This document summarizes AWS networking services and capabilities presented at a State of the Union event. It discusses AWS's global network infrastructure including 210 points of presence worldwide. It highlights core networking services like CloudFront, VPC, and Direct Connect. It also summarizes new capabilities in 2019 like Transit Gateway features for multicast, inter-region peering and network management. The document emphasizes AWS's focus on innovation, global scale, performance, security, manageability and reach in building cloud-scale networks.
3. Gartner, Magic Quadrant for Cloud Infrastructure as a Service, Worldwide, Raj Bala, Bob Gill, Dennis Smith, David Wright, July 2019. ID
G00365830. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise
technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of
Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or
implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The Gartner logo is
a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved.
AWS Recognized as
a Cloud Leader for the
9th Consecutive Year
11. Stockholm
Bahrain
Cape Town Hong Kong
Milan
4 Announced Regions
The scale of cloud is the value
Jakarta
Spain
69 Availability Zones
97 Direct Connect Locations
210 Points of Presence
https://aws.amazon.com/about-aws/global-infrastructure/
Availability
Zone
Availability
Zone
Availability
Zone
Region: ap-east-1 (Hong Kong)
ap-east-1a ap-east-
1b
ap-east-1c
12. 2015 2016 2017 2018 2019
Doubled backbone capacity in the last 12 months
Global backbone growth
13. Amazon CloudFront
110 new POPs in last two years
100
POPs
2009 2017 2019
9 years 2 years
210
POPs
AWS CloudFront
Launch
14. Rovio loves using Amazon
CloudFront as it helps reduce
latencies in API usage, and with
the integration of AWS Shield
and AWS WAF we get strong
DDoS protection at the first
connection point outside our
VPC.
Mika Linnanoja
Senior Continuous Integration Engineer
Amazon CloudFront
Fast, highly secure and
programmable content
delivery network
⁄ On Prime Day 2019, Amazon
CloudFront served a peak of 18MM
requests per second
⁄ Automatically protects against
Distributed Denial of Service (DDoS)
attacks
16. Nitro Card Nitro Security Chip Nitro Hypervisor
Local NVMe storage
Elastic Block Storage
Networking, monitoring,
and security
Integrated into motherboard
Protects hardware resources
Lightweight hypervisor
Memory and CPU allocation
Bare metal-like performance
Innovation Enabled by AWS Nitro System
Modular building blocks for rapid design and delivery of EC2 instances
17.
18. There is no compression
algorithm for experience
Andrew Jassy, CEO AWS
19. Developing a
”next-gen” race car
Formula 1 has used c5n instances and EFA to
simulate the aerodynamics of cars while racing.
The CFD project used over 1,150 compute cores to
run detailed simulations comprised of more than
550 million data points that model the impact of
one car's aerodynamic wake on another.
Formula 1 was able to reduce the average run time
of simulations by 70% -- from 60 hours to 18.
“
”
20. We use AWS Global Accelerator
to ingest telemetry data onto
AWS, taking advantage of the
static IP addresses it provides,
along with traffic shifting
capabilities and many points of
presence around the globe.
Ken Gavranovic, SVP, Product Management
at New Relic
AWS Global
Accelerator
Improve global application
availability and performance
using the AWS global network
New in 2019:
/ Launched in 10 new regions in 2019
/ Client IP preservation for ALB and EC2
instances
22. Let’s say you have an internet-facing application…
⁄
⁄
⁄
⁄
Global Accelerator Direct to AWS Region via public Internet
Availability measured by clients on
internet using third-party measurement
systems
Starts in the USA… …expands to Europe… …and then adds Asia
Consistent availability with
AWS Global Accelerator
Low availability due to
public internet traffic
Less responsive application due to
public internet traffic
Consistent latency
due to AWS Global Accelerator
High latency due to
public internet traffic
Consistent latency
due to AWS Global Accelerator
Availability First Byte Latency First Byte Latency
24. Global security and compliance controls
SOC 1 SOC 2 SOC 3 CJIS
GxP MPAA
My Number
Act
VPAT
Section 508
G-Cloud
DoD SRG FERPA
SEC Rule
17a-4(f)
25. Strengthen your security posture
Over 50 global compliance
certifications &
accreditations
Benefit from AWS
industry leading security
teams 24/7, 365 days a
year
World-class network
performance
and capabilities
Security infrastructure
built to satisfy military, global
banks, and other high-sensitivity
organizations
26. Amazon VPC
Traffic Mirroring
Amazon VPC traffic mirroring
duplicates the traffic going into an
EC2 instance and shares it with
security and monitoring tools
⁄ Duplicate traffic to inspect for threats, network
troubleshooting, and performance
⁄ Only extract the traffic of interest
⁄ Extend your capabilities with third-party solutions in
AWS Marketplace
Filter 1
27. Amazon VPC
Ingress Routing
Amazon VPC ingress routing
routes inbound and outbound
traffic through third party or AWS
services
⁄ Pass all inline traffic through a single
appliance
⁄ Inline traffic inspection helps you screen
and secure your traffic before it reaches
your workload
⁄ Helps you extend your capabilities with
third-party solutions in AWS Marketplace
28. AWS PrivateLink
Highly available and scalable service
to access VPCs without using public
IPs or traversing the Internet
⁄ Keep all the traffic within the
AWS network
⁄ Create your own AWS
PrivateLink services and
grant access to other AWS
customers
⁄ 290 AWS partners supporting
PrivateLink-connected
services today in AWS
Marketplace
290PrivateLink Partners
Customer VPC
Service provider VPC
Application, e.g. SaaS
NLB
AWS
PrivateLink
39. London Region
AWS TRANSIT GATEWAY
Cross Region Peering
Branch
Office
Branch
Office
Branch
Office
VPN connection
Internet
Internet
Internet
US East Region
51. 2019 re:Invent: Networking launches
VPC Ingress Routing
Flexibility to route inbound and outbound traffic through virtual appliances,
typically for security and networking solutions
AWS Accelerated Site-to-Site VPN
High availability and improved performance of site-to-site VPN
AWS Transit Gateway Network Manager
Allows you to visualize and monitor network connectivity between AWS and on-
premises networks
AWS Transit Gateway Inter-Region Peering
Build global networks by connection transit gateways across multiple AWS
Regions
AWS Transit Gateway Multicast
With native multicast support in AWS Transit Gateway, it’s simple to build and
deploy multicast applications within AWS
53. Complete the online survey to receive
an AWS re:Invent re:Cap Hong Kong T-
shirt at the reception counter after
3:10pm.
YOUR FEEDBACK IS IMPORTANT TO US