SlideShare una empresa de Scribd logo

Zero to Hero for Network Admins on AWS

Wilson Rogerio Lopes
Wilson Rogerio Lopes

The document discusses AWS network infrastructure including regions, availability zones, VPCs, subnets, internet gateways, NAT gateways, transit gateways, and direct connect. It explains how to set up redundant direct connect connections between an on-premises network and AWS for high availability. It also discusses using BGP, route tables, and other techniques to optimize routing and connectivity. Links are provided to documentation on transit gateway route tables and gateway load balancers.

Tecnología
1 de 27
Descargar para leer sin conexión
Classificação: Interna Zero to Hero for Network Admins on AWS Wilson Lopes 01/2023 https://www.linkedin.com/in/wrlopes/
Classificação: Interna AWS Cloud Network Infrastructure Regions and Availability Zones Regions . Geographic segregated infrastructures around the globe – services, network, compute, storage . Services generally are high available and isolated into the region . Regions are connected using private cloud network infrasctructure https://aws.amazon.com/pt/about- aws/global-infrastructure/regions_az
Classificação: Interna AWS Cloud Network Infrastructure Regions and Availability Zones Availabilty Zones - AZs . One or more Datacenter into the region – Segregated Facilities, Energy, Cooling . Segregated network and compute services into the region . To became high available, services must be deployed in more than one AZ . For example, a service behind a load balancer using 3 AZs, with frontend, backend and database between the 3 AZs AZ 1 AZ 3 AZ 2 LB VPC LB FE BE Subnet 1 FE Subnet 2 FE Subnet 3 FE Subnet 1 BE Subnet 2 BE Subnet 3 BE
Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud AZ 1A AZ 1C AZ 1B VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Subnet 1A Subnet 1B Subnet 1C VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 Region – Sao Paulo - SA-EAST-1
Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A
Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud IGW VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress . Regional Resource. AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A
Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud IGW VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress . Regional Resource. AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A PUB Route Table 10.0.0.0/20 – Local 0.0.0.0/0 – IGW
Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress. Regional Resource. . NatGW – Nat Gateway – connect “Private Subnets” to internet – egress Only. AZ Resource. NatGW AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A IGW
Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress. Regional Resource. . NatGW – Nat Gateway – connect “Private Subnets” to internet – egress Only. AZ Resource – 1 NatGW per AZ, 1 Route Table Priv per AZ. NatGW AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A IGW PRIV 1C Route Table 10.0.0.0/20 – Local 0.0.0.0/0 – NatGW NatGW AZ 1C PRIV 1B Route Table 10.0.0.0/20 – Local 0.0.0.0/0 – NatGW NatGW AZ 1C PRIV 1A Route Table 10.0.0.0/20 – Local 0.0.0.0/0 – NatGW
Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud VPC AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table PRIV Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A IGW PRIV Route Table PRIV Route Table NatGW NatGW NatGW . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress. Regional Resource. . NatGW – Nat Gateway – connect “Private Subnets” to internet – egress Only. AZ Resource – 1 NatGW per AZ, 1 Route Table Priv per AZ. . VGW – Virtual Private Gateway – connect to external networks via VPN or Direct Connect – should connect only “Private Subnets”. BGP and static routes. VGW
Classificação: Interna AWS Cloud Network Infrastructure Terraform – Infra as a Code https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest
Classificação: Interna AWS Cloud Network Infrastructure AWS Direct Connect + AWS Transit Gateway https://docs.aws.amazon.com/pt_br/whitepapers/latest/aws-vpc-connectivity-options/aws- direct-connect-aws-transit-gateway.html
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX DX Cloud Network
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway . Interconnection Hub . Per region resource . Direct connect and VPN support . Route received from direct connect are prefered . Static and dynamic bgp routing . Limits – 10k static routes, 1k dynamic routes On Premises Datacenter Direct Connect Gateway Transit Gateway DX DX Cloud Network
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway . Interconnection Hub . Per region resource . Direct connect and VPN support . Route received from direct connect are prefered . Static and dynamic bgp routing . Limits – 10k static routes, 1k dynamic routes On Premises Datacenter Direct Connect Gateway Transit Gateway Direct Connect Gateway . Global resource . Attached to transit gateway or virtual private gateway DX DX Cloud Network
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway . Interconnection Hub . Per region resource . Direct connect and VPN support . Route received from direct connect are prefered . Static and dynamic bgp routing . Limits – 10k static routes, 1k dynamic routes On Premises Datacenter Direct Connect Gateway Transit Gateway Direct Connect Gateway . Global resource . Attached to transit gateway or virtual private gateway Direct Connect Locations - DX . Physical location of cloud facility . Connections can be dedicated or hosted by partners DX DX Cloud Network
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 Connection A Telecom A Direct Connect – Private Connections . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection Connection B Telecom B Cloud Network
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 Direct Connect – Private Connections . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile Cloud Network X
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 Direct Connect – Private Connections . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile Cloud Network
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 Direct Connect – Private Connections . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections Cloud Network
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 BGP . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections . BGP – Dynamic routing and convergence . Can use private ASN or your own OnPrem - 10.64.0.0/24 Cloud – 10.0.0.0/20 BGP OnPrem - 10.64.0.0/24 Cloud – 10.0.0.0/20 Direct Connect – Private Connections Cloud Network
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections . BGP – Dynamic routing and convergence . Can use private ASN or your own . Cloud provider use ECMP for same route metric . Active/Standby path can be implemented using AS Prepend and Local Preference . There are short limits of advertised routes . Summarization is mandatory to scale Direct Connect – Private Connections Cloud Network Out – AS Prepend 65000 65000 65000 IN – LP 90 active standby
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 BGP BFD . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections . BGP – Dynamic routing and convergence . Can use private ASN or your own . Cloud provider use ECMP for same route metric . Active/Standby path can be implemented using AS Prepend and Local Preference . There are short limits of advertised routes . Summarization is mandatory to scale . BFD – Minimize the convergence time to miliseconds Direct Connect – Private Connections Cloud Network BGP BFD
Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections . BGP – Dynamic routing and convergence . Can use private ASN or your own . Cloud provider use ECMP for same route metric . Active/Standby path can be implemented using AS Prepend and Local Preference . There are short limits of advertised routes . Summarization is mandatory to scale . BFD – Minimize the convergence time to miliseconds . LACP – aggregate links and high availability per DX location Direct Connect – Private Connections Cloud Network BGP BFD LACP BGP BFD LACP
Classificação: Interna AWS Cloud Network Infrastructure AWS Transit Gateway – Route Tables https://aws.amazon.com/pt/blogs/architecture/field-notes-working-with-route-tables-in-aws- transit-gateway/
Classificação: Interna AWS Cloud Network Infrastructure AWS Gateway Load Balancer https://aws.amazon.com/pt/blogs/aws/introducing-aws-gateway-load-balancer-easy- deployment-scalability-and-high-availability-for-partner-appliances/ https://aws.amazon.com/pt/blogs/networking-and-content-delivery/scaling-network-traffic- inspection-using-aws-gateway-load-balancer/
Classificação: Interna AWS Cloud Network Infrastructure AWS VPC Endpoints https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/what-are-vpc-endpoints.html

Recomendados

AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS Riyadh User Group
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
Zvika Gazit
 
AWS Network Topology/Architecture
AWS Network Topology/ArchitectureAWS Network Topology/Architecture
AWS Network Topology/Architecture
wlscaudill
 
Amazon virtual private cloud (VPC)
Amazon virtual private cloud (VPC)Amazon virtual private cloud (VPC)
Amazon virtual private cloud (VPC)
Piyush Jalan
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic concepts
Abhinav Kumar
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
Amazon Web Services
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
Amazon Web Services Korea
 

Recomendados

AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver VankerAWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS reinvent 2019 recap - Riyadh - Network and Security - Anver Vanker
AWS Riyadh User Group
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
Zvika Gazit
 
AWS Network Topology/Architecture
AWS Network Topology/ArchitectureAWS Network Topology/Architecture
AWS Network Topology/Architecture
wlscaudill
 
Amazon virtual private cloud (VPC)
Amazon virtual private cloud (VPC)Amazon virtual private cloud (VPC)
Amazon virtual private cloud (VPC)
Piyush Jalan
 
AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic concepts
Abhinav Kumar
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
Amazon Web Services
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
Amazon Web Services Korea
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
Amazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
Gary Silverman
 
Lamp 3-tier Architecture on Aws-Cloud Description
Lamp 3-tier Architecture on Aws-Cloud Description Lamp 3-tier Architecture on Aws-Cloud Description
Lamp 3-tier Architecture on Aws-Cloud Description
roshanmcse
 
Aws infra-lamp
Aws infra-lampAws infra-lamp
Aws infra-lamp
roshanmcse
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
Amazon Web Services
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
Amazon Web Services
 
Firewalling a Service Mesh with WebAssembly.pdf
Firewalling a Service Mesh with WebAssembly.pdfFirewalling a Service Mesh with WebAssembly.pdf
Firewalling a Service Mesh with WebAssembly.pdf
micharaeck
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
Amazon Web Services
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
Amazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Amazon Web Services
 
Netforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebayNetforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebay
Aliasgar Ginwala
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
Amazon Web Services
 
AWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- WebinarAWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- Webinar
Amazon Web Services LATAM
 
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
Amazon Web Services
 
Virtual private cloud fundamentals
Virtual private cloud fundamentalsVirtual private cloud fundamentals
Virtual private cloud fundamentals
Sai Viswanath
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep dive
ShapeBlue
 
Windsor AWS UG Virtual Private Cloud
Windsor AWS UG Virtual Private CloudWindsor AWS UG Virtual Private Cloud
Windsor AWS UG Virtual Private Cloud
Goran Karmisevic
 
利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路
Amazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
Amazon Web Services
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13
Chiradeep Vittal
 
DNS na AWS - Zero To Hero using Route 53
DNS na AWS - Zero To Hero using Route 53DNS na AWS - Zero To Hero using Route 53
DNS na AWS - Zero To Hero using Route 53
Wilson Rogerio Lopes
 
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Wilson Rogerio Lopes
 

Más contenido relacionado

Similar a Zero to Hero for Network Admins on AWS

(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
Amazon Web Services
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
Amazon Web Services
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
Amazon Web Services
 
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
Amazon Web Services
 
Windsor AWS UG Virtual Private Cloud
Windsor AWS UG Virtual Private CloudWindsor AWS UG Virtual Private Cloud
Windsor AWS UG Virtual Private Cloud
Goran Karmisevic
 
利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路
Amazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
Amazon Web Services
 

Similar a Zero to Hero for Network Admins on AWS (20)

(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
Lamp 3-tier Architecture on Aws-Cloud Description
Lamp 3-tier Architecture on Aws-Cloud Description Lamp 3-tier Architecture on Aws-Cloud Description
Lamp 3-tier Architecture on Aws-Cloud Description
 
Aws infra-lamp
Aws infra-lampAws infra-lamp
Aws infra-lamp
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
Firewalling a Service Mesh with WebAssembly.pdf
Firewalling a Service Mesh with WebAssembly.pdfFirewalling a Service Mesh with WebAssembly.pdf
Firewalling a Service Mesh with WebAssembly.pdf
 
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
(ARC401) Black-Belt Networking for the Cloud Ninja | AWS re:Invent 2014
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
 
Netforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebayNetforce: extending neutron to support routed networks at scale in ebay
Netforce: extending neutron to support routed networks at scale in ebay
 
(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
 
AWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- WebinarAWS VPC Fundamentals- Webinar
AWS VPC Fundamentals- Webinar
 
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
 
Virtual private cloud fundamentals
Virtual private cloud fundamentalsVirtual private cloud fundamentals
Virtual private cloud fundamentals
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveCloud stack networking shapeblue technical deep dive
Cloud stack networking shapeblue technical deep dive
 
Windsor AWS UG Virtual Private Cloud
Windsor AWS UG Virtual Private CloudWindsor AWS UG Virtual Private Cloud
Windsor AWS UG Virtual Private Cloud
 
利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
 
CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13CloudStack Networking Deepdive CCCEU13
CloudStack Networking Deepdive CCCEU13
 

Más de Wilson Rogerio Lopes

Ataques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e EvoluçãoAtaques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e Evolução
Wilson Rogerio Lopes
 
DNSSEC -Provisioning and Automatization using Bind
DNSSEC -Provisioning and Automatization using BindDNSSEC -Provisioning and Automatization using Bind
DNSSEC -Provisioning and Automatization using Bind
Wilson Rogerio Lopes
 

Más de Wilson Rogerio Lopes (10)

DNS na AWS - Zero To Hero using Route 53
DNS na AWS - Zero To Hero using Route 53DNS na AWS - Zero To Hero using Route 53
DNS na AWS - Zero To Hero using Route 53
 
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
Uso do MacSec (802.1ae) em complemento ao 802.1x em redes corporativas - Cont...
 
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and MitigationDDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
 
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
Cisco TrustSec - Software Defined Segmentation e sua aplicabilidade em Segura...
 
Ataques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e EvoluçãoAtaques DDoS - Panorama, Mitigação e Evolução
Ataques DDoS - Panorama, Mitigação e Evolução
 
Implementação do DNSSEC no iG
Implementação do DNSSEC no iGImplementação do DNSSEC no iG
Implementação do DNSSEC no iG
 
DNSSEC -Provisioning and Automatization using Bind
DNSSEC -Provisioning and Automatization using BindDNSSEC -Provisioning and Automatization using Bind
DNSSEC -Provisioning and Automatization using Bind
 
BGP Traffic Engineering on IXP
BGP Traffic Engineering on IXPBGP Traffic Engineering on IXP
BGP Traffic Engineering on IXP
 
DNS,DNSSEC and Best Practices
DNS,DNSSEC and Best PracticesDNS,DNSSEC and Best Practices
DNS,DNSSEC and Best Practices
 
Palestra sobre DNS apresentada no 3 PTT Forum
Palestra sobre DNS apresentada no 3 PTT ForumPalestra sobre DNS apresentada no 3 PTT Forum
Palestra sobre DNS apresentada no 3 PTT Forum
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

Zero to Hero for Network Admins on AWS

  • 1. Classificação: Interna Zero to Hero for Network Admins on AWS Wilson Lopes 01/2023 https://www.linkedin.com/in/wrlopes/
  • 2. Classificação: Interna AWS Cloud Network Infrastructure Regions and Availability Zones Regions . Geographic segregated infrastructures around the globe – services, network, compute, storage . Services generally are high available and isolated into the region . Regions are connected using private cloud network infrasctructure https://aws.amazon.com/pt/about- aws/global-infrastructure/regions_az
  • 3. Classificação: Interna AWS Cloud Network Infrastructure Regions and Availability Zones Availabilty Zones - AZs . One or more Datacenter into the region – Segregated Facilities, Energy, Cooling . Segregated network and compute services into the region . To became high available, services must be deployed in more than one AZ . For example, a service behind a load balancer using 3 AZs, with frontend, backend and database between the 3 AZs AZ 1 AZ 3 AZ 2 LB VPC LB FE BE Subnet 1 FE Subnet 2 FE Subnet 3 FE Subnet 1 BE Subnet 2 BE Subnet 3 BE
  • 4. Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud AZ 1A AZ 1C AZ 1B VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Subnet 1A Subnet 1B Subnet 1C VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 Region – Sao Paulo - SA-EAST-1
  • 5. Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A
  • 6. Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud IGW VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress . Regional Resource. AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A
  • 7. Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud IGW VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress . Regional Resource. AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A PUB Route Table 10.0.0.0/20 – Local 0.0.0.0/0 – IGW
  • 8. Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress. Regional Resource. . NatGW – Nat Gateway – connect “Private Subnets” to internet – egress Only. AZ Resource. NatGW AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A IGW
  • 9. Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud VPC . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress. Regional Resource. . NatGW – Nat Gateway – connect “Private Subnets” to internet – egress Only. AZ Resource – 1 NatGW per AZ, 1 Route Table Priv per AZ. NatGW AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table Private Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A IGW PRIV 1C Route Table 10.0.0.0/20 – Local 0.0.0.0/0 – NatGW NatGW AZ 1C PRIV 1B Route Table 10.0.0.0/20 – Local 0.0.0.0/0 – NatGW NatGW AZ 1C PRIV 1A Route Table 10.0.0.0/20 – Local 0.0.0.0/0 – NatGW
  • 10. Classificação: Interna AWS Cloud Network Infrastructure VPC – Virtual Private Cloud VPC AZ 1 AZ 1C AZ 1B Subnet 1A PUB Subnet 1B PUB Subnet 1C PUB Subnet 1A PRIV Subnet 1B PRIV Subnet 1C PRIV Public Route Table PRIV Route Table VPC – 10.0.0.0/20 - 2001:db8:1234:1a00::/56 Region – Sao Paulo - SA-EAST-1 AZ 1A IGW PRIV Route Table PRIV Route Table NatGW NatGW NatGW . Isolated virtual network into the region . Segregated in subnets. Subnets are per AZ . Ipv4/Ipv6/Ipv6 only . Bring your own ip – public ipv4 and ipv6 . Route tables – Each subnet can use different route tables . IGW – Internet Gateway – connect “Public Subnets” to internet – ingress/egress. Regional Resource. . NatGW – Nat Gateway – connect “Private Subnets” to internet – egress Only. AZ Resource – 1 NatGW per AZ, 1 Route Table Priv per AZ. . VGW – Virtual Private Gateway – connect to external networks via VPN or Direct Connect – should connect only “Private Subnets”. BGP and static routes. VGW
  • 11. Classificação: Interna AWS Cloud Network Infrastructure Terraform – Infra as a Code https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws/latest
  • 12. Classificação: Interna AWS Cloud Network Infrastructure AWS Direct Connect + AWS Transit Gateway https://docs.aws.amazon.com/pt_br/whitepapers/latest/aws-vpc-connectivity-options/aws- direct-connect-aws-transit-gateway.html
  • 13. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX DX Cloud Network
  • 14. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway . Interconnection Hub . Per region resource . Direct connect and VPN support . Route received from direct connect are prefered . Static and dynamic bgp routing . Limits – 10k static routes, 1k dynamic routes On Premises Datacenter Direct Connect Gateway Transit Gateway DX DX Cloud Network
  • 15. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway . Interconnection Hub . Per region resource . Direct connect and VPN support . Route received from direct connect are prefered . Static and dynamic bgp routing . Limits – 10k static routes, 1k dynamic routes On Premises Datacenter Direct Connect Gateway Transit Gateway Direct Connect Gateway . Global resource . Attached to transit gateway or virtual private gateway DX DX Cloud Network
  • 16. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway . Interconnection Hub . Per region resource . Direct connect and VPN support . Route received from direct connect are prefered . Static and dynamic bgp routing . Limits – 10k static routes, 1k dynamic routes On Premises Datacenter Direct Connect Gateway Transit Gateway Direct Connect Gateway . Global resource . Attached to transit gateway or virtual private gateway Direct Connect Locations - DX . Physical location of cloud facility . Connections can be dedicated or hosted by partners DX DX Cloud Network
  • 17. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 Connection A Telecom A Direct Connect – Private Connections . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection Connection B Telecom B Cloud Network
  • 18. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 Direct Connect – Private Connections . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile Cloud Network X
  • 19. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 Direct Connect – Private Connections . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile Cloud Network
  • 20. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 Direct Connect – Private Connections . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections Cloud Network
  • 21. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 BGP . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections . BGP – Dynamic routing and convergence . Can use private ASN or your own OnPrem - 10.64.0.0/24 Cloud – 10.0.0.0/20 BGP OnPrem - 10.64.0.0/24 Cloud – 10.0.0.0/20 Direct Connect – Private Connections Cloud Network
  • 22. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections . BGP – Dynamic routing and convergence . Can use private ASN or your own . Cloud provider use ECMP for same route metric . Active/Standby path can be implemented using AS Prepend and Local Preference . There are short limits of advertised routes . Summarization is mandatory to scale Direct Connect – Private Connections Cloud Network Out – AS Prepend 65000 65000 65000 IN – LP 90 active standby
  • 23. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 BGP BFD . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections . BGP – Dynamic routing and convergence . Can use private ASN or your own . Cloud provider use ECMP for same route metric . Active/Standby path can be implemented using AS Prepend and Local Preference . There are short limits of advertised routes . Summarization is mandatory to scale . BFD – Minimize the convergence time to miliseconds Direct Connect – Private Connections Cloud Network BGP BFD
  • 24. Classificação: Interna AWS Cloud Network Infrastructure Transit Gateway On Premises Datacenter Direct Connect Gateway DX 2 DX 1 . To improve high availability, connect to at least two different direct connect locations . Use different telecom operators per connection . Analyze the physical path of each connection to not use same facility/last mile . 1/10/100Gbps for dedicated connections . Lower than 1Gbps for hosted connections . BGP – Dynamic routing and convergence . Can use private ASN or your own . Cloud provider use ECMP for same route metric . Active/Standby path can be implemented using AS Prepend and Local Preference . There are short limits of advertised routes . Summarization is mandatory to scale . BFD – Minimize the convergence time to miliseconds . LACP – aggregate links and high availability per DX location Direct Connect – Private Connections Cloud Network BGP BFD LACP BGP BFD LACP
  • 25. Classificação: Interna AWS Cloud Network Infrastructure AWS Transit Gateway – Route Tables https://aws.amazon.com/pt/blogs/architecture/field-notes-working-with-route-tables-in-aws- transit-gateway/
  • 26. Classificação: Interna AWS Cloud Network Infrastructure AWS Gateway Load Balancer https://aws.amazon.com/pt/blogs/aws/introducing-aws-gateway-load-balancer-easy- deployment-scalability-and-high-availability-for-partner-appliances/ https://aws.amazon.com/pt/blogs/networking-and-content-delivery/scaling-network-traffic- inspection-using-aws-gateway-load-balancer/
  • 27. Classificação: Interna AWS Cloud Network Infrastructure AWS VPC Endpoints https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/what-are-vpc-endpoints.html