SlideShare a Scribd company logo

Advanced Architectures with AWS Transit Gateway

Amazon Web Services
Amazon Web Services

In this session, we discuss the need for AWS Transit Gateway, dive into common use cases, and discuss reference architectures. The session will prepare you with the fundamentals to understand AWS Transit Gateway operations and create advanced architectures. Learn how AWS Transit Gateway interacts with other services, like Amazon Route 53 Resolver and AWS PrivateLink, to provide enterprise scale service in large operating environments.

1 of 47
P U B L I C S E C T O R S U M M I T WASH INGTON, D.C.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Advanced Architectures with AWS Transit Gateway Alan Halachmi Sr. Manager, Solutions Architecture Amazon Web Services 2 9 5 4 9 7
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Agenda Motivation for AWS Transit Gateway Key Concepts Common Use Cases Advanced Use Cases Parting Thoughts
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T What do customers want to do? Interconnect VPCs and their on-prem networks Globally scale out connectivity across regions Simplify network configuration
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T What challenges are they facing? Complex point-to-point peering does not scale VPN Bandwidth limitations Monitoring and Management of routing configurations is time consuming
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T VPN connectionCustomer gateway Amazon VPC Amazon VPC AWS Direct Connect Gateway VPC peering VPC peering VPC peering Amazon VPC Amazon VPCVPC peering VPN connection VPN connection VPC peering Before AWS Transit Gateway …
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? n(n-1) 2 VPC x 10
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? 10(10-1) 2 VPC x 10
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? VPC x 10 45
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? 100(100-1) 2 VPC x 100
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? VPC x 100 4500
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Static routes per Amazon VPC route table 1,000 Amazon VPC peering connections per Amazon VPC 125
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway Easily interconnect thousands of VPCs and on-premise networks On-Premise Data Center AWS VPC AWS Transit Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway Amazon VPCAmazon VPC Amazon VPCAmazon VPC Customer gateway VPN connection AWS Direct Connect Gateway* With AWS Transit Gateway … *Available in US Regions, excluding GovCloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway key concepts 1) Attachments 2) Route Tables i. Association ii. Propagation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Attachments
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Attachments att-red att-blue att-orange
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Route Tables tgw-rtb-a att-red att-blue att-orange
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Associations att-red att-blue att-orange “associated”
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Propagation att-red att-blue att-orange
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T att-red att-blue att-orange Default Association and Propagation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T att-red TGW Route Table att-blue att-orange
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Attachments – but what about VPCs? att-red att-prpl
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Learning Routes TGW Attachment
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP Default Behavior On-Premise AWS VPN 10.99.99.0/24 via BGP AWS Direct Connect Gateway 10.1.0.0/16 via BGP (Allowed Prefix) 10.2.0.0/16 via BGP (Allowed Prefix)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Path Selection Behavior 1. Most Specific Route / Longest Prefix Match 2. Static route entries, including static Site-to-Site VPN routes 3. BGP propagated routes from AWS Direct Connect Gateway 4. BGP propagated routes from Site-to-Site VPN
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Flat Network AWS Transit Gateway Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx Default Route Table Route Destination 10.1.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx Per VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Flat Network AWS Transit Gateway Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx Default Route Table Route Destination 10.1.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx Per VPC
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Segmented Network AWS Transit Gateway Route Destination 0.0.0.0/0 VPN Routing domain for VPN Route Destination 10.1.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Per VPC VPN Routing domain for VPCs Route Destination 10.1.0.0/16 vpc-att-1xxxx 10.2.0.0/16 vpc-att-2xxxx Route Destination 10.3.0.0/16 vpc-att-3xxxx 10.4.0.0/16 vpc-att-4xxxx
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Segmented Network AWS Transit Gateway Route Destination 0.0.0.0/0 VPN Route Destination 10.1.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Per VPC VPN Route Destination 10.1.0.0/16 vpc-att-1xxxx 10.2.0.0/16 vpc-att-2xxxx Route Destination 10.3.0.0/16 vpc-att-3xxxx 10.4.0.0/16 vpc-att-4xxxx Associate go Propagate routes can reach Routing domain for VPN Routing domain for VPCs
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Segmented Network AWS Transit Gateway Route Destination 0.0.0.0/0 VPN Route Destination 10.1.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Per VPC VPN Route Destination 10.1.0.0/16 vpc-att-1xxxx 10.2.0.0/16 vpc-att-2xxxx Route Destination 10.3.0.0/16 vpc-att-3xxxx 10.4.0.0/16 vpc-att-4xxxx Routing domain for VPN Routing domain for VPCs
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T 100.64.0.0/16 Outbound VPC SNAT SNAT Centralized NAT AWS Transit Gateway VPC route domain 10.1.0.0/16 10.2.0.0/16 Outbound route domain Spoke route table Outbound VPC route table VPC A VPC B VPC Attachment route table, per AZ Route Destination 10.2.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Route Destination 100.64.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 0.0.0.0/0 igw-xxxxxxxxx Route Destination 0.0.0.0/0 eni-xxxxxxx 0.0.0.0/0 vpc-att-outbound 10.0.0.0/8 Blackhole 10.1.0.0/16 vpc-att-a 10.2.0.0/16 vpc-att-b Apply SNAT outbound to the internet SNAT
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T 100.64.0.0/16 Outbound VPC SNAT SNAT Centralized NAT AWS Transit Gateway VPC route domain 10.1.0.0/16 10.2.0.0/16 Outbound route domain Spoke route table Outbound VPC route table VPC A VPC B ECMP VPN BGP advertisement Route Destination 10.2.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Route Destination 100.64.0.0/16 Local 0.0.0.0/0 igw-xxxxxxxxx BGP prefix Next hop 0.0.0.0/0 Local IP 0.0.0.0/0 Outbound VPC VPN 10.0.0.0/8 Blackhole 10.1.0.0/16 vpc-att-a 10.2.0.0/16 vpc-att-b Apply SNAT outbound to the internet SNAT
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T VPC Edge Ingress 100.64.0.0/16 Edge VPC AWS Transit Gateway VPC route domain 10.1.0.0/16 Edge route domain Spoke route table Edge VPC route table VPC A ECMP VPN Route Destination 10.1.0.0/16 Local 100.64.0.0/16 tgw-xxxxxxxxx Route Destination 100.64.0.0/16 Local 0.0.0.0/0 igw-xxxxxxxxx BGP prefix Next hop 100.64.0.0/16 Local IP 100.64.0.0/16 Edge VPC VPN 10.1.0.0/16 vpc-att-a SNAT SNAT SNAT Optional ELB
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T ECMP VPN SNAT SNAT SNAT VPC to VPC Inspection 100.64.0.0/16 Inline VPC AWS Transit Gateway VPC route domain 10.1.0.0/16 10.2.0.0/16 Inline route domain Spoke route table Inline VPC route table VPC A VPC B BGP advertisement Route Destination 10.2.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 100.64.0.0/16 tgw-xxxxxxxxx Route Destination 100.64.0.0/16 Local 0.0.0.0/0 igw-xxxxxxxxx BGP prefix Next hop 0.0.0.0/0 Local IP 0.0.0.0/0 Inline VPC VPN 10.1.0.0/16 vpc-att-a 10.2.0.0/16 vpc-att-b Apply SNAT between VPCs for flow affinity VPCs will traffic as originated from the inline VPC CIDR
Reference Network Architecture Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared services Authentication, Monitoring VPN AWS Direct Connect Gateway Route tables Route tables AWS Transit Gateway Optional network services
Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared services PrivateLink and Route 53 VPN AWS Direct Connect Gateway Route tables Route tables AWS Transit Gateway Centralized PrivateLink with Hybrid Cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway in multiple Regions Transit VPC VPN 10.1.0.0/16 10.2.0.0/16 VPC A VPC B AWS Transit Gateway 10.1.0.0/16 10.2.0.0/16 VPC A VPC B AWS Transit Gateway VPN AWS Region AWS Region VPC Peering AWS Transit Gateway inter-region support coming soon!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway: Key features Centralized routing polices across VPCs and on-prem Scales to support thousands of VPCs across multi-accounts Flexible segmentation and routing rules Horizontally scalable Increase connectivity throughput with multi-vpn connections Simplified management AWS Transit Gateway
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T • Centrally interconnect multiple VPCs across accounts • One central connection point for VPN and AWS Direct Connect • Reduce or eliminate need for peer to peer networking • Increase VPN throughput via ECMP routing (50 Gbps+) • Peer AWS Transit Gateway across regions (coming soon!) • Leverage the AWS Global Network for low latency cross-region connectivity • Regional construct reduces blast radius • Reduces time to configure on premise connectivity to AWS • Easily monitor and manage from a central point • Integrated with Amazon CloudWatch and VPC Flow Logs • Leverage existing VPC security groups and network access control lists Simplified Networking Global Connectivity Manageability AWS Transit Gateway: Benefits
Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Alan Halachmi halachmi@amazon.com
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T

Recommended

Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018Amazon Web Services
 
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayAmazon Web Services
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECSAmazon Web Services
 

Recommended

Amazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon EKS - Elastic Container Service for Kubernetes
Amazon EKS - Elastic Container Service for KubernetesAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018
[NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) - AWS re:Invent 2018Amazon Web Services
 
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017
Elastic Load Balancing Deep Dive and Best Practices - NET402 - re:Invent 2017Amazon Web Services
 
Amazon API Gateway
Amazon API GatewayAmazon API Gateway
Amazon API GatewayAmazon Web Services
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Intro to Amazon ECS
Intro to Amazon ECSIntro to Amazon ECS
Intro to Amazon ECSAmazon Web Services
 
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
 
Amazon EC2 Masterclass
Amazon EC2 MasterclassAmazon EC2 Masterclass
Amazon EC2 MasterclassAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
AWS Security
AWS SecurityAWS Security
AWS SecurityAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAmazon Web Services
 
AWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayAWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayRJ Jafarkhani ☁
 
AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations Amazon Web Services
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Understand AWS Pricing
Understand AWS PricingUnderstand AWS Pricing
Understand AWS PricingLynn Langit
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 
Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyBlack Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyAmazon Web Services
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Summits
 

More Related Content

What's hot

Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Web Services
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Amazon Web Services
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
AWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayAWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayRJ Jafarkhani ☁
 
AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations Amazon Web Services
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
 
Understand AWS Pricing
Understand AWS PricingUnderstand AWS Pricing
Understand AWS PricingLynn Langit
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitAmazon Web Services
 

What's hot (20)

Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
Amazon Virtual Private Cloud (VPC) - Networking Fundamentals and Connectivity...
 
Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...Managing and governing multi-account AWS environments using AWS Organizations...
Managing and governing multi-account AWS environments using AWS Organizations...
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
 
Amazon EC2 Masterclass
Amazon EC2 MasterclassAmazon EC2 Masterclass
Amazon EC2 Masterclass
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
AWS Security
AWS SecurityAWS Security
AWS Security
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink Fundamentals
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
AWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit GatewayAWS Advanced Networking: Transit Gateway
AWS Advanced Networking: Transit Gateway
 
AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations AWS Global Infrastructure Foundations
AWS Global Infrastructure Foundations
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Understand AWS Pricing
Understand AWS PricingUnderstand AWS Pricing
Understand AWS Pricing
 
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS SummitKubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
Kubernetes on AWS with Amazon EKS - MAD301 - New York AWS Summit
 

Similar to Advanced Architectures with AWS Transit Gateway

Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyBlack Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyAmazon Web Services
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Summits
 
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Amazon Web Services
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAmazon Web Services
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitAmazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitAmazon Web Services
 
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitAmazon Web Services
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitAmazon Web Services
 
Networking and Edge Services on AWS
Networking and Edge Services on AWSNetworking and Edge Services on AWS
Networking and Edge Services on AWSAmazon Web Services
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An IntroductionAmazon Web Services
 
Control and Monitor Microservices on AWS Using AWS App Mesh - AWS Summit Sydney
Control and Monitor Microservices on AWS Using AWS App Mesh - AWS Summit SydneyControl and Monitor Microservices on AWS Using AWS App Mesh - AWS Summit Sydney
Control and Monitor Microservices on AWS Using AWS App Mesh - AWS Summit SydneyAmazon Web Services
 
Introduction to AWS Ground Station
Introduction to AWS Ground StationIntroduction to AWS Ground Station
Introduction to AWS Ground StationAmazon Web Services
 
VMware & AWS: The Fastest Path to Hybrid Cloud
VMware & AWS: The Fastest Path to Hybrid CloudVMware & AWS: The Fastest Path to Hybrid Cloud
VMware & AWS: The Fastest Path to Hybrid CloudAmazon Web Services
 
Creating Serverless apps for NASA in GovCloud
Creating Serverless apps for NASA in GovCloudCreating Serverless apps for NASA in GovCloud
Creating Serverless apps for NASA in GovCloudChris Shenton
 
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...Amazon Web Services
 
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS SummitIntroduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS SummitAmazon Web Services
 

Similar to Advanced Architectures with AWS Transit Gateway (20)

Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit SydneyBlack Belt Tips for Cloud Network Operations - AWS Summit Sydney
Black Belt Tips for Cloud Network Operations - AWS Summit Sydney
 
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
AWS Networking – Advanced Concepts and new capabilities | AWS Summit Tel Aviv...
 
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS SummitAWS networking fundamentals - SVC303 - Santa Clara AWS Summit
AWS networking fundamentals - SVC303 - Santa Clara AWS Summit
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
 
You're in the Cloud, now What?
You're in the Cloud, now What?You're in the Cloud, now What?
You're in the Cloud, now What?
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
 
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS SummitExploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
Exploring the fundamentals of AWS networking - SVC211 - New York AWS Summit
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS SummitExploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
Exploring the fundamentals of AWS networking - SVC210 - Chicago AWS Summit
 
Networking and Edge Services on AWS
Networking and Edge Services on AWSNetworking and Edge Services on AWS
Networking and Edge Services on AWS
 
Containers on AWS: An Introduction
Containers on AWS: An IntroductionContainers on AWS: An Introduction
Containers on AWS: An Introduction
 
AWS Networking Fundamentals
AWS Networking FundamentalsAWS Networking Fundamentals
AWS Networking Fundamentals
 
Control and Monitor Microservices on AWS Using AWS App Mesh - AWS Summit Sydney
Control and Monitor Microservices on AWS Using AWS App Mesh - AWS Summit SydneyControl and Monitor Microservices on AWS Using AWS App Mesh - AWS Summit Sydney
Control and Monitor Microservices on AWS Using AWS App Mesh - AWS Summit Sydney
 
Introduction to AWS Ground Station
Introduction to AWS Ground StationIntroduction to AWS Ground Station
Introduction to AWS Ground Station
 
VMware & AWS: The Fastest Path to Hybrid Cloud
VMware & AWS: The Fastest Path to Hybrid CloudVMware & AWS: The Fastest Path to Hybrid Cloud
VMware & AWS: The Fastest Path to Hybrid Cloud
 
Creating Serverless apps for NASA in GovCloud
Creating Serverless apps for NASA in GovCloudCreating Serverless apps for NASA in GovCloud
Creating Serverless apps for NASA in GovCloud
 
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
AWS App Mesh: Manage services mesh discovery, recovery, and monitoring - MAD3...
 
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS SummitIntroduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
Introduction to AWS Global Accelerator - SVC211 - Chicago AWS Summit
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Advanced Architectures with AWS Transit Gateway

  • 1. P U B L I C S E C T O R S U M M I T WASH INGTON, D.C.
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Advanced Architectures with AWS Transit Gateway Alan Halachmi Sr. Manager, Solutions Architecture Amazon Web Services 2 9 5 4 9 7
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Agenda Motivation for AWS Transit Gateway Key Concepts Common Use Cases Advanced Use Cases Parting Thoughts
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T What do customers want to do? Interconnect VPCs and their on-prem networks Globally scale out connectivity across regions Simplify network configuration
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T What challenges are they facing? Complex point-to-point peering does not scale VPN Bandwidth limitations Monitoring and Management of routing configurations is time consuming
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T VPN connectionCustomer gateway Amazon VPC Amazon VPC AWS Direct Connect Gateway VPC peering VPC peering VPC peering Amazon VPC Amazon VPCVPC peering VPN connection VPN connection VPC peering Before AWS Transit Gateway …
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? n(n-1) 2 VPC x 10
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? 10(10-1) 2 VPC x 10
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? VPC x 10 45
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? 100(100-1) 2 VPC x 100
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Full mesh: How many Amazon VPC peering connections do I need (full mesh)? VPC x 100 4500
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Static routes per Amazon VPC route table 1,000 Amazon VPC peering connections per Amazon VPC 125
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway Easily interconnect thousands of VPCs and on-premise networks On-Premise Data Center AWS VPC AWS Transit Gateway
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway Amazon VPCAmazon VPC Amazon VPCAmazon VPC Customer gateway VPN connection AWS Direct Connect Gateway* With AWS Transit Gateway … *Available in US Regions, excluding GovCloud
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway key concepts 1) Attachments 2) Route Tables i. Association ii. Propagation
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Attachments
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Attachments att-red att-blue att-orange
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Route Tables tgw-rtb-a att-red att-blue att-orange
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Associations att-red att-blue att-orange “associated”
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Propagation att-red att-blue att-orange
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T att-red att-blue att-orange Default Association and Propagation
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T att-red TGW Route Table att-blue att-orange
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Attachments – but what about VPCs? att-red att-prpl
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Learning Routes TGW Attachment
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T 10.1.0.0/16 via BGP 10.2.0.0/16 via BGP Default Behavior On-Premise AWS VPN 10.99.99.0/24 via BGP AWS Direct Connect Gateway 10.1.0.0/16 via BGP (Allowed Prefix) 10.2.0.0/16 via BGP (Allowed Prefix)
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Path Selection Behavior 1. Most Specific Route / Longest Prefix Match 2. Static route entries, including static Site-to-Site VPN routes 3. BGP propagated routes from AWS Direct Connect Gateway 4. BGP propagated routes from Site-to-Site VPN
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Flat Network AWS Transit Gateway Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx Default Route Table Route Destination 10.1.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx Per VPC
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Flat Network AWS Transit Gateway Route Destination 10.1.0.0/16 vpc-att-1xxxxxxx 10.2.0.0/16 vpc-att-2xxxxxxx 10.3.0.0/16 vpc-att-3xxxxxxx 10.4.0.0/16 vpc-att-4xxxxxxx Default Route Table Route Destination 10.1.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx Per VPC
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Segmented Network AWS Transit Gateway Route Destination 0.0.0.0/0 VPN Routing domain for VPN Route Destination 10.1.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Per VPC VPN Routing domain for VPCs Route Destination 10.1.0.0/16 vpc-att-1xxxx 10.2.0.0/16 vpc-att-2xxxx Route Destination 10.3.0.0/16 vpc-att-3xxxx 10.4.0.0/16 vpc-att-4xxxx
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Segmented Network AWS Transit Gateway Route Destination 0.0.0.0/0 VPN Route Destination 10.1.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Per VPC VPN Route Destination 10.1.0.0/16 vpc-att-1xxxx 10.2.0.0/16 vpc-att-2xxxx Route Destination 10.3.0.0/16 vpc-att-3xxxx 10.4.0.0/16 vpc-att-4xxxx Associate go Propagate routes can reach Routing domain for VPN Routing domain for VPCs
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Segmented Network AWS Transit Gateway Route Destination 0.0.0.0/0 VPN Route Destination 10.1.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Per VPC VPN Route Destination 10.1.0.0/16 vpc-att-1xxxx 10.2.0.0/16 vpc-att-2xxxx Route Destination 10.3.0.0/16 vpc-att-3xxxx 10.4.0.0/16 vpc-att-4xxxx Routing domain for VPN Routing domain for VPCs
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T 100.64.0.0/16 Outbound VPC SNAT SNAT Centralized NAT AWS Transit Gateway VPC route domain 10.1.0.0/16 10.2.0.0/16 Outbound route domain Spoke route table Outbound VPC route table VPC A VPC B VPC Attachment route table, per AZ Route Destination 10.2.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Route Destination 100.64.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 0.0.0.0/0 igw-xxxxxxxxx Route Destination 0.0.0.0/0 eni-xxxxxxx 0.0.0.0/0 vpc-att-outbound 10.0.0.0/8 Blackhole 10.1.0.0/16 vpc-att-a 10.2.0.0/16 vpc-att-b Apply SNAT outbound to the internet SNAT
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T 100.64.0.0/16 Outbound VPC SNAT SNAT Centralized NAT AWS Transit Gateway VPC route domain 10.1.0.0/16 10.2.0.0/16 Outbound route domain Spoke route table Outbound VPC route table VPC A VPC B ECMP VPN BGP advertisement Route Destination 10.2.0.0/16 Local 0.0.0.0/0 tgw-xxxxxxxxx Route Destination 100.64.0.0/16 Local 0.0.0.0/0 igw-xxxxxxxxx BGP prefix Next hop 0.0.0.0/0 Local IP 0.0.0.0/0 Outbound VPC VPN 10.0.0.0/8 Blackhole 10.1.0.0/16 vpc-att-a 10.2.0.0/16 vpc-att-b Apply SNAT outbound to the internet SNAT
  • 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T VPC Edge Ingress 100.64.0.0/16 Edge VPC AWS Transit Gateway VPC route domain 10.1.0.0/16 Edge route domain Spoke route table Edge VPC route table VPC A ECMP VPN Route Destination 10.1.0.0/16 Local 100.64.0.0/16 tgw-xxxxxxxxx Route Destination 100.64.0.0/16 Local 0.0.0.0/0 igw-xxxxxxxxx BGP prefix Next hop 100.64.0.0/16 Local IP 100.64.0.0/16 Edge VPC VPN 10.1.0.0/16 vpc-att-a SNAT SNAT SNAT Optional ELB
  • 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T ECMP VPN SNAT SNAT SNAT VPC to VPC Inspection 100.64.0.0/16 Inline VPC AWS Transit Gateway VPC route domain 10.1.0.0/16 10.2.0.0/16 Inline route domain Spoke route table Inline VPC route table VPC A VPC B BGP advertisement Route Destination 10.2.0.0/16 Local 10.0.0.0/8 tgw-xxxxxxxxx 100.64.0.0/16 tgw-xxxxxxxxx Route Destination 100.64.0.0/16 Local 0.0.0.0/0 igw-xxxxxxxxx BGP prefix Next hop 0.0.0.0/0 Local IP 0.0.0.0/0 Inline VPC VPN 10.1.0.0/16 vpc-att-a 10.2.0.0/16 vpc-att-b Apply SNAT between VPCs for flow affinity VPCs will traffic as originated from the inline VPC CIDR
  • 40. Reference Network Architecture Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared services Authentication, Monitoring VPN AWS Direct Connect Gateway Route tables Route tables AWS Transit Gateway Optional network services
  • 41. Account Account Account Account Development Account Account Account Account Testing Account Account Account Account Production Shared services PrivateLink and Route 53 VPN AWS Direct Connect Gateway Route tables Route tables AWS Transit Gateway Centralized PrivateLink with Hybrid Cloud
  • 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway in multiple Regions Transit VPC VPN 10.1.0.0/16 10.2.0.0/16 VPC A VPC B AWS Transit Gateway 10.1.0.0/16 10.2.0.0/16 VPC A VPC B AWS Transit Gateway VPN AWS Region AWS Region VPC Peering AWS Transit Gateway inter-region support coming soon!
  • 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T
  • 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T AWS Transit Gateway: Key features Centralized routing polices across VPCs and on-prem Scales to support thousands of VPCs across multi-accounts Flexible segmentation and routing rules Horizontally scalable Increase connectivity throughput with multi-vpn connections Simplified management AWS Transit Gateway
  • 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T • Centrally interconnect multiple VPCs across accounts • One central connection point for VPN and AWS Direct Connect • Reduce or eliminate need for peer to peer networking • Increase VPN throughput via ECMP routing (50 Gbps+) • Peer AWS Transit Gateway across regions (coming soon!) • Leverage the AWS Global Network for low latency cross-region connectivity • Regional construct reduces blast radius • Reduces time to configure on premise connectivity to AWS • Easily monitor and manage from a central point • Integrated with Amazon CloudWatch and VPC Flow Logs • Leverage existing VPC security groups and network access control lists Simplified Networking Global Connectivity Manageability AWS Transit Gateway: Benefits
  • 46. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T Alan Halachmi halachmi@amazon.com
  • 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C TO R S U M M I T