Module 8: Connecting networks Flashcards
AS an organization grows, so does the network of the company. As more and more VPC are added they need to be connected with each other so that they can interact with each other.
In that context what is called a full mesh?
A full mesh is a network in which each of the VPC are connected to each of the others VPC. The numbers of connection to set up and managed grows up exponentially, creating a greater workload and maintenance on the operations.
What is the alternative to a full mesh to connect the VPCs ?
Create a central hub to manage connectivity. Each VPC connects only to the hub
What AWS service can serve as a hub
AWS transit gateway
Key features of AWS Transit Gateway
1.Scales automatically
2.Can be peered with other transit gateways
3.chargee by number of connections and amount of traffic
4.has a flow log feature
How to connect to a transit gateway ?
Every AZ in a VPC must have a network interface to connect to the transit gatway. It means one dedicated subnet for each AZ must be created.
Adjust the route tables to connect to the transit gateway through the 10.0.0.0/8 IP range.
Add the connection on the Route table of the transit gateway to individual VPC
For added security you can organize your network so that only one Egress VPC points to the internet while all other will point to the transit gateway. It is calle a centralized outbound routing. What does the Egress VPC contains ?
A subnet with a network interface to receive the traffic from the transit gateway and another subnet with a NAT Gateway to direct oubound traffic to it
Finally a pointer between the NAT gateway and an internet Gateway.
Advantage of centralized outbound routing.
Cost efficient because only one NAT gateway, and added security.
For redundancy consider running a NAT Gateway for each of the AZ in the egress VPC.
Can the principle of a centralized outbound routing be applied to other services?
Yes. and it has a lot of advantages for simlifying the managemnt of the ressources as well as a better access control
What is the module used to link two transit gateways together called ?
A transit gateway peering attachement
Why should I still consider a mesh architecture when I could you a transit gateway?
If the number of VPC is small and if budget is limited. Indeed VPC peering is free.
Also because it’s point to point it keeps a low latency
Can you apply a mesh that connects to other region or accounts ?
Yes. But data between region incur cost equal to the standard data transfer rates.
If VPC A connect to VPC B and VPC B connects to VPC C, with no direct connection from A to C, can A and C communicate ?
No because transitive peering is not supported.
It can be useful to isolate errors and protect the network.
What if CIDR blocks overlaps between two VPC ?
Use a privatelink with a network load balancer to establish connectivity
How do yo connect your on permises corporate cnironment to a VPC ?
By using an AWS site-to-site VPN. It creates VPN tunnels between the two locations.
It connects to the customer gateway
What is a VPN Vloud hub used for?
It is to centralize VPN connections to many on permises networks
Direct connect for high resiliency?
implement connection at multiple locations
