Más contenido relacionado La actualidad más candente (20) Similar a Leadership Session: Networking (NET209-L) - AWS re:Invent 2018 (20) Más de Amazon Web Services (20) Leadership Session: Networking (NET209-L) - AWS re:Invent 20182. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Networking: what’s new in
networking and content delivery
Dave Brown
Vice President - EC2, Compute & Networking
N E T 2 0 9 - L
3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Broadest customer base for networking
Startup Enterprise Public Sector SI/ISV
4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
*Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Smith, Dennis, Leong, Lydia, Bala, Raj, May 2018 G00336148
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document.
The Gartner document is available upon request from AWS : https://www.gartner.com/doc/reprints?id=1-2G2O5FC&ct=150519&st=sb
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only
those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization
and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including
any warranties of merchantability or fitness for a particular purpose.
AWS positioned as a leader
in the Gartner Magic
Quadrant for Cloud
Infrastructure as a Service
6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS positioned as a leader
in the IDC MarketScape:
Worldwide Infrastructure
as a Service 2017
Vendor Assessment
*SOURCE: "IDC MarketScape: Worldwide Infrastructure as a Service 2017 Vendor Assessment", by Deepak Mohan, Erik Berggren and Laura
DuBois, September 2017 IDC # US43073916.
IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given
market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in
a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market
and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-
year timeframe. Vendor market share is represented by the size of the circles. Vendor year-over-year growth rate relative to the given market
is indicated by a plus, neutral or minus next to the vendor name.
AWS has effectively defined and led
the core offering portfolio in the
public cloud IaaS market.
“
”
7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Customer obsessed
of roadmap originates with customer requests
8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Our networking & content delivery business
Edge location Route tableFlow logs Internet
gateway
NAT gateway Network
access
control list
Classic load
balancer
Streaming
distribution
Peering Router VPN
Connection
VPN Gateway Network load
balancer
Download
distribution
Hosted zoneCustomer
gateway
Elastic
network
adapter
Elastic
network
interface
Endpoints Application
load balancer
Direct
Connect
gateway
9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
A network for the world’s
workloads delivered through
continuous innovation
10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous innovation
Superior network:
abundant, fast,
always on
11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous innovation
Superior network:
abundant, fast,
always on
12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Global Infrastructure
• 19 Regions with 58 Availability Zones
• 5 Regions coming soon: Bahrain,
Cape Town, Hong Kong SAR,
Stockholm, and second USA GovCloud
13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
150 CloudFront PoPs
• 139 Edge Locations
• 11 Regional Edge Caches
14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
89 Direct Connect
Locations
15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon Global Network
• Redundant 100 GbE network
• Private network capacity between
all AWS region, except China
16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Why have a backbone network?
17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HAWAIKI
19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
BAY TO BAY EXPRESS
20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
JUNIPER
21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multiple services traverse the backbone
22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Content Distribution with Amazon CloudFront
Fast, massively scaled and
globally distributed
Highly Programmable
Deep Integration with AWS
Network and application
protection at the edge
23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private connectivity with AWS Direct Connect
Dedicated private connection
from on-premised to AWS
Consistent network
performance
Reduced bandwidth costs
Compatible with all
AWS services
24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Private connectivity with Inter-region Peering
Private connectivity for two
or more VPCs between regions
Highly available, no single
point of failure
All traffic stays on the AWS
global backbone network
All traffic encrypted and
anonymized
25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multiple services traverse the backbone
26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Local ISP Network A B C D E F
Access Application!
Accessing your application is not this straightforward!It can take many networks to reach the application
Paths to and from the application may differ
Each hop impacts performance and can introduce risk
Introducing AWS Global Accelerator
27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Local ISP AWS Network
Accessing your web applications with
AWS Global Accelerator
Adding AWS Global Accelerator removes these inefficiencies
Leverages the Global AWS Network
Resulting in improved performance
28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing AWS Global Accelerator
1
29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Multiple services traverse the backbone
30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
There is no compression algorithm
for experience.
—Andy Jassy, CEO AWS
“
”
31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Everything fails all the time.
—Werner Vogels, CTO AWS
“ ”
37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Regional Network Availability
less than 1/10th the networking downtime
40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Global Network Availability
Only never
42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous innovation
Superior network:
abundant, fast,
always on
43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Strengthen your security posture
Over 50 global compliance
certifications &
accreditations
Benefit from AWS
industry leading security
teams 24/7,
365 days a year
World-class network
performance
and capabilities
Security infrastructure
built to satisfy military, global
banks, and other
high-sensitivity organizations
We work closely with AWS to develop a security model, which
we believe enables us to operate more securely in the public
cloud than we can in our own data centers.
Rob Alexander, CIO
44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity, directory,
and access
IAM
Manage user access and
encryption keys
Single Sign-On
Cloud single sign-on for AWS accounts
and business apps
Directory Service
Host and manage
Microsoft Active Directory
Organizations
Manage settings for
multiple accounts
Resource Access Manager
Share resources across
multiple accounts
Secrets Manager
Rotate, manage, and retrieve secrets
Cognito
Identity management for your apps
Detective controls
and Management
Security Hub
Centrally view and manage security
alerts and automate compliance checks
GuardDuty
Continuous threat detection &
monitoring
Service Catalog
Create and use standardized products
Launch Templates
Standardize deployments across
resources
Config
Track resource inventory and changes
CloudTrail
Track user activity and API usage
CloudWatch
Monitor resources and applications
Inspector
Analyze application security
Artifact
Self-service for AWS’ compliance reports
Data
protection
Key Management Service
Manage creation and control of
encryption keys
Certificate Manager
Provision, manage, and deploy
SSL/TSL certificates
ACM Private CA
Private certificate authority
CloudHSM
Hardware-based key storage
Macie
Discover, classify, and protect data
Server-side Encryption
Flexible data encryption options
Encrypted Boot & EBS volumes
Networking and
infrastructure
Virtual Private Cloud
Isolated cloud resources
VPC Flow Logs
Elastic Load Balancing
Secure network and application load
balancing
Web Application Firewall
Filter malicious web traffic
Shield
DDoS protection
Firewall Manager
Manage WAF rules across accounts
PrivateLink
Securely access services hosted on AWS
Best security building blocks in the cloud
45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity, directory,
and access
Resource Access Manager
Share resources across
multiple accounts
Detective controls
and Management
Data
protection
Networking and
infrastructure
Best security building blocks in the cloud
46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity, directory,
and access
Resource Access Manager
Share resources across
multiple accounts
Detective controls
and Management
Data
protection
Networking and
infrastructure
Virtual Private Cloud
Isolated cloud resources
VPC Flow Logs
Best security building blocks in the cloud
47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Virtual Private Cloud (VPC) security tools
Virtual Private Cloud
Provision a logically isolated
cloud where you can launch
AWS resources into a
virtual network
VPC Endpoints
Private and secure connectivity to Amazon S3 and Amazon DynamoDB
Security
Groups & ACLs
NAT
Gateway
Flow
Logs
48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity, directory,
and access
Resource Access Manager
Share resources across
multiple accounts
Detective controls
and Management
Data
protection
Networking and
infrastructure
Virtual Private Cloud
Isolated cloud resources
VPC Flow Logs
Best security building blocks in the cloud
49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity, directory,
and access
Resource Access Manager
Share resources across
multiple accounts
Detective controls
and Management
Data
protection
Networking and
infrastructure
Virtual Private Cloud
Isolated cloud resources
VPC Flow Logs
Elastic Load Balancing
Secure network and
application load balancing
Best security building blocks in the cloud
50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Elastic Load Balancing
Distributed incoming traffic
across multiple targets
TLS offloading and user
authentication
Cost effective
Capable of handling rapid
changes in traffic
Classic Load Balancer | |
51. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Elastic Load Balancing security tools
52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity, directory,
and access
Resource Access Manager
Share resources across
multiple accounts
Detective controls
and Management
Data
protection
Networking and
infrastructure
Virtual Private Cloud
Isolated cloud resources
VPC Flow Logs
Elastic Load Balancing
Secure network and
application load balancing
Best security building blocks in the cloud
53. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Identity, directory,
and access
Resource Access Manager
Share resources across
multiple accounts
Detective controls
and Management
Data
protection
Networking and
infrastructure
Virtual Private Cloud
Isolated cloud resources
VPC Flow Logs
Elastic Load Balancing
Secure network and
application load balancing
PrivateLink
Securely access services
hosted on AWS
Best security building blocks in the cloud
54. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS PrivateLink Momentum
Share services privately
between VPCs and
on-premises networks
Secure. Scalable. Reliable.
55. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Marketplace network security partners
56. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous innovation
Superior network:
abundant, fast,
always on
57. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
World-class network performance
C1
• 1 Gbps
CC1
• 10 Gbps
C3
• Enhanced
Networking
• 20x PPS
• <100 µs
latency
C4
• EBS
optimized
by default
C5
• ENA
• 25 Gbps
• <50 µs
latency
C5n
• EFA
• 100 Gbps
• 3x PPS
58. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fastest networking in the cloud
C5n
Fastest compute for
high performance
workloads
59. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fastest networking in the cloud
P3dn
Fastest machine
learning training in
the cloud
60. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Fastest networking in the cloud
Elastic Fabric Adapter,
best for large HPC
workloads
61. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous innovation
Superior network:
abundant, fast,
always on
62. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The network should not slow
things down, but rather promote
innovation.
—David Brown
“
”
63. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Critical criteria for the cloud network
VPC Transit Gateway
Easily scale connectivity across VPCs,
accounts and on-premises networks
64. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Elastic Load Balancing security tools
AWS Transit Gateway radically evolved and simplified cloud networking. Using Transit Gateway,
we reduced the time to interconnect new VPCs and on-premise networks from weeks to
minutes while attaining consistent and more reliable network performance!
Khoder Shamy, Director, Cloud Platform and Infrastructure, Fuze
“
”
65. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPN connectionCustomer gateway Amazon VPC Amazon VPC
AWS Direct Connect Gateway
VPC peering
VPC peering VPC peering
Amazon VPC Amazon VPCVPC peering
VPN connection
VPN connection
VPC peering
Before Transit Gateway …
66. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
With Transit Gateway …
Transit
Gateway
Amazon VPCAmazon VPC
Amazon VPCAmazon VPC
Customer
gateway
VPN
connection
AWS Direct
Connect Gateway
67. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Critical criteria for the cloud network
Shared VPC
Easily share VPC networks between AWS accounts,
providing central oversight and control for
networking engineers
68. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Shared VPC
Avoid creating a single large VPC and sharing it with an entire
organization. Instead, use VPC sharing together with Transit
Gateway and AWS Private Link
69. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Critical criteria for the cloud network
70. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Making networking as simple and
dynamic as compute and storage
71. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Aviatrix Orchestration of Transit Gateway
72. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Aviatrix Transit Gateway Orchestration in action
1. Create Domains
e.g. Dev, Prod, Shared
2. Attach VPCs to TGW
Auto-configure routes
3. Attach Direct Connect
Auto-configure routes
4. Discover and attach new VPCs
Dev Domain
Prod Domain
Edge VPC
Dev VPC Dev VPC Dev VPC Prod VPC Prod VPC
Route Table
TRANSIT
GATEWAY
(TGW)
Prod VPC
Shared Services
Domain
Orchestrator for your
herd of VPCs!
ControllerAVX
AVX Gateway
Shared Services
Prod cannot reach Dev
TGW
Route
Tables
73. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Aviatrix + Transit Gateway
CloudSquad™ Service:
Concierge service to migrate
your existing third-party
transit VPC to TGW
Visibility
Workflow
Orchestration & Automation
✓ Dynamic route propagation
✓ Advanced troubleshooting
Zero-trust VPC segmentation
✓ Integrated with Route Domains
✓ Compliance reporting
Edge connectivity & Multicloud
✓ Direct Connect support
✓ Egress security
74. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Continuous innovation
Superior network:
abundant, fast,
always on
75. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
It’s critical to provide a seamless
networking experience between
on-premises networks and the AWS
cloud.
76. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hybrid connectivity solutions
77. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Route 53 Resolver
Managed DNS resolver
service from Route 53
Enables hybrid DNS
resolution over Direct
Connect and VPN
Create conditional
forwarding rules to
re-direct query traffic
78. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hybrid connectivity solutions
79. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Client VPN
80. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Hybrid connectivity solutions
AWS Outposts
Run key AWS services on AWS hardware within your
own data center.
81. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Announcing AWS Outposts
AWS Outposts
82. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How AWS Outposts works
AWS Outposts
83. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Superior network:
abundant, fast,
always on
Continuous innovation
84. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Launched since last re:Invent
Slow Start for ALB
Authentication on ALB
Redirects on ALB
Fixed Response on ALB
Network Load Balancing Support on VPC
VPC Flow Logs to S3
Network Improvements for EC2 Instances
AWS Direct Connect Jumbo Frames
Field Level Encryption for CloudFront
Error Responses from your origin on Lambda@
S3 Origin Support for Lambda@Edge
Amazon Route53 AutoNaming
Recent announcements
AWS Global Accelerator
C5n for HPC
P3dn for Machine Learning
Elastic Fabric Adapter for MPI
Transit Gateway
Shared VPC
Route 53 Resolver
Client VPN
AWS Outposts
87. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
This is our network…
144CloudFront PoPs
94Direct Connect
locations
88. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Global Network
• Redundant 100GbE network
• Redundant private capacity between all Regions except China
89. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Simple and easy to use
Application Load Balancer: rich layer 7 features
Advanced
request routing
HTTP/HTTPS (Layer 7)
Load Balancing
Latest Web
Protocols
Container
support
Rapid innovation in 2018
Multiple certificates (SNI) Authentication SupportHost-based Routing