VPC P2 Flashcards
What is direct connect (DX)?
What are the use cases for DX?
A dedicated connection between your VPC and your on-prem network.
A higher bandwidth connection
Higher stability
Hybrid environments.
How does the AWS direct connect work?
What is the alternate to this for public services like S3?
Connect your VPC to AWS direct connect endpoint via a Virtual private gateway (VGW), then your on-prem must connect to a customer gateway within AWS direct connect (DX)
Same setup, except you don’t need to use a VGW, S3 would connect directly to the Direct connect endpoint.
What is a direct connect Gateway?
What is the connection flow like for this?
What are the AWS direct connect connection types?
What’s the big difference between the 2?
How long does it take to establish a direct connect connection?
It allows you to connect to multiple vpcs
On prem connects to direct connect, then direct connect connects to a Direct Connect Gateway. The Gateway allows connections to multiple VPCs
Dedicated - Direct eithernet connection (1, 10, 100GBPS)
Hosted - Connections made via direct connect partners
(50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, and 10 Gbps)
Hosted has most capacity options
1Mo+
How can you add encryption to your Direct Connect Connection?
How can you increase resiliency when using a direct connection?
How can you maximize resiliency when using AWS direct connect?
By combining it with a VPN.
By using 2 direct connect locations?
By using 2 direct connect locations each with 2 direct connect connections in them.
How can you expose a service to 1000s of VPC?
By setting up a AWS Private Link
How can you connect 1000s of VPCs, Direct connections and VPNs together?
What is the only service that supports IP Multicast?
Is this a cross regional service?
How can you share this resource cross account?
How do you limit which networks can talk to each other through the transit gateway?
By using AWS transit gateway
AWS Transit gateway
Yes
By using the resource access manager
By configuring the route tables
How can a transit gateway increase the bandwidth of your VPN?
How can you share direct connect between multiple accounts?
By setting up ECMP. This will allow you to have multiple tunnels (Ex 4 instead of 2) between your on prem and the direct connect, this increasing your bandwidth. You can also add more tunnels
By connecting a direct connect gateway to a transit gateway that is connected to multiple accounts
How can you capture and inspect you network traffic for analysis by some security software? Think Datapower?
How would this work?
Is it necessary to capture all packats?
In terms of VPCs what is needed for how could you route this traffic to another VPC?
By setting up VPC traffic Mirroring
You would configure traffic mirroring on the ENI (source and target) of your EC2 instance that you’re interested in that mirroring would then duplicate the traffic and route it to some other instances that have a security appliance running on them.
No, you can apply filtering
Set up VPC peering peering set up
In terms of formatting what should you look for to tell the difference between IPv6 and IPv4?
How do you disabled IPv4 for your instances and subnets?
How do you add an IPv6 to your EC2 instance?
Are IPv6s private?
The : instead of the .
It can also have letters instead of numbers
You can’t
It is automatically pre-configured with one
No, they are all public
If you can’t launch an EC2 instance because there are no available IPv4s left what must you do?
Create a new CIDR range in your subnet (remember you can have up to 5)
How do you prevent IPv6 connections from coming from the internet to your IPv6 IP on your private instance, but allow outgoing IPv6 connctionos?
By configuring an Egress only internet gateway.
What is the cost for any incoming traffic into your EC2 instance?
What is the cost for communication between instances on the came AZ?
What is the cost for traffic going over the internet between 2 AZs?
What is the cost for traffic going over the private IP between 2 AZs?
It’s free
It’s free
It is not free (0.02 per gb)
It’s not free (0.01 per gb)
In terms of IP addresses how can you decrease cost and increase network performance?
By using private IP addresses to communicate between your EC2 instances.
When choosing a Direct Connect location, how do you minimize egress cost?
How can you minimize S3 egress costs?
Is it cheaper to connect your services to S3 over the public internet via a NAT gateway or by using a private VPC Gateway Endpoint?
By choosing a location within the region of your instances
By using cloudfront as the data will be cached and reduce the number of requests going to S3
The gateway endpoint is cheaper because there is an hourly cost and data processing cost associated with the NAT
