Module 8

Network Design of Multiple VPC's

Full Mesh
Hub-and-Spoke

Regular Peering is non-transitive, meaning you must connect all of them together

AWS Transit Gateway

  • Is a centralized, Regional router to connect VPCs and on-premises networks based on hub-and-spoke architecture

  • Is a managed AWS service that automatically scales based on the volume of network traffic

  • Can be peered with other transit gateways in other AWS Regions and AWS accounts

  • Incurs cost charges based on the number of connections and amount of traffic throughput

  • Has a Transit Gateway Flow Logs feature to publish transit gateway traffic logs

Centralized routing pattern for outbound traffic

Transit Gateway Peering

Transit gateway example

You must configure the routing tables regardless if it is with a transit gateway or regular peering

VPC Peering

AWS Site-to-Site VPN

  • Creates a secure connection between an on-premises customer gateway and AWS virtual private gateway (or transit gateway) for VPC access

  • Creates two encrypted IPsec VPN tunnels for each connection across multiple Availability Zones

  • Charges for each VPN connection-hour

Creation process (Wilmer Edition <3)

  1. Create a Virtual Private Gateway

    1. Attach to a VPC

  2. Create a Customer Gateway

    1. If it's a big network BGP may be needed

  3. Create the VPN connection with the Site-to-Site object

    1. choose the VPGW

    2. Choose the Customer GW

    3. Choose the local network it will be on

    4. Choose the remote network it will be communicating with

  4. Download the S2S VPN configuration file (a txt file with instructions)

  5. Configure on firewall/edge router

AWS gives the option to create two tunnels (two firewalls or two ISP's)

AWS Global Accelerator

One branch in Canada, one in Zimbabwe:

  • This can be used to accelerate your Site-to-Site VPN connection.

  • It uses Global Accelerator to route traffic from your on-premises network to an AWS edge location that is closest to your customer gateway device

  • Network traffic will be using the AWS backbone infrastructure to efficiently route traffic from the edge location to the transit gateway

Isolating VPCs with full VPN access by using Transit Gateway

AWS Direct Connect

  • Dedicated connection with optic fiber.

  • Is a dedicated, private, virtual local area network (VLAN) connection that extends the on-premises network to include AWS resources

  • Provides a consistent network experience with predictable performance and increased bandwidth and throughput

We can have higher availability using Direct Connect and a VPN... or two Direct Connects.

Provision for redundancy and fault tolerance

PreviousModule 7NextModule 9

Last updated

Was this helpful?