3 Networking in AWS - MACUL Community€¦ · VPC –Extend your network into a virtual private...
Transcript of 3 Networking in AWS - MACUL Community€¦ · VPC –Extend your network into a virtual private...
Networking in AWS
©2017AmazonWebServices,Inc.anditsaffiliates.Allrightsserved.Maynotbecopied,modified,ordistributedinwholeorinpartwithouttheexpressconsentofAmazonWebServices,Inc.
Overview
• AWS networking services including:
VPC – Extend your network into a virtual private cloud
Direct Connect – Physical cross connect into AWS
ELB – Managed load balancer service
Route53 – Managed DNS service
EIP – Elastic IP
1Amazon VPC
Amazon VPC
• Virtual network topology that you define• Your own logically isolated section of AWS• Complete control of your networking environment
– IP ranges– Subnets– Routing tables– Gateways
• Multiple Connectivity Options• Advanced Security Features
Networking Building Blocks
Your network goes here
• Bring your own network
Networking Building Blocks
VPC Subnet 1 VPC Subnet 2 VPC Subnet ‘n’
…
Networking Building Blocks
VPC Subnet 1 VPC Subnet 2
• Configure custom routing rules
Plan your VPC IP space before creating it
• Consider future AWS region expansion• Consider future connectivity to corporate networks• Consider subnet design• VPC can be /16 between and /28• CIDR cannot be modified once created• Overlapping IP spaces = future headache
Network Building Blocks
Security Group Firewall
Load Balancer
Security Group Firewall
Security Group Firewall
DB Server
Web(HTTP)
8080Web
ServerWeb
Server
Network Building Blocks
Availability Zone ‘A’ Availability Zone ‘B’
Network Building Blocks
• Routing rules
Availability Zone ‘A’ Availability Zone ‘B’
Network Building Blocks
Customer Network
Network Building Blocks
Customer NetworkAWS Direct
Connect Location
Customer WAN
Network Building Blocks
Customer Network
Network Building Blocks
Customer Network
Network Building Blocks
• Load Balancer• Internet Elastic Load Balancing• Mid-tier Elastic Load Balancing
Customer Network
VPC NAT Gateway
NatGateway
• High availability – built-in redundancy• High bandwidth – up to 10Gbps• Fully Managed by AWS• Assign an EIP to each NAT Gateway• View NAT gateways’ traffic using Flow
Logs• NAT gateways support TCP, UDP, and
ICMP protocols• Network ACLs apply to NAT gateway’s
traffic• CloudTrail Support
Private Route Table
Destination Target
10.0.0.0/16 Local
0.0.0.0/0 IGW
Private Route Table
Destination Target
10.0.0.0/16 Local
0.0.0.0/0 NGW
VPC Endpoints: Amazon S3 access without an Internet Gateway
• No IGW• No NAT• No public IPs• Free • Robust access control
Amazon S3
Connecting to other VPCs - VPC peering
VPC Peering
172.31.0.0/16 10.55.0.0/1610.0.0.0/16
Private Route Table
Destination Target
10.0.0.0/16 Local
172.31.0.0/16 VPC Peer
Private Route Table
Destination Target
171.31.0.0/16 Local
10.0.0.0/16 VPC Peer
2Direct Connect
AWS Direct Connect
AWS Direct Connect Cont’d
3ELB
Elastic Load Balancing• Elastic Load Balancing automatically distributes incoming
application traffic across multiple Amazon EC2 instances.• Two Types: Classic & Application Load Balancer
Elastic Load Balancing
• In-Region Load Balancing Service
• Distributes traffic across multiple Availability Zones – HTTP/S, TCP/S
• Built-in Health Check
• Fully fault-tolerant – Can span multiple AZs
Web Server
AZ-3
Web Server
Web Server
AZ-2
Web Server
Region
Elastic LoadBalancer
Web Server
AZ-1
Web Server
Classic Load Balancer Features:
• High Availability• Health Checks• Security Features• SSL Offloading• Sticky Sessions• IPv6 Support• Layer 4 or 7 Load Balancing• Operational Monitoring• Logging
Application Load Balancer Features:
• Content-Based Routing• Containerized Application Support• HTTP/2 Support• WebSockets Support• Layer-7 Load Balancing• Delete Protection• Request Tracing• Web Application Firewall (WAF)
4Route53
Route53
Route53
Global Traffic Management Example:
Route53 Pricing Dimensions
Route53
Any Questions?