aws summit auckland - fundamentals of networking in aws
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Amy Romano, Account Manager & Alastair Cousins, Solutions Architect,
Amazon Web Services
Lalitha Koya – IT Manager, William Buck
The Fundamentals of Networking in AWS: VPC
& Connectivity Options
Business
Business
101 Technical
201 Technical
301 Technical
401 Technical
Session Depth
Agenda
How AWS does
Networking
What is/in an
AWS VPC
Demo:
Building a
VPC
Connecting
into your
VPC
Analysing &
Monitoring your
VPC
William Buck’s
Networking
Journey
Resources
& Next
Steps
Demo:
Connecting
to a VPC
10 Years of Networking Experience in the Cloud
AWS Networking Concepts: Nested Layers
RegionAZVPCSubnetRouting TableNetwork ACLSecurity Group
AWS Regions
Availability Zones
Availability Zone
ap-southeast-2a ap-southeast-2b
AZ A AZ B
Availability Zone
VPC
172.31.0.0/16
Availability Zone
ap-southeast-2a ap-southeast-2b
AZ A AZ B
Availability Zone
Subnets
172.31.0.0/16
Availability Zone
ap-southeast-2a ap-southeast-2b
AZ A AZ B
Availability Zone
Public Subnet
Private Subnet
Public Subnet
Private Subnet
172.31.0.0/24 172.31.1.0/24
172.31.2.0/24 172.31.3.0/24
Routing
172.31.0.0/16
Availability Zone
ap-southeast-2a ap-southeast-2b
AZ A AZ B
Availability Zone
Public Subnet
Private Subnet
Public Subnet
Private Subnet
172.31.0.0/24 172.31.1.0/24
172.31.2.0/24 172.31.3.0/24
Corporate
Datacenter
Corporate
Datacenter
Route Table
Destination Target
172.31.0.0/16 LOCAL
10.0.0.0/16 VGW
VGW
Direct
ConnectVPN
Network ACLs
172.31.0.0/16
Availability Zone
ap-southeast-2a ap-southeast-2b
AZ A AZ B
Availability Zone
Public Subnet
Private Subnet
Public Subnet
Private Subnet
172.31.0.0/24 172.31.1.0/24
172.31.2.0/24 172.31.3.0/24
Security Groups
172.31.0.0/16
Availability Zone
ap-southeast-2a ap-southeast-2b
AZ A AZ B
Availability Zone
Public Subnet
Private Subnet
Public Subnet
Private Subnet
Instance A
172.31.0.12
Instance B
172.31.0.9
Instance C
172.31.3.84
Instance D
172.31.0.211
VPC Use Cases
Your Organisation
Project Teams Marketing
Business Units Reporting
Digital /
Websites
Dev and
TestAnalytics
Internal
Enterprise
Apps
Amazon S3
Amazon
Glacier
Storage/
Backup
Multi-VPC Strategy
• VPC Peering
• For Large Virtual Networks
• Link VPCs Across AWS
Accounts
• No Need to Manage
Networking
What’s in it for Me?
Demo: Creating an Internet Connected VPC
Choosing an
Address
Range
Setting up
Subnets in
Availability
Zones
Creating a
Route to the
Internet
Authorising
Traffic to/from
the VPC
Extending your Network into the Cloud
• Hardware VPN
• AWS Direct Connect
• AWS Direct Connect + VPN
On-Premises
Resources
Cloud
ResourcesIntegration
Hardware VPN
Customer
Gateway
Virtual
Gateway
Two IPSec tunnels
192.168.0.0/16 172.31.0.0/16
192.168/16
Your networking device
Hardware VPN – Important Considerations
• Reuse your Existing VPN Device
• Reuse Existing Internet Connection
• Active/Active or Active/Passive: Your Choice
• Static or Dynamic (BGP) Routing Supported
AWS Direct Connect
Customer DCColocation Facility - e.g. Equinix SV1
VPC CIDR 10.1.0.0/16
Customer Subnet
192.168.0.0/16
AWS Direct Connect POP
Colocation Facility
Customer or Partner Device
AWS Direct ConnectPoint of Presence
Customer Gateway
Cross Connect
Customer Data Center
Service Provider Backhaul
Private Virtual Interface
Instance A10.1.1.11 /24
Availability Zone A Availability Zone B
Public Subnet Public Subnet
Private Subnet Private Subnet
Instance B10.1.2.22 /24
Instance C10.1.3.33 /24
Instance D10.1.4.44 /24
10.1.1.0/16
10.1.2.0/16
10.1.3.0/16
AWS Side Customer SideAWS Point of Presence
AWS Direct Connect – Important Considerations
• Dedicated Network Connection over Private Fibre
• Predictable Network Performance
• 1 & 10 Gbps Connections
• 50M-500M Connections via Direct Connect Partners
• Lower Egress Data Rates
AWS Direct Connect Partners
Utilise AWS Marketplace
Pre-Configured Machine
Images
1-Click Launch on AWS
BYOL or Hourly Licenses
Demo: Configuring a VPN
Customer
Gateway
Virtual
Gateway
Two IPSec tunnels
172.31.0.0/16 10.0.0.0/16
172.31/16
Tokyo Region Sydney Region
Software VPN
Instance
10.0/16
Understanding Your Network
• VPC Flow Logs
• CloudTrail
• AWS Config
• CloudWatch
Journey to Cloud
Lalitha Koya
IT Manager
120 Years of History in ANZ
• “Changing Lives”
• A Culture of Collaboration
• Team of 3 Dedicated to Entire
Environment
The Case for Cloud & AWS
• A Complex and Growing IT Org
• Elasticity and Agility
• Support for SaaS
• Improved Risk & Security Model
Migration: Networking as a Foundation
• Established Direct Connect
• Utilised AWS Marketplace
• UAT (BP) as Test
• VPC Set-Up
VM Import/Export
VPC Network
IAM Policies
Virtual Images
On-Premise Apps
Private Network
VPC
Corporate Directory
Cloud Apps
Data Storage
A Few Bumps Along the Way…
All In
• Second Direct Connect
• Workloads
On the Horizon…
AWS as an Extension of William Buck
William Buck as an IT Org in the AWS Cloud
• Improved Security Posture
• More Effective Team
• Time to Innovate over Heavy Lifting
• More Reliable Networking
Advanced VPC Concepts: Resources
Amazon VPC Connectivity Options:
http://media.amazonwebservices.com/AWS_Amazon_VPC_Connectivi
ty_Options.pdf
VPC Documentation Guide:
https://aws.amazon.com/documentation/vpc/
Supported VPN Devices: https://aws.amazon.com/vpc/faqs/#C9
List of Direct connect Partners:
https://aws.amazon.com/directconnect/partners/
Life of 1 Billion packets: https://www.youtube.com/watch?v=Zd5hsL-
JNY4
AWS Training & Certification
Intro Videos & Labs
Free videos and labs to
help you learn to work
with 30+ AWS services
– in minutes!
Training Classes
In-person and online
courses to build
technical skills –
taught by accredited
AWS instructors
Online Labs
Practice working with
AWS services in live
environment –
Learn how related
services work
together
AWS Certification
Validate technical
skills and expertise –
identify qualified IT
talent or show you
are AWS cloud ready
Learn more: aws.amazon.com/training
Your Training Next Steps:
Visit the AWS Training & Certification pod to discuss your
training plan & AWS Summit training offer
Register & attend AWS instructor led training
Get Certified
AWS Certified? Visit the AWS Summit Certification Lounge to pick up your swag
Learn more: aws.amazon.com/training
Thank You!