2017 Cloudreach Limited Connectivity cost Surviving the Hybrid Cloud 14 ● Over Public Network - Internet ■ AWS Managed VPN (single or multi region) ● $0.05 / VPN connection hour (available time) ● Outbound traffic only ■ Software VPN ● Instance + license cost ● Outbound traffic only ● Over Private Line - DirectConnect ■ DX - You own location Router (1gbps or 10gbps) ● Port-hour ($0.30 or $2.25) + ● Data Out $0.02/GB (e.g. EU to EU) ■ DX - AWS Partner provided L2 circuit (>50mbps) ● Port-hour ($0.03 or $0.30) + data out ■ DX - Service Provider network (MPLS circuit) ● Circuit/colocation cost
  • 15. ©2017 Cloudreach Limited Connection availability Surviving the Hybrid Cloud 15 DirectConnect + VPN 2 x DX, 1 x circuit (router) 2 x DX, 2 x circuits (routers) 2 x DX, 2 x circuits (routers), 2 x DC
  • 16. ©2017 Cloudreach Limited Routing preference Surviving the Hybrid Cloud 16 So how is the routing decision taken in case of overlap? ● Most prefered: VPC local routes ● Then: Most specific prefix wins ● Still prefered: Static routes ● Not quite last: Dynamic DirectConnect routes ● Second last: VPN static routes ● Last resort: VPN BGP routes: shortest AS_PATH first
  • 17. ©2017 Cloudreach Limited Connection resiliency and aggregation Surviving the Hybrid Cloud 17 ● Active-Active ○ BGP equal-cost (ECMP) ○ Aggregate bandwidth ● Active-Standby ○ One prefered path ○ Use BGP AS_PATH or BGP local pref ● BGP fact sheet ○ Dynamic routing ○ Peering, sessions, prefix exchange ○ Uses ASN (ex. AWS has fixed ASN) ○ iBGP, eBGP
  • 18. ©2017 Cloudreach Limited VPC outbound internet Surviving the Hybrid Cloud 18 VGW + AWS IGW --->>> <<<--- VGW + DC Internet - Originate default route (how?) - Reuse existing connection - Control outbound connection (proxy?) - A must: VPC endpoints (S3, SSM, KMS, etc)
  • 19. ©2017 Cloudreach Limited Accessing VPC resources Surviving the Hybrid Cloud 19 ● Private Virtual interface to access the VPC ● The same VGW is used for both DX and Managed VPN ● Virtual Interface is mapped with a unique VLAN ID ● No transitive routing ● Hairpinning (router on a stick) possible ● Public virtual interface needed for VPC endpoints access
  • 20. ©2017 Cloudreach Limited Transitive routing? Surviving the Hybrid Cloud 20 WHY? ● Routing between VPCs is non-transitive ● Connection limits: ○ Managed VPN: Per region, per VGW ○ DX: per VIF, per region, routes per session ● Scale and number of VPC which participate How exactly? ● Using software VPN appliances ● Opting for ○ Partially or fully meshed design ○ Or Hub and spoke design ● Challenges: ○ Management overhead / Deploy time / Automation
  • 21. ©2017 Cloudreach Limited Summary Surviving the Hybrid Cloud 21 ● Understanding hybrid cloud challenges and motivation ● Focus on Network connectivity - requirements ● Connectivity options ○ VPN ■ AWS Managed ■ Software VPN ○ DX ■ Hosted equipment - full port ■ Dedicated connection (sub-gig) ■ Service Provider MPLS circuit ● Availability and resiliency ● Outbound internet ● Transitive routing
  • 22. ©2017 Cloudreach 22 Vielen Dank! Thank you! Mulțumesc The nice thing about standards is that you have so many to choose from. Andrew S. Tanenbaum, Computer Networks, 2nd ed.