Advanced Networking Flashcards
Global Accelleration vs Cloudfront
GA
Transiting Network data(TCP/UDP quickly and conveniently as possible into a Global Network.
Routing Connections into aws Backbone.
Global TCP/UDP Network Optimization
CF
Caching
HTTP/HTTPS content
AWS DX
Low Latency
Consistent Latency
1G, 10G, 100G Physical connection
High-Speed Hybrid AWS Network
Business Premises => DX Location => AWS Region
DX Costs
- Outbound Data Transfer Cost
- Port Hourly Cost
DX Resilience
Direct Connect is not Resilient by default
DX Vs VPN
VPN
Encryption requires processing overhead and Transit over the Public Internet.
DX
Dedicated Port Delivers Max possible Speed
Can access AWS Private Services (VPCs) and AWS Public Services - NO INTERNET
VIF (Virtual Interface)
Virtual connections over the dx physical connection for resilience and HA.
- Transitive VIF
- Private VIF (Connection from Customer Location All the way to VPC)
- Public VIF (Connection from Customer Location Through to AWS Public Services)
Transit Gateway
This is a Network Transit Hub that connects VPCs to on-premises networks.
- It Significantly reduces network complexity
- It’s a Single network object - HA and Scalable
- It Implements Attachments to other network types: VPC, Site-to-Site VPN & Direct Connect Gateway
Transit Gateway
Works like a Network Switch for AWS Connections. Can Link many VPCs together and ROute the VPCs to a Customer Gateway with a single Netwrok routing Device.
TGW needs a Subnet in a AZ for set up
TGW can pair with other TGW across AWS Regions and accounts and VPCs
VPC Pairing vs Transitive Gateway
Transitive gateway is recommended over VPN pairing for VPC pairing and Larger scale cross-network connections.
- Supports transitive routing
- Can be used to create global networks
- Share between accounts using AWS RAM
- Peer with different regions … same or cross account
- Less complexity vs w/o TGW
Route Table Association
Only One route table can be associated with a Subnet at a time. This is either the MAIN or CUSTOM route table.
All subnets are either Automatically Associated with the Main or Explicitely Re-Associated using a Custom RT
Main implicitely Associates All Subnets. If Custom is dissociated, the subnet Automatically routes back to MAIN
RT Quotas:
50 Static Routes and 100 Dynamic Routes
CIDR Overlap
VPC Peering cannot be established between two VPCs with Overlapping CIDRs
Routing Overlaping CIDRs
Method1 - Split Routing
Create separate routes for each subnet one Subnet pointing to VPC-A and Subnet-B to VPC-B
Method 2 - Dedicated
Using a /32 CIDR as one of the Destinations for one of the connection routing to Target VPC-A, and /16 to VPC-B. RT Prioritizes the longer Prefix of both destinations first.
Gateway Route Table
An Ingress Rout Table for the IGW or VGW that explicitly defines the landing destination of incoming traffic.
Gateway route tables can be used to direct a gateway (e.g. IGW) to take actions on inbound traffic - such as forwarding it to a security appliance
Accelerated Site-to-Site-VPN
VPN over AWS Backbone. However, CGW first has to connect to a DX Location via a DX or Public Internet. And then Connection is terminated over a Transit Gateway at the VPC. Not VGW or IGW.
Acceleration can be enabled when creating a TGW VPN attachment. Not compatible with VPNs using a VGW
VGW, TGW, IGW
- IGW - Public Internet
- VGW - Public Internet to CGW
- TGW (Transit Gateway) - AWS Backbone
- CGW - Customer Gateway/On Prem Gateway
- Gateway Endpoint - VPC-to-DynamoDB&S3 only
- Interface EndPoint - VPC-To-S3 and other AWS Private services
