Professional Documents
Culture Documents
Deep Dive
Steve Seymour, Solutions Architect, Networking Specialist
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
aws vpc –-expert-mode
Topics today
Virtual networking options
VPC only
1. Routing & private connections
Implementing a hybrid architecture
A pair of VPN
BGP
BGP
connections (4 IPSec
tunnels total) protects
against failure of your
customer gateway
Corporate
192.168.0.0/16
Subnet with connectivity only
to other instances and the
Internet via the IGW
# VPC A
aws ec2 modify-network-interface-attribute --net eni-f832afcc --no-source-dest-check
aws ec2 create-route --ro rtb-ef36e58a --dest 10.20.0.0/16 --instance-id i-f832afcc
# VPC B
aws ec2 modify-network-interface-attribute --net eni-9c1b693a --no-source-dest-check
aws ec2 create-route --ro rtb-67a2b31c --dest 10.10.0.0/16 –-instance-id i-9c1b693a
Software VPN for VPC-to-VPC connectivity
Software VPN
between these
instances
Software VPN for VPC-to-VPC connectivity
Enabling communication
between instances in these
subnets; adding routes to the
default routing table
Software firewall to the Internet
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Financial Times
• Speed to Market
Repetitive and Manual Deployment
• Some history …
• Manual deployment;
• Time Consuming
• Inconsistent
• Human Error
• Repetitive
CloudFormation – JSON
{ “Recognize Similarity” : [
{ “Key” : “Subnets” },
{ “Key” : “ Security” },
{ “Key” : “ Routing” },
{ “Key” : “ Internet” },
{ “Key” : “ Corporate” },
{ “Key” : “ etc” }
]
}
• Faster deployment
• Consistent
• Accurate Deployment
• Stored Centrally
Give it a Go
It is addictive………..in a good way!
2. VPC peering
Shared services VPC using VPC peering
• Common/core services
– Authentication/directory
– Monitoring
– Logging
– Remote administration
– Scanning
Provides infrastructure zoning
• Dev: VPC B
• Test: VPC C
• Production: VPC D
VPC peering for VPC-to-VPC connectivity
VPC B - 10.20.0.0/16
VPC A - 10.10.0.0/16 vpc-062dfc63
vpc-c15180a4 Account ID 472752909333
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Lemongrass Account
VPC Layout
Cloud
Controller
Ireland
3rd Parties
VPN
Cloud Lemongrass
VPN
Controller Support
Remote
Seaco Users
Primary
Direct
Connect
(100Mb)
Remote
Desktop
Services
Singapore
3rd Parties
Singapore London Livorno Moscow
VPN VPN
VPN VPN VPN VPN
Server
Server Server
SAP Production
App.
Database Database App
Servers
App.
Servers
App
Servers
Servers
App. Servers
App
Servers
Servers
Servers
S24
Related Presentations – Videos online
https://www.youtube.com/user/AmazonWebServices