Connecting networks

 AWS Site to Site VPN

  • connect on-premise network with VPC  
  • using shared and public network
  • easy to setup, faster to install
  • charged per hour 0.05 cents per connection hour, 0.09$ per GB of DTO
  • encrypted connection via IPSec
  • two encrypted tunnels per connection
  • on-premise side: customer gateway, AWS site : virtual private gateway
  • For high availability, you can have multiple customer gateways, each advertises same prefix
  • AWS CloudHub: have multiple customer gateways connected to single virtual private gateway
  • second tunnel can be used for redundancy
  • Routing
    • Static: when customer gateway do not have BGP
    • Dynamic: when customer gateway do not have BGP (recommended)

AWS Direct Connect (Dx)

  • 50 Mbps to 100 Gbps
  • dedicated private network
  • uses 802.1q standard
  • better for transferring large data sets and also for security and compliance
  • One side of connection connected to Dx router located at DC site, the other to your router, using fiber -optic cable
  • DX router is connected to virtual private gateway at AWS or to a service
  • you can create public virtual interface to a AWS service for direct acccess
  • you can couple Dx connection with Site to Site connection for availability
  • consistent experience in terms of speed
  • 0.02$ to 0.19$ per GB of DTO
  • Port hour fees vary
  • not encrypted by default

VPC Peering Limitations

  • direct private connection between two VPC
  • instances communicate like they are in the same network
  • use private IP without gateways
  • can connect interregional VPC
  • can connect VPC from different accounts
  • cannot connect VPCs with matching or overlapping CIDR blocks
  • no transitive peering relationships
  • only one connection between two VPC
  • inter-region VPC does not support IPv6
  • limitation on number of active and pending VPC peering connections per VPC


AWS Transit Gateway

  • connect multiple VPC using central gateway
  • up to 5000 VPC
  • every AZ  in the connected VPN must have a subnet with ENI (elastic network interface) connected to the central gateway
  • transit gateway has a route table with destination the CIRD of the connected VPN and target, set to the ENI
Still to understand
two types of endpoints

Comments

Post a Comment

Popular posts from this blog

Structure of Android OS  Android operating system consist of several layers, which are staring from bottom to top Linux Kernel : Takes care of threading, memory management, process management, hardware drivers, networking and security. Includes drivers for camera, audio, keypad, bluetooth, etc. Hardware Abstraction Layer HAL - Exposes hardware capabilities of hardware components such as Bluetooth, Camera etc to the Kotlin API through standard interfaces. When device is needed, the Kotlin API makes a call to the interface and a corresponding library is loaded for the hardware component. Android Runtime ART - Environment used to run the applications. Each application runs in its own process. Designed based on Java Virtual Machine to run apps in shared environment, where battery, CPU, memory are limited. Reads .dex files. Native C/C++ Libraries - Used to build core Android components such as ART and HAL.Their functionalities are exposed by Java Framework API Java API Framework - Set o...
Read more