SlideShare a Scribd company logo

A day in the life of a billion packets - AWS Summit Cape Town 2017

Amazon Web Services
Amazon Web Services

In this session, we will walk through the Amazon VPC network presentation and describe the problems we were trying to solve when we created it. Next, we will discuss how these problems are traditionally solved, and why those solutions are not scalable, inexpensive, or secure enough for AWS. Finally, we will provide an overview of the solution that we've implemented and discuss some of the unique mechanisms that we use to ensure customer isolation, get packets into and out of the network, and support new features like VPC endpoints. AWS Speaker: Steve Seymour, Solution Architect - Amazon Web Services Customer Speaker: Kim Edwards – Network Engineering, Absa

Technology
1 of 63
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Steve Seymour – Principal Solutions Architect, AWS Kim Edwards – Network Engineering, ABSA July 2017 A day in the life of a billion packets @sseymour
Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance
Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – Direct Connect
AWS Direct Connect • Dedicated, private connection into AWS • 1 Gbps or 10 Gbps connections • Create private (VPC) or public virtual interfaces to AWS • Consistent network performance • Option for redundant connections • Uses BGP to exchange routing information over a VLAN
AWS Direct Connect AWS Region Direct Connect Location 16 Regions - 60 Direct Connect Locations
Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance - CloudFront
The Amazon CloudFront Service • Global Content Delivery Network with Massive Capacity and Scale • Optimized for Performance and Scale • Built in Security Features • Self-Service Full Control Configurations • Robust Real Time Reporting Amazon CloudFront • Static and Dynamic Object and Video Delivery
Edge location AWS Region / Regional Edge Cache Regional Edge Cache North America Cities: 19 PoPs: 27 Europe / Middle East / Africa Cities: 15 PoPs: 24 Amsterdam, The Netherlands (2) Berlin, Germany Dublin, Ireland Frankfurt, Germany (5) London, England (4) Madrid, Spain Marseille, France Milan, Italy Munich, Germany Paris, France (2) Prague, Czech Republic Stockholm, Sweden Vienna, Austria Warsaw, Poland Zurich, Switzerland Ashburn, VA (3) Atlanta, GA (3) Chicago, IL Dallas/Fort Worth, TX (3) Hayward, CA Jacksonville, FL Los Angeles, CA (2) Miami, FL Minneapolis, MN Montreal, QC Newark, NJ New York, NY (3) Palo Alto, CA Philadelphia, PA San Jose, CA Seattle, WA (2) South Bend, IN St. Louis, MO Toronto, ON CloudFront Regional Edge Caches Regional Edge Caches: 11 Oregon, N. Virginia, Ohio, Frankfurt, London, Sao Paulo, Mumbai, Singapore, Seoul, Tokyo, Sydney Asia Pacific Cities: 12 PoPs: 20 Chennai, India Hong Kong, China (3) Manila, the Philippines Melbourne, Australia Mumbai, India (2) New Delhi, India Osaka, Japan Seoul, Korea (3) Singapore (2) Sydney, Australia Taipei, Taiwan Tokyo, Japan (4) South America Cities: 2 PoPs: 3 Rio de Janeiro, Brazil (2) São Paulo, Brazil CloudFront Global Content Delivery Network 88 Edge Locations - 77 PoPs, 11 Regional Edge Caches (20 in last 12 months)
Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – Global Network
Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance - Region
Cloudfront Direct Connect VPC subnet 172.31.0.0/24 VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – Availability Zones EC2 Instance EC2 Instance Availability Zone “a” Availability Zone “b”
Cloudfront Direct Connect VPC subnet 172.31.0.0/24 VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – EC2 Instances EC2 Instance EC2 Instance Availability Zone “a” Availability Zone “b”
Unrestricted distribution AWS and ABSA – Network Journey ABSA Network Architecture and Engineering 5 July 2017 Kim Edwards
Unrestricted distribution Why AWS? 29 | AWS and ABSA - Network Journey 5 July 2017 SPEED We want to deploy Infrastructure Services and more... FASTER! 1 COST We don’t want to pay for services when we no longer need them. 2 FLEXIBILITY We want to be able to adapt to changing requirements without being locked into hardware 3
Unrestricted distribution First Deployment of “Bank-connected” VPC 30 | AWS and ABSA - Network Journey 5 July 2017 VPC Subnet X.X.X.X/X DMZ Trusted Network ABSA InternetVPN Internet VPN (IPSec VPN) Static Routes only No IGW in VPC No Custom Route Table No Expenditure Used existing hardware and links Very Restricted Access Communications can only be initiated from Bank Requirements Vague No Automation
Unrestricted distribution First Deployment of “Bank-connected” VPC 31 | AWS and ABSA - Network Journey 5 July 2017 VPC Subnet X.X.X.X/X DMZ Trusted Network ABSA InternetVPN Internet VPN (IPSec VPN) Static Routes only No IGW in VPC No Custom Route Table No Expenditure Used existing hardware and links Very Restricted Access Communications can only be initiated from Bank Requirements Vague No Automation
Unrestricted distribution Second Deployment of “Bank-connected” VPC’s 32 | AWS and ABSA - Network Journey 5 July 2017 Internet VPN’s Connections for 2 VPC’s via 1 ISP New Network for Developers Brand new environment for innovation VPC Peering Communications between different VPC’s a first Internet Gateway in one VPC Security Architecture well-defined and implemented Bi-directional Flow Security Groups and NACL’s allow for more “open” communications Automated provisioning of AWS “Infrastructure” begins! DevOps Network Trusted Network ABSA Internet VPN VPC B Subnet Y.Y.Y.Y/Y VPC A Subnet X.X.X.X/X Internet VPN
Unrestricted distribution Third Deployment of “Bank-connected” VPC’s 33 | AWS and ABSA - Network Journey 5 July 2017 ABSA Network ABSA Network Firewall ISP Router ISP Router Router Router ISPAWS MPLS Firewall Layer 2 handoff BGP Session IPSec VPN Tunnel IPSec VPN Tunnel VPC Subnet X.X.X.X/X Public Virtual Interface Public Virtual Interface ABSA Diverse Paths • Route diversity provided No Internet Gateway • New Trust model needed for dedicated links First DX Deployment • Deployed in one DC • Used Public VIF’s IPsec VPN • Traffic in transit encrypted Static Routes to ISP only • Still no BGP
Unrestricted distribution What’s Next? 34 | AWS and ABSA - Network Journey 5 July 2017 ABSA Data Centre ABSA ABSA Data Centre ABSA ABSA Data Centre ABSA CloudConnect Layer Shared services VPC Subnet Z.Z.Z.Z/X TRANSIT VPC Subnet X.X.X.X/X AZ 2 CSR 2 AZ 1 CSR 1 Spoke VPC Subnet Y.Y.Y.Y/X Spoke VPC Subnet Y.Y.Y.Y/X Spoke VPC Subnet Y.Y.Y.Y/X Target Architecture is now clearly defined Build Dedicated CloudConnect Layer in all Data Centers Secure High Performance Network to be deployed Add 2 New Providers for DX Connectivity Increase level of availability and DR for Network Deploy Transit VPC for Production Enable transitive routing in AWS and dynamic routing between Bank as well Automate! Provisioning to be as automated as possible
Unrestricted distribution Lessons Learnt 35 | AWS and ABSA - Network Journey 5 July 2017 •Start Small •Don’t wait for perfection before you begin •Fail Fast
Unrestricted distribution 36 | AWS and ABSA - Network Journey 5 July 2017 Thank you!
Cloudfront Direct Connect VPC subnet 172.31.0.0/24 VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – VPC EC2 Instance EC2 Instance Availability Zone “a” Availability Zone “b”
VPC Requirements Customer selected IP addresses Route aggregation for external connectivity Conformance with existing network designs
172.31.0.0/18 192.168.0.0/16 Routing Table • 192.168.0.0/16: stay here • 172.31.0.0/18: AWS 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.1.8 172.31.1.9 172.31.2.12 172.31.2.51 Amazon Virtual Private Cloud
This Is Just Virtual Networking! Subnet ~= VLAN VPC ~= VRF (virtual routing and forwarding) But…
Scaling Challenges VLAN ID space is constrained • 12 bits => 4096 total VLANs VRF support is constrained • Large routers => 1-2 thousand VRFs Fixed ratio of VLANs:VRFs
Implementation Requirements Scale to millions of environments the size of Amazon.com Any server, anywhere in a region can host an instance attached to any subnet in any VPC
Server: Physical host in an Amazon data center Instance: Amazon EC2 instance owned by a customer VPC: Amazon Virtual Private Cloud owned by a customer VPC ID: Identifier for a VPC such as vpc- 1a2b3c4d Mapping Service: Distributed lookup service. Maps VPC + Instance IP to server Concepts Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 … 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service
L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? The switch floods the ARP request out all ports L2 Src: MAC(10.0.0.3) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.3 is at MAC(10.0.0.3) The switch snoops the ARP response and learns the port for MAC(10.0.0.3). L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… Layer 2 (L2): Ethernet 10.0.0.2 10.0.0.3 Ethernet Switch
L2 Src: MAC(10.0.0.3) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.3 is at MAC(10.0.0.3) Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.0.3 Src: Mapping Service Dst: 192.168.0.3 Reply: Host: 192.168.1.4 MAC: MAC(10.0.0.3) L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? Layer 2 (L2): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
Src: Mapping Service Dst: 192.168.1.4 Mapping valid: Blue 10.0.0.2 is at 192.168.0.3 Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.2 is at 192.168.0.3 L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… Src: 192.168.0.3 Dst: 192.168.1.4 VPC: Blue Server 192.168.0.3 Server 192.168.0.4 Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2 Layer 2 (L2): VPC …
Src: 192.168.0.4 Dst: Mapping Service Query: Grey 10.0.0.3 L2 Src: MAC(10.0.0.4) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? VPC Isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
192.168.0.4 is not hosting any instances in VPC Blue. Mapping Denied Alarm Raised L2 Src: MAC(10.0.0.4) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? Src: 192.168.0.4 Dst: Mapping Service Query: Blue 10.0.0.3 VPC Isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.4 is at 192.168.0.4 Src: 192.168.0.4 Dst: 192.168.1.4 L2 Src: MAC(10.0.0.4) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.4 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… VPC: Blue Src: Mapping Service Dst: 192.168.1.4 Mapping invalid! 192.168.1.4 does not deliver the packet to the instance. Alarm Raised. VPC Isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.1? L2 Src: MAC(10.0.0.1) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.1 is at MAC(10.0.0.1) L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.1) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… Layer 3 (L3): IP Routing 10.0.0.2 10.0.1.3 Ethernet Switch Router Ethernet Switch L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/…
L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.1? L2 Src: MAC(10.0.0.1) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.1 is at MAC(10.0.0.1) Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.0.1 Src: Mapping Service Dst: 192.168.0.3 Reply: Host: Gateway MAC: MAC(10.0.0.1) Layer 3 (L3): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.1.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
Src: Mapping Service Dst: 192.168.0.3 Reply: Host: 192.168.1.4 MAC: MAC(10.0.1.3) Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.2 is at 192.168.0.3 L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.1) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… Src: Mapping Service Dst: 192.168.1.4 Mapping valid: Blue 10.0.0.2 is at 192.168.0.3 Layer 3 (L3): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.1.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.1.3 10.0.0.2 VPC: Blue Src: 192.168.0.3 Dst: 192.168.1.4
Caching Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 … 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/…
10.0.0.0/18 172.16.0.0/16 10.0.0.0/24 10.0.1.0/24 10.0.0.7 10.0.0.8 10.0.0.9 10.0.1.12 10.0.1.51 Getting Home – Or Anywhere, Really VPC: Blue Src: 192.168.0.3 Dst: ??? L3 Src: 10.0.0.7 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/…
Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Edges Server 192.168.0.3 Server 192.168.0.4 … Edge 192.168.4.3 Edge 192.168.4.4 10.0.1.3 10.0.0.4 10.0.0.2 Mapping Service 10.0.0.2 VPC: Blue Host 10.0.0.4 è 192.168.0.4 Host 10.0.1.4 è 192.168.0.4 … 172.16.0.0/16 è Edge 192.168.4.3 …
Edges: VPN Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… IPSEC Stuff Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… VPN
Edges: Direct Connect Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… 802.1Q VLAN Tag Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… AWS Direct Connect
Edges: Internet (IGW) Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… Internet 54.148.157.46
Edges: Recap VPN Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… IPSEC Stuff Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Direct Connect Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… 802.1Q VLAN Tag Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Internet Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… L3 Src: 54.148.157.46 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/…`
172.31.0.0/18 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.1.8 172.31.2.12 172.31.2.51 VPC As A Platform
Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance
Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance
Thank you! @sseymour

Recommended

Microservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesMicroservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesAmazon Web Services
 
RMG203 Cloud Infrastructure and Application Monitoring with Amazon CloudWatch...
RMG203 Cloud Infrastructure and Application Monitoring with Amazon CloudWatch...RMG203 Cloud Infrastructure and Application Monitoring with Amazon CloudWatch...
RMG203 Cloud Infrastructure and Application Monitoring with Amazon CloudWatch...Amazon Web Services
 
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)Amazon Web Services
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Edureka!
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watchMahesh Raj
 
Basics AWS Presentation
Basics AWS PresentationBasics AWS Presentation
Basics AWS PresentationShyam Kumar
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
Architecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesArchitecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesAmazon Web Services
 

Recommended

Microservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesMicroservices Architectures on Amazon Web Services
Microservices Architectures on Amazon Web ServicesAmazon Web Services
 
RMG203 Cloud Infrastructure and Application Monitoring with Amazon CloudWatch...
RMG203 Cloud Infrastructure and Application Monitoring with Amazon CloudWatch...RMG203 Cloud Infrastructure and Application Monitoring with Amazon CloudWatch...
RMG203 Cloud Infrastructure and Application Monitoring with Amazon CloudWatch...Amazon Web Services
 
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)
AWS re:Invent 2016: Elastic Load Balancing Deep Dive and Best Practices (NET403)Amazon Web Services
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Edureka!
 
Aws cloud watch
Aws cloud watchAws cloud watch
Aws cloud watchMahesh Raj
 
Basics AWS Presentation
Basics AWS PresentationBasics AWS Presentation
Basics AWS PresentationShyam Kumar
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
Architecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesArchitecting-for-the-cloud-Best-Practices
Architecting-for-the-cloud-Best-PracticesAmazon Web Services
 
Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS FargateAmazon Web Services
 
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaCodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaEdureka!
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAmazon Web Services
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceAmazon Web Services
 
AWS Direct Connect
AWS Direct ConnectAWS Direct Connect
AWS Direct ConnectAmazon Web Services
 
Infrastructure as Code in AWS using Cloudformation
Infrastructure as Code in AWS using CloudformationInfrastructure as Code in AWS using Cloudformation
Infrastructure as Code in AWS using CloudformationJohn Reilly Pospos
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep DiveAndrzej Komarnicki
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Serverless Architectures.pdf
Serverless Architectures.pdfServerless Architectures.pdf
Serverless Architectures.pdfAmazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Amazon SQS overview
Amazon SQS overviewAmazon SQS overview
Amazon SQS overviewمحمد نجم.الدين
 
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar SeriesContinuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar SeriesAmazon Web Services
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterAmazon Web Services
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNsAmazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) zekeLabs Technologies
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateAmazon Web Services
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data CenterMonica Trantow
 
Creating a Virtual Data Center
Creating a Virtual Data CenterCreating a Virtual Data Center
Creating a Virtual Data CenterAmazon Web Services
 

More Related Content

What's hot

CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaCodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaEdureka!
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAmazon Web Services
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceAmazon Web Services
 
Infrastructure as Code in AWS using Cloudformation
Infrastructure as Code in AWS using CloudformationInfrastructure as Code in AWS using Cloudformation
Infrastructure as Code in AWS using CloudformationJohn Reilly Pospos
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar SeriesContinuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar SeriesAmazon Web Services
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterAmazon Web Services
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNsAmazon Web Services
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...Amazon Web Services
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateAmazon Web Services
 

What's hot (20)

Introducing AWS Fargate
Introducing AWS FargateIntroducing AWS Fargate
Introducing AWS Fargate
 
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | EdurekaCodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
CodeBuild CodePipeline CodeDeploy CodeCommit in AWS | Edureka
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
 
Accelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdfAccelerate Your Cloud Migration Journey.pdf
Accelerate Your Cloud Migration Journey.pdf
 
Introduction to Amazon Relational Database Service
Introduction to Amazon Relational Database ServiceIntroduction to Amazon Relational Database Service
Introduction to Amazon Relational Database Service
 
AWS Direct Connect
AWS Direct ConnectAWS Direct Connect
AWS Direct Connect
 
Infrastructure as Code in AWS using Cloudformation
Infrastructure as Code in AWS using CloudformationInfrastructure as Code in AWS using Cloudformation
Infrastructure as Code in AWS using Cloudformation
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
Amazon EKS Deep Dive
Amazon EKS Deep DiveAmazon EKS Deep Dive
Amazon EKS Deep Dive
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Serverless Architectures.pdf
Serverless Architectures.pdfServerless Architectures.pdf
Serverless Architectures.pdf
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Amazon SQS overview
Amazon SQS overviewAmazon SQS overview
Amazon SQS overview
 
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar SeriesContinuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
Continuous Delivery with AWS Lambda - AWS April 2016 Webinar Series
 
DevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver Faster
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
 
Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ... Building a well-engaged and secure AWS account access management - FND207-R ...
Building a well-engaged and secure AWS account access management - FND207-R ...
 
AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2) AWS Elastic Compute Cloud (EC2)
AWS Elastic Compute Cloud (EC2)
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
 

Similar to A day in the life of a billion packets - AWS Summit Cape Town 2017

Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data CenterMonica Trantow
 
Edge to Instance - AWS Networking
Edge to Instance - AWS Networking Edge to Instance - AWS Networking
Edge to Instance - AWS Networking Amazon Web Services
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 
Your First Hour on AWS presented by Chris Hampartsoumian
Your First Hour on AWS presented by Chris HampartsoumianYour First Hour on AWS presented by Chris Hampartsoumian
Your First Hour on AWS presented by Chris HampartsoumianAmazon Web Services
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...Amazon Web Services
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...Amazon Web Services
 
AWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAmazon Web Services
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessAmazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
 
NET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data CenterNET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data CenterAmazon Web Services
 
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and EasilyAWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easilyakramemohemat
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsShiva Narayanaswamy
 
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017Amazon Web Services
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載Amazon Web Services
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Web Services
 

Similar to A day in the life of a billion packets - AWS Summit Cape Town 2017 (20)

Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
 
Creating a Virtual Data Center
Creating a Virtual Data CenterCreating a Virtual Data Center
Creating a Virtual Data Center
 
Edge to Instance - AWS Networking
Edge to Instance - AWS Networking Edge to Instance - AWS Networking
Edge to Instance - AWS Networking
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
Your First Hour on AWS presented by Chris Hampartsoumian
Your First Hour on AWS presented by Chris HampartsoumianYour First Hour on AWS presented by Chris Hampartsoumian
Your First Hour on AWS presented by Chris Hampartsoumian
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
(ARC205) Creating Your Virtual Data Center: VPC Fundamentals and Connectivity...
 
VPC and DX PoP @ HKG
VPC and DX PoP @ HKGVPC and DX PoP @ HKG
VPC and DX PoP @ HKG
 
AWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWSAWS Summit Auckland - Fundamentals of Networking in AWS
AWS Summit Auckland - Fundamentals of Networking in AWS
 
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - BusinessThe Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
The Fundamentals of Networking in AWS: VPC and Connectivity Options - Business
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
 
NET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data CenterNET201_Creating Your Virtual Data Center
NET201_Creating Your Virtual Data Center
 
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and EasilyAWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
AWS VPC NOTES _ LEARN AWS EFFECTIVELY and Easily
 
AWS VPC
AWS VPCAWS VPC
AWS VPC
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
 
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Recently uploaded

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 

Recently uploaded (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

A day in the life of a billion packets - AWS Summit Cape Town 2017

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Steve Seymour – Principal Solutions Architect, AWS Kim Edwards – Network Engineering, ABSA July 2017 A day in the life of a billion packets @sseymour
  • 2. Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance
  • 3. Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – Direct Connect
  • 4. AWS Direct Connect • Dedicated, private connection into AWS • 1 Gbps or 10 Gbps connections • Create private (VPC) or public virtual interfaces to AWS • Consistent network performance • Option for redundant connections • Uses BGP to exchange routing information over a VLAN
  • 5. AWS Direct Connect AWS Region Direct Connect Location 16 Regions - 60 Direct Connect Locations
  • 6. Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance - CloudFront
  • 7. The Amazon CloudFront Service • Global Content Delivery Network with Massive Capacity and Scale • Optimized for Performance and Scale • Built in Security Features • Self-Service Full Control Configurations • Robust Real Time Reporting Amazon CloudFront • Static and Dynamic Object and Video Delivery
  • 8. Edge location AWS Region / Regional Edge Cache Regional Edge Cache North America Cities: 19 PoPs: 27 Europe / Middle East / Africa Cities: 15 PoPs: 24 Amsterdam, The Netherlands (2) Berlin, Germany Dublin, Ireland Frankfurt, Germany (5) London, England (4) Madrid, Spain Marseille, France Milan, Italy Munich, Germany Paris, France (2) Prague, Czech Republic Stockholm, Sweden Vienna, Austria Warsaw, Poland Zurich, Switzerland Ashburn, VA (3) Atlanta, GA (3) Chicago, IL Dallas/Fort Worth, TX (3) Hayward, CA Jacksonville, FL Los Angeles, CA (2) Miami, FL Minneapolis, MN Montreal, QC Newark, NJ New York, NY (3) Palo Alto, CA Philadelphia, PA San Jose, CA Seattle, WA (2) South Bend, IN St. Louis, MO Toronto, ON CloudFront Regional Edge Caches Regional Edge Caches: 11 Oregon, N. Virginia, Ohio, Frankfurt, London, Sao Paulo, Mumbai, Singapore, Seoul, Tokyo, Sydney Asia Pacific Cities: 12 PoPs: 20 Chennai, India Hong Kong, China (3) Manila, the Philippines Melbourne, Australia Mumbai, India (2) New Delhi, India Osaka, Japan Seoul, Korea (3) Singapore (2) Sydney, Australia Taipei, Taiwan Tokyo, Japan (4) South America Cities: 2 PoPs: 3 Rio de Janeiro, Brazil (2) São Paulo, Brazil CloudFront Global Content Delivery Network 88 Edge Locations - 77 PoPs, 11 Regional Edge Caches (20 in last 12 months)
  • 9. Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – Global Network
  • 10.
  • 11.
  • 12.
  • 13. Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance - Region
  • 14.
  • 15.
  • 16. Cloudfront Direct Connect VPC subnet 172.31.0.0/24 VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – Availability Zones EC2 Instance EC2 Instance Availability Zone “a” Availability Zone “b”
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24. Cloudfront Direct Connect VPC subnet 172.31.0.0/24 VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – EC2 Instances EC2 Instance EC2 Instance Availability Zone “a” Availability Zone “b”
  • 25.
  • 26.
  • 27.
  • 28. Unrestricted distribution AWS and ABSA – Network Journey ABSA Network Architecture and Engineering 5 July 2017 Kim Edwards
  • 29. Unrestricted distribution Why AWS? 29 | AWS and ABSA - Network Journey 5 July 2017 SPEED We want to deploy Infrastructure Services and more... FASTER! 1 COST We don’t want to pay for services when we no longer need them. 2 FLEXIBILITY We want to be able to adapt to changing requirements without being locked into hardware 3
  • 30. Unrestricted distribution First Deployment of “Bank-connected” VPC 30 | AWS and ABSA - Network Journey 5 July 2017 VPC Subnet X.X.X.X/X DMZ Trusted Network ABSA InternetVPN Internet VPN (IPSec VPN) Static Routes only No IGW in VPC No Custom Route Table No Expenditure Used existing hardware and links Very Restricted Access Communications can only be initiated from Bank Requirements Vague No Automation
  • 31. Unrestricted distribution First Deployment of “Bank-connected” VPC 31 | AWS and ABSA - Network Journey 5 July 2017 VPC Subnet X.X.X.X/X DMZ Trusted Network ABSA InternetVPN Internet VPN (IPSec VPN) Static Routes only No IGW in VPC No Custom Route Table No Expenditure Used existing hardware and links Very Restricted Access Communications can only be initiated from Bank Requirements Vague No Automation
  • 32. Unrestricted distribution Second Deployment of “Bank-connected” VPC’s 32 | AWS and ABSA - Network Journey 5 July 2017 Internet VPN’s Connections for 2 VPC’s via 1 ISP New Network for Developers Brand new environment for innovation VPC Peering Communications between different VPC’s a first Internet Gateway in one VPC Security Architecture well-defined and implemented Bi-directional Flow Security Groups and NACL’s allow for more “open” communications Automated provisioning of AWS “Infrastructure” begins! DevOps Network Trusted Network ABSA Internet VPN VPC B Subnet Y.Y.Y.Y/Y VPC A Subnet X.X.X.X/X Internet VPN
  • 33. Unrestricted distribution Third Deployment of “Bank-connected” VPC’s 33 | AWS and ABSA - Network Journey 5 July 2017 ABSA Network ABSA Network Firewall ISP Router ISP Router Router Router ISPAWS MPLS Firewall Layer 2 handoff BGP Session IPSec VPN Tunnel IPSec VPN Tunnel VPC Subnet X.X.X.X/X Public Virtual Interface Public Virtual Interface ABSA Diverse Paths • Route diversity provided No Internet Gateway • New Trust model needed for dedicated links First DX Deployment • Deployed in one DC • Used Public VIF’s IPsec VPN • Traffic in transit encrypted Static Routes to ISP only • Still no BGP
  • 34. Unrestricted distribution What’s Next? 34 | AWS and ABSA - Network Journey 5 July 2017 ABSA Data Centre ABSA ABSA Data Centre ABSA ABSA Data Centre ABSA CloudConnect Layer Shared services VPC Subnet Z.Z.Z.Z/X TRANSIT VPC Subnet X.X.X.X/X AZ 2 CSR 2 AZ 1 CSR 1 Spoke VPC Subnet Y.Y.Y.Y/X Spoke VPC Subnet Y.Y.Y.Y/X Spoke VPC Subnet Y.Y.Y.Y/X Target Architecture is now clearly defined Build Dedicated CloudConnect Layer in all Data Centers Secure High Performance Network to be deployed Add 2 New Providers for DX Connectivity Increase level of availability and DR for Network Deploy Transit VPC for Production Enable transitive routing in AWS and dynamic routing between Bank as well Automate! Provisioning to be as automated as possible
  • 35. Unrestricted distribution Lessons Learnt 35 | AWS and ABSA - Network Journey 5 July 2017 •Start Small •Don’t wait for perfection before you begin •Fail Fast
  • 36. Unrestricted distribution 36 | AWS and ABSA - Network Journey 5 July 2017 Thank you!
  • 37. Cloudfront Direct Connect VPC subnet 172.31.0.0/24 VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance – VPC EC2 Instance EC2 Instance Availability Zone “a” Availability Zone “b”
  • 38. VPC Requirements Customer selected IP addresses Route aggregation for external connectivity Conformance with existing network designs
  • 39. 172.31.0.0/18 192.168.0.0/16 Routing Table • 192.168.0.0/16: stay here • 172.31.0.0/18: AWS 172.31.1.0/24 172.31.2.0/24 172.31.1.7 172.31.1.8 172.31.1.9 172.31.2.12 172.31.2.51 Amazon Virtual Private Cloud
  • 40. This Is Just Virtual Networking! Subnet ~= VLAN VPC ~= VRF (virtual routing and forwarding) But…
  • 41. Scaling Challenges VLAN ID space is constrained • 12 bits => 4096 total VLANs VRF support is constrained • Large routers => 1-2 thousand VRFs Fixed ratio of VLANs:VRFs
  • 42. Implementation Requirements Scale to millions of environments the size of Amazon.com Any server, anywhere in a region can host an instance attached to any subnet in any VPC
  • 43. Server: Physical host in an Amazon data center Instance: Amazon EC2 instance owned by a customer VPC: Amazon Virtual Private Cloud owned by a customer VPC ID: Identifier for a VPC such as vpc- 1a2b3c4d Mapping Service: Distributed lookup service. Maps VPC + Instance IP to server Concepts Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 … 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service
  • 44. L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? The switch floods the ARP request out all ports L2 Src: MAC(10.0.0.3) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.3 is at MAC(10.0.0.3) The switch snoops the ARP response and learns the port for MAC(10.0.0.3). L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… Layer 2 (L2): Ethernet 10.0.0.2 10.0.0.3 Ethernet Switch
  • 45. L2 Src: MAC(10.0.0.3) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.3 is at MAC(10.0.0.3) Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.0.3 Src: Mapping Service Dst: 192.168.0.3 Reply: Host: 192.168.1.4 MAC: MAC(10.0.0.3) L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? Layer 2 (L2): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 46. Src: Mapping Service Dst: 192.168.1.4 Mapping valid: Blue 10.0.0.2 is at 192.168.0.3 Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.2 is at 192.168.0.3 L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… Src: 192.168.0.3 Dst: 192.168.1.4 VPC: Blue Server 192.168.0.3 Server 192.168.0.4 Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2 Layer 2 (L2): VPC …
  • 47. Src: 192.168.0.4 Dst: Mapping Service Query: Grey 10.0.0.3 L2 Src: MAC(10.0.0.4) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? VPC Isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 48. 192.168.0.4 is not hosting any instances in VPC Blue. Mapping Denied Alarm Raised L2 Src: MAC(10.0.0.4) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.3? Src: 192.168.0.4 Dst: Mapping Service Query: Blue 10.0.0.3 VPC Isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 49. Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.4 is at 192.168.0.4 Src: 192.168.0.4 Dst: 192.168.1.4 L2 Src: MAC(10.0.0.4) L2 Dst: MAC(10.0.0.3) L3 Src: 10.0.0.4 L3 Dst: 10.0.0.3 ICMP/TCP/UDP/… VPC: Blue Src: Mapping Service Dst: 192.168.1.4 Mapping invalid! 192.168.1.4 does not deliver the packet to the instance. Alarm Raised. VPC Isolation Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 50. L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.1? L2 Src: MAC(10.0.0.1) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.1 is at MAC(10.0.0.1) L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.1) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… Layer 3 (L3): IP Routing 10.0.0.2 10.0.1.3 Ethernet Switch Router Ethernet Switch L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/…
  • 51. L2 Src: MAC(10.0.0.2) L2 Dst: ff:ff:ff:ff:ff:ff ARP Who has 10.0.0.1? L2 Src: MAC(10.0.0.1) L2 Dst: MAC(10.0.0.2) ARP 10.0.0.1 is at MAC(10.0.0.1) Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.0.1 Src: Mapping Service Dst: 192.168.0.3 Reply: Host: Gateway MAC: MAC(10.0.0.1) Layer 3 (L3): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.1.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service 10.0.0.2
  • 52. Src: Mapping Service Dst: 192.168.0.3 Reply: Host: 192.168.1.4 MAC: MAC(10.0.1.3) Src: 192.168.1.4 Dst: Mapping Service Validate: Blue 10.0.0.2 is at 192.168.0.3 L2 Src: MAC(10.0.0.2) L2 Dst: MAC(10.0.0.1) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/… Src: Mapping Service Dst: 192.168.1.4 Mapping valid: Blue 10.0.0.2 is at 192.168.0.3 Layer 3 (L3): VPC Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 10.0.1.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service Src: 192.168.0.3 Dst: Mapping Service Query: Blue 10.0.1.3 10.0.0.2 VPC: Blue Src: 192.168.0.3 Dst: 192.168.1.4
  • 53. Caching Server 192.168.0.3 Server 192.168.0.4 … Server 192.168.1.3 Server 192.168.1.4 … 10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.4 10.0.0.2 10.0.0.5 10.0.0.3 Mapping Service L2 Src: MAC(10.0.1.1) L2 Dst: MAC(10.0.1.3) L3 Src: 10.0.0.2 L3 Dst: 10.0.1.3 ICMP/TCP/UDP/…
  • 54. 10.0.0.0/18 172.16.0.0/16 10.0.0.0/24 10.0.1.0/24 10.0.0.7 10.0.0.8 10.0.0.9 10.0.1.12 10.0.1.51 Getting Home – Or Anywhere, Really VPC: Blue Src: 192.168.0.3 Dst: ??? L3 Src: 10.0.0.7 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/…
  • 55. Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Edges Server 192.168.0.3 Server 192.168.0.4 … Edge 192.168.4.3 Edge 192.168.4.4 10.0.1.3 10.0.0.4 10.0.0.2 Mapping Service 10.0.0.2 VPC: Blue Host 10.0.0.4 è 192.168.0.4 Host 10.0.1.4 è 192.168.0.4 … 172.16.0.0/16 è Edge 192.168.4.3 …
  • 56. Edges: VPN Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… IPSEC Stuff Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… VPN
  • 57. Edges: Direct Connect Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… 802.1Q VLAN Tag Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… AWS Direct Connect
  • 58. Edges: Internet (IGW) Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… Internet 54.148.157.46
  • 59. Edges: Recap VPN Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… IPSEC Stuff Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Direct Connect Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… 802.1Q VLAN Tag Src: 54.68.100.245 Dst: 205.251.242.54 L3 Src: 10.0.0.2 L3 Dst: 172.16.14.17 ICMP/TCP/UDP/… Internet Edge 192.168.4.3 VPC: Blue Src: 192.168.0.3 Dst: 192.168.4.3 L3 Src: 10.0.0.2 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/… L3 Src: 54.148.157.46 L3 Dst: 176.32.96.190 ICMP/TCP/UDP/…`
  • 61. Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance
  • 62. Cloudfront EC2 Instance Direct Connect Availability Zone “a” VPC subnet 172.31.0.0/24 EC2 Instance Availability Zone “b” VPC subnet 172.31.1.0/24 172.31.0.0/16 Your Data Center Your Users Edge to Instance