Networking Flashcards
What is a customer gateway?
Device used in the on prem network to implement a AWS site to site VPN.
Route 53 weighted routing
Weighted routing lets you associate multiple resources with a single domain name (example.com) or subdomain name (acme.example.com) and choose how much traffic is routed to each resource.
VPC Peering
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses.
Transit Gateway
AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway. With AWS Transit Gateway, you only have to create and manage a single connection from the central gateway into each Amazon VPC, on-premises data center, or remote office across your network.
What are the scope of NACLs?
NACLs apply to subnets, or any instance within the subnet
Are NACL stateful or stateless? Why?
Stateless, because you must declare rules to allow request in and to also allow responses out
Are NACL stateful or stateless? Why?
Stateless, because you must declare rules to allow request in and to also allow responses out
Are security groups stateful? Why or Why not?
Yes, they are stateful because they allow traffic out that was initially allowed in
What is the scope of security groups?
Security groups are connected to EC2 instances
What type of network traffic is blocked by default with security groups? not blocked by default?
Inbound traffic is blocked by default
Outbound traffic is not blocked by default
AWS Site-to-Site VPN
AWS Site-to-Site VPN enables you to securely connect your on-premises network or branch office site to your Amazon Virtual Private Cloud (Amazon VPC). You can securely extend your data center or branch office network to the cloud with an AWS Site-to-Site VPN (Site-to-Site VPN) connection. It uses internet protocol security (IPSec) communications to create encrypted VPN tunnels between two locations.
AWS Direct Connect
lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry-standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. AWS Direct Connect does not involve the Internet; instead, it uses dedicated, private network connections between your intranet and Amazon VPC.
Can take longer than one month to establish
AWS Global Accelerator
How is it billed?
a network layer service (e.g. TCP or UDP) that directs traffic to optimal endpoints over the AWS global network, this improves the availability and performance of your internet applications for local or global users.
It provides static IP addresses that provide a fixed entry point to your applications and eliminate the complexity of managing specific IP addresses for different AWS Regions and Availability Zones. AWS Global Accelerator always routes user traffic to the optimal endpoint based on performance, reacting instantly to changes in application health, your user’s location, and policies that you configure.
AWS Global Accelerator is a self-service, pay-per-use offering, requiring no long term commitments or minimum fees.
What are private IP in CIDR?
- 0.0.0/8
- 16.0.0/12
- 168.0.0/16
- 0.0.0/4
Amazon Route 53
provides a Domain Name System (DNS), domain name registration, and health-checking web services. The service was designed to give developers and businesses a reliable and cost-effective way to route end users to internet applications by translating names like example.com into the numeric IP addresses, such as 192.0.2.1, that computers use to connect to each other.
What are the route 53 routing options
1. Simple Round Robin 2 Weighted Round Robin 3. Health Check and DNS Failover 4. Geolocation Routing 5. Geoproximity Routing with traffic Biasing 6. Multi Value Answer
Simple routing
Round robin distributes the number of of requests as evenly as possible between all participating servers
Weighted round robin, what and list typical use cases
Allows you to assign weights to resource record sets in order to specify the frequency with which different responses are served. You may want to use this capability to do A/B testing, sending a small portion of traffic to a server on which you’ve made a software change.
Weights can be any number between 0 and 255.
Route 53 DNS Failover
monitor the health and performance of your web applications, web servers, and other resources. Each health check that you create can
monitor one of the following:
• The health of a specified resource, such as a web server
• The status of other health checks
• The status of an Amazon CloudWatch alarm
After you create a health check, you can get the status of the health check, get notifications when the status changes, and configure DNS failover.
You can take advantage of this feature to increase the availability of your customer-facing application.
Geolocation routing, what and typical use cases
lets you choose the resources that serve your traffic based on the geographic location of your users (the origin of DNS queries).
When you use geolocation routing, you can localize your content and present some or all of your website in the language of your users. You can also use geolocation routing to restrict distribution of content to only the locations in which you have distribution rights. You can also balance load across endpoints in a predictable, easy-to-manage way, so each end-user location is consistently routed to the same endpoint.
Geoproximity routing
lets you route traffic based on the physical distance between your users and your resources if you’re using Route 53 traffic flow. You can also route more or less traffic to each resource* by specifying a positive or negative bias. When you create a traffic flow policy, you can specify either an AWS Region (if you’re using AWS resources) or the latitude and longitude for each endpoint.
A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource
multi-value answers
If you want to route traffic approximately randomly to multiple resources, such as web servers, you can create one multi-value answer record for each resource and, optionally, associate an Amazon Route 53 health check with each record.
Amazon Route 53 gives different answers to different DNS resolvers.
Virtual Private Gateway
The AWS side of an AWS VPN
AWS VPN CloudHub
A service for connecting multiple sites into your VPC over VPN connections.
VPC Endpoint
Private access (e.g not routed over public internet, but traffic kept inside AWS) to AWS services
AWS Global Accelerator use cases
non-HTTP user cases UDP (gaming) IoT (MQTT) Voice over IP HTTP that require static IP addresses or fast regional failover