search

Module 8

hashtag
Network Design of Multiple VPC's

Full Mesh
Hub-and-Spoke

circle-info

Regular Peering is non-transitive, meaning you must connect all of them together

hashtag
AWS Transit Gateway

  • Is a centralized, Regional router to connect VPCs and on-premises networks based on hub-and-spoke architecture

  • Is a managed AWS service that automatically scales based on the volume of network traffic

  • Can be peered with other transit gateways in other AWS Regions and AWS accounts

  • Incurs cost charges based on the number of connections and amount of traffic throughput

  • Has a Transit Gateway Flow Logs feature to publish transit gateway traffic logs

hashtag
Centralized routing pattern for outbound traffic

hashtag
Transit Gateway Peering

hashtag
Transit gateway example

circle-info

You must configure the routing tables regardless if it is with a transit gateway or regular peering

hashtag
VPC Peering

hashtag
AWS Site-to-Site VPN

  • Creates a secure connection between an on-premises customer gateway and AWS virtual private gateway (or transit gateway) for VPC access

  • Creates two encrypted IPsec VPN tunnels for each connection across multiple Availability Zones

  • Charges for each VPN connection-hour

hashtag
Creation process (Wilmer Edition <3)

  1. Create a Virtual Private Gateway

    1. Attach to a VPC

  2. Create a Customer Gateway

    1. If it's a big network BGP may be needed

  3. Create the VPN connection with the Site-to-Site object

    1. choose the VPGW

    2. Choose the Customer GW

    3. Choose the local network it will be on

    4. Choose the remote network it will be communicating with

  4. Download the S2S VPN configuration file (a txt file with instructions)

  5. Configure on firewall/edge router

circle-info

AWS gives the option to create two tunnels (two firewalls or two ISP's)

hashtag
AWS Global Accelerator

One branch in Canada, one in Zimbabwe:

  • This can be used to accelerate your Site-to-Site VPN connection.

  • It uses Global Accelerator to route traffic from your on-premises network to an AWS edge location that is closest to your customer gateway device

  • Network traffic will be using the AWS backbone infrastructure to efficiently route traffic from the edge location to the transit gateway

hashtag
Isolating VPCs with full VPN access by using Transit Gateway

hashtag
AWS Direct Connect

  • Dedicated connection with optic fiber.

  • Is a dedicated, private, virtual local area network (VLAN) connection that extends the on-premises network to include AWS resources

  • Provides a consistent network experience with predictable performance and increased bandwidth and throughput

circle-info

We can have higher availability using Direct Connect and a VPN... or two Direct Connects.

circle-info

Provision for redundancy and fault tolerance

PreviousModule 7NextModule 9

Last updated