We believe in architecting application centric IT infrastructure that is focused on building business efficiency and scalability utilizing hybrid cloud and converged models of IT service delivery.
4. Public Cloud Solutions
EC2
AZ1
Route53 DNS
Internet
Cloud Front
CDN
EL
B
• Typical Internet facing web app
• Internet – well connected, high
speed
• Low establishment cost
• Network performance non
guaranteed
• Public Internet
• Globally scalable via Cloud Front
Internet Router
performing NAT
192.168.1.0/24
office/home network
RDS
DB
EC2
AZ2
EL
B
RDS
DB
S3 S3
5. Virtual Private Cloud (VPC)
Solutions
VPC CIDR 10.1.0.0/16
Availability Zone A Availability Zone B
Public Subnet Public Subnet
Private Subnet Private Subnet
Instance A
10.1.1.11 /24
Instance B
10.1.2.22 /24
Instance C
10.1.3.33 /24
Instance D
10.1.4.44 /24
10.1.1.0/16
10.1.2.0/16
10.1.3.0/16
Direct
Connect
Hardware
VPN
(IPSec
Internet)
VGW
IGW
Corpora
te Office
Corpora
te Office
• Your own private, isolated
section of the AWS cloud
• Corporate DC extension into
AWS
• Grouping of EC2 instances and
other services within a private
IP address range i.e.
10.1.0.0/16
• Subnets are local per AZ (layer
3 DCDC design)
• Failover is via SLB or DNS – no
VMotion like failover
• Complete control over
networking & security
6. VPC Components
VPC CIDR 10.1.0.0/16
Availability Zone A Availability Zone B
Public Subnet Public Subnet
Private Subnet Private Subnet
Instance A
10.1.1.11 /24
Instance B
10.1.2.22 /24
Instance C
10.1.3.33 /24
Instance D
10.1.4.44 /24
10.1.1.0/16
10.1.2.0/16
10.1.3.0/16
Direct
Connect
Hardware
VPN
(IPSec
Internet)
VGW
IGW
Corpora
te Office
Corpora
te Office
• IGW Internet Gateway
• VGW Virtual Private
Gateway
• CGW – Customer Gateway
• Subnets
• Route tables
• Direct Connect
• Hardware VPN
• Security Groups & ACLs
CGWCGW
12. AWS Direct Connect Anatomy
Customer DCColocation Facility - e.g. Equinix SV1
VPC CIDR 10.1.0.0/16
AS7224
Customer Subnet
192.168.0.0/16
AS65442
AWS Direct Connect POP
Co-location rack within
same DC ie Equinix Sydney
Customer or partner
device
CGW
AWS Direct Connect
Point of Presence
Customer Gateway
Cross Connect
Customer Datacenter
Service Provider
(MPLS L3 IP VPN or VPLS)
Private Virtual Interface
dot1q VLAN 666
Instance A
10.1.1.11 /24
Availability Zone A Availability Zone B
Public Subnet Public Subnet
Private Subnet Private Subnet
Instance B
10.1.2.22 /24
Instance C
10.1.3.33 /24
Instance D
10.1.4.44 /24
10.1.1.0/16
10.1.2.0/16
10.1.3.0/16
VGW
BGP over /30 routed subnet
VLAN on dot1q trunk
BGP via managed Service
Provider Network
169.254.247.16/30
.17 .18
14. BGP
• Border Gateway Protocol
• Needed to implement network redundancy
• Standards based protocol used to connect the global
Internet
• Exchanges routes ‘prefixes’ between ‘neighbours’
• Uses AS numbers ie AS 65001
AS_PATH measure of network distance
• Local Preference – means to override AS_PATH locally
• Used by AWS to connect to customers and advertise
routes.
– Direct Connect (mandatory)
– IPSec VPN (optional)
• BiDirectional Forwarding Detection (BFD) – speeds up
failover to as low a 150ms. Standard BGP can be 180 sec.