understanding and configuring vpc peering, vpn, and ... · pdf fileaws vpc access...

Understanding and Configuring VPC Peering, VPN, and Direct Connect

V P C 2 V P C 3

V P C1

Region

No transitive Peering

S i n g l e Re g i o n Inter -VPC rout ing

S a m e or different A W S account

N o over lapping network addresses

5 0 V P C peers perV P C , u p to 125 b yrequest

VPC Peering

D N S is suppor t e d

Use route tables to conf igure rout ing

Up d a t e the inbound or ou t b ou n d rules for your V P C secur i ty g r o u p s to reference secur i ty g r o u p s in the peered V P C

VPC Peering

V P C

Demo

C onf i gu r i n g V P C Peer ing

N. V i r g i n i a R e g i o n

Av a i l a b i l i t y Z o n e A Av a i l a b i l i t y Z o n e A

Z

D B 01

Private subnet

192.168.2.0/24

W e b

Publ ic subnet

19 2 .16 8 .1. 0 / 2 4

F S 01

Private subnet

172.31.0.0/20

192.168.0.0/16 172.31.0.0/16

Customer

Gateway

(CG)

Virtual

Private

Gateway

Internet Gateway

(IGW)

GatewaysVPN

AWS VPC Access

Hardware-

based VPN

Direct

Connect

VPN

CloudHub

S oftware

VPN

VPN Types

Corporate D atac enter

Internet

R e m o te A c c e s s

S ite to S ite

B ran ch Off ice

B ran ch Off ice

C S P

C S P

AWS VPC Access

C o rp o rateDatacenter

InternetSite to S ite

B ran ch Off ice

B ran ch

C S P

H a r d w a r e - b a s e dV P N

Customer Gateway

V irtua lP r i v a t e Off ice

G a t e w a y

InternetG a t e w ay

AW S

AW SC S P

VPN Connection

R e m o te A c c e s s

S o f t wa re V P N

Direct Connect can be partitioned into multiple virtual interfaces (VIFS)

Support for VLAN Trunking (802.1Q)

Less than 1Gbps though AWS Partner

Network (APN)

1Gbps or 10GbpsPredictable

performance / consistentnetwork experience

Predictable bandwidth

AWS Direct Connect

AWS Direct Connect

Corporate D atac enter

AW SPrivate Con n ec t ion D i re c t C o n n e c t

AWS Direct Connect

Corporate D atac enter

Internet

P rivateC o nne c tion AW S

C o lo

D ire c tC o n n ec t

V P N

Private connect iv i ty to V P CPubl i c connect iv i ty to S3, E C 2

a nd D y n a m o D B

Virtual Interfaces

Direct C o nnect can b e part it ioned into multiple virtual interfaces ( V I F )

Direct Connect Location

Virtual Private Cloud

DynamoDBAmazon

S3

Amazon EC2

Public IPsVLAN 1

VLAN 2

Amazon EC2

Private IPs

Customer

RouterDirect

Connect

Router

Direct Connect

and VPNs:Deep Dive - AWS Direct Connect

https://youtu.be/SMvom9QjkPk

AWS Direct Connect:

https://aws.amazon.com/directconnect/

AWS VPN CloudHub

B ran ch Off ice

B ran ch Off ice

B ran ch Off ice

B ran ch Off ice

Corporate D atac enter

V P C

Hardware-b a s e d V P N

AWS VPN CloudHub

B ran ch Off ice

B ran ch Off ice

B ran ch Off ice

B ran ch Off ice

Corporate D atac enter

Hardware-b a s e d V P N

V P C

V P C peer ing

V P N a c c e s s t y p e s

Direct connect

Summary