AWS Hybrid Cloud Connectivity

Page 1

AWS Networking & Hybrid Cloud Connectivity

AWS Networking & Hybrid Cloud Connectivity 1.The concepts and building blocks 2.Connectivity options 3.Routing and AWS. Why and how BGP is used 4.Redundancy & real life examples

AWS Networking & Hybrid Cloud Connectivity 1.The concepts and building blocks 2.Connectivity options 3.Routing and AWS. Why and how BGP is used 4.Redundancy & real life examples

Public Cloud Solutions RDS DB

RDS DB S3

S3

EC2

EC2

EL B

EL B

AZ1

AZ2

Cloud Front CDN

• Typical Internet facing web app • Internet – well connected, high speed • Low establishment cost • Network performance non guaranteed

Internet

Route53 DNS

• Public Internet • Globally scalable via Cloud Front

Internet Router performing NAT

192.168.1.0/24 office/home network

Virtual Private Cloud (VPC) Solutions IGW

VPC CIDR 10.1.0.0/16

Instance B 10.1.2.22 /24

Instance A 10.1.1.11 /24

Public Subnet

Public Subnet

10.1.1.0/16 10.1.2.0/16 10.1.3.0/16

Instance D 10.1.4.44 /24

Instance C 10.1.3.33 /24 Private Subnet

Private Subnet

Availability Zone A

Availability Zone B

VGW Direct Connect Corpora te Office

Hardware VPN (IPSec Internet) Corpora te Office

• Your own private, isolated section of the AWS cloud • Corporate DC extension into AWS • Grouping of EC2 instances and other services within a private IP address range i.e. 10.1.0.0/16 • Subnets are local per AZ (layer 3 DC­DC design) • Failover is via SLB or DNS – no VMotion like failover • Complete control over networking & security

VPC Components IGW

VPC CIDR 10.1.0.0/16

• IGW ­ Internet Gateway • VGW ­ Virtual Private

Instance B 10.1.2.22 /24

Instance A 10.1.1.11 /24

• CGW – Customer Gateway

Public Subnet

Public Subnet

10.1.1.0/16 10.1.2.0/16 10.1.3.0/16

Instance D 10.1.4.44 /24

Instance C 10.1.3.33 /24 Private Subnet

Private Subnet

Availability Zone A

Gateway

Availability Zone B

• Subnets • Route tables • Direct Connect • Hardware VPN • Security Groups & ACLs

CGW

VGW Direct Connect

Corpora te Office

CGW Hardware VPN (IPSec Internet) Corpora te Office

AWS Networking & Hybrid Cloud Connectivity 1.The concepts and building blocks 2.Connectivity options 3.Routing and AWS. Why and how BGP is used 4.Redundancy & real life examples

Hardware VPN – IPSec via Internet • Provides an extension of the onsite corporate network • Can use your existing private IP addressing 10.x etc • IPSec tunnel to secure traffic over the Internet (128­bit AES) • Static or dynamic routing (BGP) • 2 x termination points per region. Default is a tunnel to each

Hardware VPN – IPSec via Internet Internet links xDSL, EoC, Fibre

CGW’s Cisco, Juniper or Windows Server

Console builds config

2 x tunnels to each edge site (for VPG redundancy)

AWS Direct Connect ­ Features • High speed, dedicated, private pipe into AWS (VPC) • Consistent network performance compared to Internet • Metered outbound traffic (~1/3 cost of Internet) • 1 or more network connection points per region (Syd x 2) • Supports redundancy (BGP routing) • Allows QoS • End to end support by single network provider

AWS Direct Connect ­ Benefits • Reduced network transfer costs (out of AWS) • Improved & consistent application performance • Flexible – initial seed data typically very large • Less downtime ­ end to end support • Security and compliance • Enabler for the Hybrid Cloud Architecture

AWS Direct Connect ­ Anatomy Co-location rack within same DC ie Equinix Sydney AWS Direct Connect POP Customer Datacenter Private Virtual Interface dot1q VLAN 666 Colocation Facility - e.g. Equinix SV1

Instance A 10.1.1.11 /24 Public Subnet

Customer DC

Instance B 10.1.2.22 /24

Customer Subnet

Public Subnet 10.1.1.0/16 10.1.2.0/16

Instance C 10.1.3.33 /24 Private Subnet

Availability Zone A

Instance D 10.1.4.44 /24 Private Subnet

.17 AWS Direct Connect Point of Presence

Availability Zone B

192.168.0.0/16 AS65442

.18

10.1.3.0/16

Customer Gateway

VPC CIDR 10.1.0.0/16 AS7224

VGW

Cross Connect

Customer or partner device CGW

Service Provider (MPLS L3 IP VPN or VPLS)

169.254.247.16/30 BGP over /30 routed subnet VLAN on dot1q trunk

BGP via managed Service Provider Network

AWS Networking & Hybrid Cloud Connectivity 1.The concepts and building blocks 2.Connectivity options 3.Routing and AWS. Why and how BGP is used 4.Redundancy & real life examples

BGP • Border Gateway Protocol • Needed to implement network redundancy • Standards based protocol used to connect the global Internet • Exchanges routes ‘prefixes’ between ‘neighbours’ • Uses AS numbers ie AS 65001 AS_PATH measure of network distance • Local Preference – means to override AS_PATH locally • Used by AWS to connect to customers and advertise routes. – Direct Connect (mandatory) – IPSec VPN (optional) • Bi­Directional Forwarding Detection (BFD) – speeds up failover to as low a 150ms. Standard BGP can be 180 sec.

AWS Networking & Hybrid Cloud Connectivity 1.The concepts and building blocks 2.Connectivity options 3.Routing and AWS. Why and how BGP is used 4.Redundancy & real life examples

Questions or follow­up? 79 Madison Ave, New York, NY 10016 www.cloudsyntrix.com 646­873­6945

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.