Networking in AWS

© 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified,
or distributed in whole or in part without the express consent of Amazon Web Services, Inc.
Overview

• AWS networking services including:

VPC – Extend your network into a virtual private cloud

EIP – Elastic IP

Direct Connect – Physical cross connect into AWS

ELB – Managed load balancer service

Route53 – Managed DNS service

 1
Amazon VPC
Amazon VPC

• Virtual network topology that you define

• Your own logically isolated section of AWS
• Complete control of your networking environment
– IP ranges
– Subnets
– Routing tables
– Gateways

• Multiple Connectivity Options

• Advanced Security Features
Networking Building Blocks

• Bring your own network

Your network goes here

Networking Building Blocks

…
VPC Subnet 1 VPC Subnet 2 VPC Subnet ‘n’
Networking Building Blocks

• Configure custom routing rules

VPC Subnet 1 VPC Subnet 2

Plan your VPC IP space before creating it

• Consider future AWS region expansion

• Consider future connectivity to corporate networks
• Consider subnet design
• VPC can be /16 between and /28
• CIDR cannot be modified once created
• Overlapping IP spaces = future headache
Network Building Blocks

Web
(HTTP)

Security Group Firewall

Load
Balancer

Security Group Firewall

8080
Web Web
Server Server

Security Group Firewall

DB
Server
Network Building Blocks

Availability Zone ‘A’ Availability Zone ‘B’

Network Building Blocks

• Routing rules

Availability Zone ‘A’ Availability Zone ‘B’

Network Building Blocks

Customer Network
Network Building Blocks

Customer WAN

AWS Direct
Connect Location Customer Network
Network Building Blocks

Customer Network
Network Building Blocks

Customer Network
Network Building Blocks

• Load Balancer
• Internet Elastic Load Balancing
• Mid-tier Elastic Load Balancing

Customer Network
VPC NAT Gateway

• High availability – built-in redundancy

• High bandwidth – up to 10Gbps
• Fully Managed by AWS
• Assign an EIP to each NAT Gateway Private Route Table
• View NAT gateways’ traffic using Flow Destination Target
Logs
10.0.0.0/16 Local
• NAT gateways support TCP, UDP, and
ICMP protocols Nat
0.0.0.0/0 IGW

• Network ACLs apply to NAT gateway’s Gateway

traffic Private Route Table
• CloudTrail Support Destination Target
10.0.0.0/16 Local

0.0.0.0/0 NGW
VPC Endpoints: Amazon S3 access without an
Internet Gateway

• No IGW
Amazon

• No NAT S3

• No public IPs
• Free
• Robust access control
 Connecting to other VPCs - VPC peering

172.31.0.0/16 10.0.0.0/16
10.55.0.0/16

VPC Peering

Private Route Table Private Route Table

Destination Target Destination Target
171.31.0.0/16 Local 10.0.0.0/16 Local

10.0.0.0/16 VPC Peer 172.31.0.0/16 VPC Peer

 2
Direct Connect
AWS Direct Connect
AWS Direct Connect Cont’d
3
ELB
Elastic Load Balancing
• Elastic Load Balancing automatically distributes incoming
application traffic across multiple Amazon EC2 instances.
• Two Types: Classic & Application Load Balancer
Elastic Load Balancing

• In-Region Load Balancing Service

• Distributes traffic across multiple Availability Zones

– HTTP/S, TCP/S
Elastic Load
Balancer
• Built-in Health Check
Web Web Web Web Web Web

• Fully fault-tolerant Server Server Server Server Server Server

– Can span multiple AZs AZ-1 AZ-2 AZ-3

Region
Classic Load Balancer Features:

• High Availability
• Health Checks
• Security Features
• SSL Offloading
• Sticky Sessions
• IPv6 Support
• Layer 4 or 7 Load Balancing
• Operational Monitoring
• Logging
Application Load Balancer Features:

• Content-Based Routing
• Containerized Application Support
• HTTP/2 Support
• WebSockets Support
• Layer-7 Load Balancing
• Delete Protection
• Request Tracing
• Web Application Firewall (WAF)
 4
Route53
Route53
Route53
Global Traffic Management Example:
Route53 Pricing Dimensions
Route53
Any Questions?