SlideShare uma empresa Scribd logo

Networking Advanced VPC Design and New Capabilities

Amazon Web Services
Amazon Web Services

Networking Advanced VPC Design and New Capabilities 亞馬遜 AWS 於 2018 年 11 月底在美國拉斯維加斯所舉辦的第七屆 AWS re:Invent 2018 大會,在 AWS 客戶、合作夥伴、媒體人士、產業分析師及 AWS 員工共襄盛舉下,與會人數再創新高,超過 5 萬人。會中 AWS 發布超過 20 款雲端方案,且一半以上專攻雲端 AI、機器學習、物聯網,包括對 SageMaker 強化更多進階功能,推出第一款專用的機器學習推論晶片、加入深度的機器學習運算法支援,及其他包括儲存、資料庫、混合雲、邊緣運算 IoT 等解決方案。而具備微型機器學習能力的迷你自駕遙控車 DeepRacer 的現身,驚人之舉不僅抓人眼球,深入客戶體驗的用心,更成功抓住全球使用者的心。 為讓您與全球先進技術同步,共享最新趨勢資訊,解決您開發機器學習和發展 AIoT 所遇到的難題,AWS 台灣團隊將於 2019 年 1 月 31 日 (四) 舉辦《AWS re:Invent 2018 Recap 台北》,特別嚴選最適切國內諸位先進和企業需求的內容,從「技術創新」、「AIoT」兩大分組議程,發表 AWS 的新服務和新方案。大會除了邀請亞馬遜 AWS 大中華區首席雲計算企業顧問 (Principal Evangelist) 張俠博士分享 AWS 的解決方案藍圖外,眾多 AWS 資深專家也將分享包含機器學習、深度學習推理加速等新方案,完全託管的文件系統、資料庫,無伺服器、容器技術與安全性,以及大數據與分析、物聯網服務應用、儲存方案等最新技術。歡迎您親臨會場,全方位體驗 AWS 新服務將能為您創造的驚人創新之效益。

1 de 69
Baixar para ler offline
Advanced VPC Design and New Capabilities for Amazon VPC Bruce Wang, Solutions Architect
Previously, from AWS AWS Region Availability zone 2Availability zone 1 Private subnet Private subnet Public subnet Public subnet VPC CIDR 10.1.0.0/16 + Expand + IPv6
AWS Lambda Previously, from AWS AWS Region Availability zone 2Availability zone 1 Private subnet VGW VPC Peering VPC Flow Logs VPN AWS Direct Connect The Internet Private subnet Public subnet Instance A Public subnet AWS IoTAmazon DynamoDB Amazon S3 Amazon SQS Amazon SNS VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 DXGW + Expand + IPv6 IGWVPCE 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target Intra or Inter region 10.1.0.0/16 Local 0.0.0.0/0 Instance B S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target AWS PrivateLink Service Provider VPC NLB AWS PrivateLink NAT On-Premises VPC-B EIP - 10.1.0.11 : 54.23.12.43 EIP - 10.1.1.11 : 54.19.12.23 NAT-GW NAT-GW
Previously, from AWS AWS Region Availability zone 2Availability zone 1 Private subnet Private subnet Public subnet Instance A Public subnet VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 + Expand + IPv6 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target 10.1.0.0/16 Local 0.0.0.0/0 Instance B S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target AWS PrivateLink Service Provider VPC NLB AWS PrivateLink NAT NAT-GW NAT-GW • API Endpoints for Amazon EC2 and Elastic Load Balancing (ELB) • Amazon Kinesis Data Streams • AWS Service Catalog • Amazon EC2 Systems Manager
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS PrivateLink: • PrivateLink is a way to reach additional public services, privately from your Amazon Virtual Private Cloud (Amazon VPC) • Each PrivateLink is represented by a private IP from the subnet assigned • API Endpoints for Amazon EC2 and Elastic Load Balancing (ELB) • Amazon Kinesis Streams • AWS Service Catalog • Amazon EC2 Systems Manager• No Route Table update required Amazon S3 Amazon DynamoDB After: VPC Endpoints for Amazon Simple Storage Service (Amazon S3) and Amazon DynamoDB Before:
AWS Region Availability zone 2Availability zone 1 Private subnet Private subnet Public subnet Instance A Public subnet VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 + Expand + IPv6 NAT NAT-GW AmazonAPIGateway AWSCloudFormation AmazonCloudWatch AmazonCloudWatchEvents AmazonCloudWatchLogs AWSCodeBuild AWSConfig AmazonEC2API ElasticLoadBalancingAPI AWSKeyManagementService AmazonKinesisDataStreams AmazonSageMakerRuntime AWSSecretsManager AWSSecurityTokenService AWSServiceCatalog AmazonSNS AWSSystemsManager +More After: 19 services now supported over AWS PrivateLink
AWS PrivateLink (additional endpoints): https://amzn.to/2TTHxXh
Bonus: AWS PrivateLink now supports access over AWS VPN and Inter-region Peering V P N: h t t ps :// amz n.to /2Iv0U Ao I n t er - re gio n P e e r i ng: h t t ps:// am z n.to /2NB TFI0
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon VPC Sharing Before
L l a m a 10.3.0.0/16 P e g a s u s 10.2.0.0/16 B a r r y 10.1.0.0/16 I g u a n a 10.6.0.0/16 S t e v e 10.5.0.0/16 S u e 10.4.0.0/16 AWS Lambda Amazon EC2 Amazon RedshiftAmazon RDS Amazon EC2 Amazon EC2 Prod 1Dev Test Prod2 Prod 3 Prod 4
Amazon VPC Sharing After
L l a m a 10.3.0.0/16 P e g a s u s 10.2.0.0/16 B a r r y 10.1.0.0/16 I g u a n a 10.6.0.0/16 S t e v e 10.5.0.0/16 S u e 10.4.0.0/16 AWS Lambda Amazon EC2 Amazon RedshiftAmazon RDS Amazon EC2 Amazon EC2 Prod 1Dev Test Prod2 Prod 3 Prod 4
L l a m aP e g a s u s 10.2.0.0/16 B a r r y 10.1.0.0/16 I g u a n aS t e v eS u e AWS Lambda Amazon EC2 Amazon RedshiftAmazon RDS Amazon EC2 Amazon EC2 Prod 1Dev Test Prod2 Prod 3 Prod 4 Owner Participant Owner Participant Participant Participant
Amazon VPC owners are responsible for creating, managing and deleting all VPC level entities. Amazon VPC owners cannot modify or delete participant resources. Amazon VPC Owner
Participants that are in a shared Amazon VPC are responsible for the creation, management and deletion of their resources including Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Relational Database Service (Amazon RDS) databases, and load balancers. However, they cannot modify any Amazon VPC-level entities including route tables, network ACLs or subnets (Or view / modify resources belonging to other participants). Amazon VPC Participant
Why use multiple accounts?
Why use Amazon VPC sharing? P r e s erve I P s p a c e U s e f e we r I P v 4 C I DRs I n t erc onnec tiv ity N o V P C P e e r i ng r e q uired B i l l i n g a n d S e c u r i t y C o n t i n u e t o e n j o y s e g r e g a t i o n w i t h m u l t i p l e a c c o u n t s S e p a r a t i o n o f d u t i e s A c e n t r a l t e a m c a n c r e a t e a n d m a n a g e y o u r A m a z o n V P C S a m e A Z c o s t f o r d a t a t r a n s f e r i s n i l !
Amazon VPC Sharing details: https://amzn.to/2Aovw2Z
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Before
AWS Region 1 AWS Region 2
After
AWS Region 1 AWS Region 2 3.10.3.1253.10.3.125
Client StateAWS’s Global Network Static Anycast IP’s Applications can keep state, with connections routed to the same endpoint, after initial connection. Traffic routed through Accelerator traverses AWS global network (instead of the public internet). Global Accelerator uses Static IP addresses are a fixed entry point to your applications. These IP addresses are anycast from AWS edge locations
AWS Global Accelerator https://amzn.to/2FI3y89
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
On-Premises IPsec Tunnel 1 - Primary IPsec Tunnel 2- Secondary Virtual private gateway VGW IPSEC tunnel over the internet Customer gateway CGW The Internet
Before AWS Client VPN VPC VPN connections were site-to-site only
How does this change my architecture?
After AWS Client VPN AWS now supports client-to-site VPN termination with Open VPN clients through the Client VPN Endpoint
Attachment to Amazon VPC TLS based tunnel over the internet User with Open VPN Client Client VPN Endpoint Client The InternetAmazon DynamoDB Amazon S3 On-Premises
AWS Client VPN https://amzn.to/2Uru9J5
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway (TGW)
1 3 2 4 B Local A C PCX-2 D PCX-3 E PCX-4 Destination Target A B C D E PCX-1 Before: V PC Peering
Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? n(n-1) 2 VPC x 10
Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? 10(10-1) 2 VPC x 10
Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? VPC x 10 45
Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? 100(100-1) 2 VPC x 100
Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? VPC x 100 4500
Static routes per Amazon VPC route table 100 Amazon VPC Peering connections per Amazon VPC 125
B Local 0.0.0.0/0 Destination Target A B D E VGW Before: Transit V PC with IPSec I P S e c b e t w e e n V P C s ( l i m i t s a p p l y )
A B C On-Premises Before: V PN Connection per V PC I P S e c b e t w e e n V P C s ( l i m i t s a p p l y )
After: AWS Tra n sit Ga t ewa y (TGW) AWS Transit Gateway (TGW)
B Local 0.0.0.0/0 Destination Target A B TGW After: AWS Tra n sit Ga t ewa y (TGW) C TGW 1 2 3 4 TGW Route Table(s) VPC A : Attachment 1 VPC B : Attachment 2 VPC C : Attachment 3 On-prem : VPN 4 RT1 RT2 On-Premises
Attachment The connection from a Amazon VPC and VPN to a TGW Association The route table used to route packets coming from an attachment (from an Amazon VPC and VPN) Propagation The route table where the attachment’s routes are installed
Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Associations RT1 Z Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 Barry from Z Barry from Z Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via Z 10.1.0.0/16 Local 0.0.0.0/0 TGW Destination Target 10.1.0.0/16 Local 0.0.0.0/0 IGW Destination Target 10.0.0.0/8 TGW
Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Associations RT1 Z Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 Barry from Z Barry from Z Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via Z 10.8.0.0/16 10.9.0.0/16 10.8.0.0/16 via X 10.9.0.0/16 via X
Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Associations RT1 Z Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 Barry from Z Barry from Z Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via Z 10.8.0.0/16 10.9.0.0/16 10.8.0.0/16 via X 10.9.0.0/16 via X Propagation turned off, you can still statically configure routes
Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q
Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q Packet SRCLlama DSTOn-prem
Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q Packet SRCLlama DSTOn-prem
Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q Packet SRC:Barry DSTOn-prem
Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q Packet SRCBarry DSTOn-prem
Aft er: AWS Transit Gateway (TGW) – The console
Unicorn TGW This TGW is Awesome Aft er: AWS Transit Gateway (TGW) – The console
Aft er: AWS Transit Gateway (TGW) – The console
TGWs per account / TGW attachments per Amazon VPC 5 Maximum burstable bandwidth per attachment 50Gbps
Maximum bandwidth per VPN connection 1.25Gbps *With ECMP, you can distribute traffic over multiple tunnels, e.g. 8 tunnels = 10Gbps *
Routes per TGW 10,000 Number of TGW attachments per region per account 5,000
Cross region connectivity? TGW is a region-level construct today
Before TGW
Amazon VPC Peering for full mesh connectivity VPC VPC VPC A B C On-Premises I P S e c b e t w e e n V P C s ( l i m i t s a p p l y ) Instance based Transit Amazon VPC VPN Connection per Amazon VPC
After TGW Up to 5000 Amazon VPC attachments per TGW 1.25Gbps per VPN Connection with ECMP 10,000 routes per TGW Multiple TGW route tables for finer routing control 50 Gbps of bandwidth per attachment per availability zone Centralized hub for routing between Amazon VPCs and on-premises to AWS
TGW Detailed Instructions: https://amzn.to/2SkI4zV
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bruce Wang ykwang@amazon.com

Recomendados

New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadAmazon Web Services
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Amazon Web Services
 
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Amazon Web Services
 
具備高可用性和可擴展性的 Kubernetes 服務 (Amazon EKS)
具備高可用性和可擴展性的 Kubernetes 服務 (Amazon EKS)具備高可用性和可擴展性的 Kubernetes 服務 (Amazon EKS)
具備高可用性和可擴展性的 Kubernetes 服務 (Amazon EKS)Amazon Web Services
 
OTT 成功的關鍵:打造影劇品質監控儀表板 (Level: 200)
OTT 成功的關鍵:打造影劇品質監控儀表板 (Level: 200)OTT 成功的關鍵:打造影劇品質監控儀表板 (Level: 200)
OTT 成功的關鍵:打造影劇品質監控儀表板 (Level: 200)Amazon Web Services
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Amazon Web Services
 
高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)Amazon Web Services
 

Recomendados

New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadAmazon Web Services
 
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...
Advanced VPC Design and New Capabilities for Amazon VPC (NET303) - AWS re:Inv...Amazon Web Services
 
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...
Another Day in the Life of a Cloud Network Engineer at Netflix (NET312) - AWS...Amazon Web Services
 
具備高可用性和可擴展性的 Kubernetes 服務 (Amazon EKS)
具備高可用性和可擴展性的 Kubernetes 服務 (Amazon EKS)具備高可用性和可擴展性的 Kubernetes 服務 (Amazon EKS)
具備高可用性和可擴展性的 Kubernetes 服務 (Amazon EKS)Amazon Web Services
 
OTT 成功的關鍵:打造影劇品質監控儀表板 (Level: 200)
OTT 成功的關鍵:打造影劇品質監控儀表板 (Level: 200)OTT 成功的關鍵:打造影劇品質監控儀表板 (Level: 200)
OTT 成功的關鍵:打造影劇品質監控儀表板 (Level: 200)Amazon Web Services
 
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018
Amazon VPC: Security at the Speed Of Light (NET313) - AWS re:Invent 2018Amazon Web Services
 
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018
Mastering Kubernetes on AWS (CON301-R1) - AWS re:Invent 2018Amazon Web Services
 
高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)Amazon Web Services
 
以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)
以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)
以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)Amazon Web Services
 
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018Amazon Web Services
 
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...Amazon Web Services
 
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Amazon Web Services
 
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...Amazon Web Services
 
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018Amazon Web Services
 
NET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerNET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerAmazon Web Services
 
AWSome Day - Solutions Architecture Best Practices
AWSome Day - Solutions Architecture Best PracticesAWSome Day - Solutions Architecture Best Practices
AWSome Day - Solutions Architecture Best PracticesAmazon Web Services
 
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Amazon Web Services
 
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...Amazon Web Services
 
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Amazon Web Services
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
Amazon Aurora 深度探討
Amazon Aurora 深度探討Amazon Aurora 深度探討
Amazon Aurora 深度探討Amazon Web Services
 
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...Amazon Web Services
 
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)Amazon Web Services
 
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Amazon Web Services
 
Taking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksTaking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksAmazon Web Services
 
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...Amazon Web Services
 
Amazon EC2 and Amazon VPC Hands-On Workshop
Amazon EC2 and Amazon VPC Hands-On WorkshopAmazon EC2 and Amazon VPC Hands-On Workshop
Amazon EC2 and Amazon VPC Hands-On WorkshopAmazon Web Services
 
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Amazon Web Services
 
利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路Amazon Web Services
 
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)
以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)
以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)Amazon Web Services
 
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018Amazon Web Services
 
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...Amazon Web Services
 
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Amazon Web Services
 
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...Amazon Web Services
 
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018Amazon Web Services
 
NET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerNET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerAmazon Web Services
 
AWSome Day - Solutions Architecture Best Practices
AWSome Day - Solutions Architecture Best PracticesAWSome Day - Solutions Architecture Best Practices
AWSome Day - Solutions Architecture Best PracticesAmazon Web Services
 
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Amazon Web Services
 
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...Amazon Web Services
 
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Amazon Web Services
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...Amazon Web Services
 
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)Amazon Web Services
 
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Amazon Web Services
 
Taking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksTaking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksAmazon Web Services
 
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...Amazon Web Services
 
Amazon EC2 and Amazon VPC Hands-On Workshop
Amazon EC2 and Amazon VPC Hands-On WorkshopAmazon EC2 and Amazon VPC Hands-On Workshop
Amazon EC2 and Amazon VPC Hands-On WorkshopAmazon Web Services
 
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Amazon Web Services
 

Mais procurados (20)

以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)
以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)
以 Amazon EC2 Spot 執行個體有效控制專案成本 (Level: 200)
 
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018
Amazon EC2 Foundations (CMP208-R1) - AWS re:Invent 2018
 
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...
Use Monitoring, Logs, and Analytics Tools to Measure CDN and Site Performance...
 
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
Introducing AWS Transfer for SFTP, a Fully Managed SFTP Service for Amazon S3...
 
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...
Turner’s Journey to Scale Securely on a Lean Budget (SEC357-R1) - AWS re:Inve...
 
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018
Studio in the Cloud: Producing Content on AWS (MAE202) - AWS re:Invent 2018
 
NET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load BalancerNET304_Deep Dive into the New Network Load Balancer
NET304_Deep Dive into the New Network Load Balancer
 
AWSome Day - Solutions Architecture Best Practices
AWSome Day - Solutions Architecture Best PracticesAWSome Day - Solutions Architecture Best Practices
AWSome Day - Solutions Architecture Best Practices
 
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
Securing Your Virtual Data Center in the Cloud (NET202) - AWS re:Invent 2018
 
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
Discuss How to Secure Your Virtual Data Center in the Cloud (NET210-R1) - AWS...
 
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
Your Virtual Data Center: VPC Fundamentals and Connectivity Options (NET201) ...
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
 
Amazon Aurora 深度探討
Amazon Aurora 深度探討Amazon Aurora 深度探討
Amazon Aurora 深度探討
 
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
[REPEAT 1] Elastic Load Balancing: Deep Dive and Best Practices (NET404-R1) -...
 
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)
善用 GraphQL 與 AWS AppSync 讓您的 Progressive Web App (PWA) 加速進化 (Level 200)
 
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
Scaling Up to Your First 10 Million Users (ARC205-R1) - AWS re:Invent 2018
 
Taking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech TalksTaking Serverless to the Edge - AWS Online Tech Talks
Taking Serverless to the Edge - AWS Online Tech Talks
 
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
How UCSD Simplified Data Protection with Rubrik and AWS (STG207-S) - AWS re:I...
 
Amazon EC2 and Amazon VPC Hands-On Workshop
Amazon EC2 and Amazon VPC Hands-On WorkshopAmazon EC2 and Amazon VPC Hands-On Workshop
Amazon EC2 and Amazon VPC Hands-On Workshop
 
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
Best Practices for AWS PrivateLink (NET301) - AWS re:Invent 2018
 

Semelhante a Networking Advanced VPC Design and New Capabilities

利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路Amazon Web Services
 
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...Amazon Web Services
 
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
Architecting Advanced Network Security Across VPCs with AWS Transit GatewayArchitecting Advanced Network Security Across VPCs with AWS Transit Gateway
Architecting Advanced Network Security Across VPCs with AWS Transit GatewayCynthia Hsieh
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAmazon Web Services
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
 
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitAmazon Web Services
 
From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...
From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...
From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...Amazon Web Services
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitAmazon Web Services
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitAmazon Web Services
 
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Amazon Web Services
 
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...Amazon Web Services
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct ConnectAmazon Web Services
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitAmazon Web Services
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載Amazon Web Services
 
Extending Datacenters to the Cloud: Connectivity Options and Considerations f...
Extending Datacenters to the Cloud: Connectivity Options and Considerations f...Extending Datacenters to the Cloud: Connectivity Options and Considerations f...
Extending Datacenters to the Cloud: Connectivity Options and Considerations f...Amazon Web Services
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...Amazon Web Services
 
AWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAmazon Web Services
 
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014Amazon Web Services
 

Semelhante a Networking Advanced VPC Design and New Capabilities (20)

利用AWS建立企業全球化網路
利用AWS建立企業全球化網路利用AWS建立企業全球化網路
利用AWS建立企業全球化網路
 
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
AWS re:Invent 2018: [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch...
 
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
Architecting Advanced Network Security Across VPCs with AWS Transit GatewayArchitecting Advanced Network Security Across VPCs with AWS Transit Gateway
Architecting Advanced Network Security Across VPCs with AWS Transit Gateway
 
VPC and DX PoP @ HKG
VPC and DX PoP @ HKGVPC and DX PoP @ HKG
VPC and DX PoP @ HKG
 
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS SummitAWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
AWS Networking Fundamentals - SVC304 - Anaheim AWS Summit
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
 
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
 
From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...
From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...
From One to Many: Diving Deeper into Evolving VPC Design (ARC310-R2) - AWS re...
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
 
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS SummitPlanning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
Planning advanced AWS networking architectures - SVC304 - Chicago AWS Summit
 
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
Connecting Many VPCs: Network Design Patterns at Scale (ARC405) - AWS re:Inve...
 
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
DevNetOps: Automating large-scale hybrid cloud architectures - AWS Summit Cap...
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect
 
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS SummitFundamentals of AWS networking - SVC303 - Atlanta AWS Summit
Fundamentals of AWS networking - SVC303 - Atlanta AWS Summit
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
 
Extending Datacenters to the Cloud: Connectivity Options and Considerations f...
Extending Datacenters to the Cloud: Connectivity Options and Considerations f...Extending Datacenters to the Cloud: Connectivity Options and Considerations f...
Extending Datacenters to the Cloud: Connectivity Options and Considerations f...
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
 
AWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS SummitAWS networking fundamentals - SVC211 - São Paulo AWS Summit
AWS networking fundamentals - SVC211 - São Paulo AWS Summit
 
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
(ARC403) From One to Many: Evolving VPC Design | AWS re:Invent 2014
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Networking Advanced VPC Design and New Capabilities

  • 1. Advanced VPC Design and New Capabilities for Amazon VPC Bruce Wang, Solutions Architect
  • 2. Previously, from AWS AWS Region Availability zone 2Availability zone 1 Private subnet Private subnet Public subnet Public subnet VPC CIDR 10.1.0.0/16 + Expand + IPv6
  • 3. AWS Lambda Previously, from AWS AWS Region Availability zone 2Availability zone 1 Private subnet VGW VPC Peering VPC Flow Logs VPN AWS Direct Connect The Internet Private subnet Public subnet Instance A Public subnet AWS IoTAmazon DynamoDB Amazon S3 Amazon SQS Amazon SNS VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 DXGW + Expand + IPv6 IGWVPCE 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target Intra or Inter region 10.1.0.0/16 Local 0.0.0.0/0 Instance B S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target AWS PrivateLink Service Provider VPC NLB AWS PrivateLink NAT On-Premises VPC-B EIP - 10.1.0.11 : 54.23.12.43 EIP - 10.1.1.11 : 54.19.12.23 NAT-GW NAT-GW
  • 4. Previously, from AWS AWS Region Availability zone 2Availability zone 1 Private subnet Private subnet Public subnet Instance A Public subnet VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 + Expand + IPv6 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target 10.1.0.0/16 Local 0.0.0.0/0 Instance B S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target AWS PrivateLink Service Provider VPC NLB AWS PrivateLink NAT NAT-GW NAT-GW • API Endpoints for Amazon EC2 and Elastic Load Balancing (ELB) • Amazon Kinesis Data Streams • AWS Service Catalog • Amazon EC2 Systems Manager
  • 5.
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 7. AWS PrivateLink: • PrivateLink is a way to reach additional public services, privately from your Amazon Virtual Private Cloud (Amazon VPC) • Each PrivateLink is represented by a private IP from the subnet assigned • API Endpoints for Amazon EC2 and Elastic Load Balancing (ELB) • Amazon Kinesis Streams • AWS Service Catalog • Amazon EC2 Systems Manager• No Route Table update required Amazon S3 Amazon DynamoDB After: VPC Endpoints for Amazon Simple Storage Service (Amazon S3) and Amazon DynamoDB Before:
  • 8. AWS Region Availability zone 2Availability zone 1 Private subnet Private subnet Public subnet Instance A Public subnet VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 + Expand + IPv6 NAT NAT-GW AmazonAPIGateway AWSCloudFormation AmazonCloudWatch AmazonCloudWatchEvents AmazonCloudWatchLogs AWSCodeBuild AWSConfig AmazonEC2API ElasticLoadBalancingAPI AWSKeyManagementService AmazonKinesisDataStreams AmazonSageMakerRuntime AWSSecretsManager AWSSecurityTokenService AWSServiceCatalog AmazonSNS AWSSystemsManager +More After: 19 services now supported over AWS PrivateLink
  • 9. AWS PrivateLink (additional endpoints): https://amzn.to/2TTHxXh
  • 10. Bonus: AWS PrivateLink now supports access over AWS VPN and Inter-region Peering V P N: h t t ps :// amz n.to /2Iv0U Ao I n t er - re gio n P e e r i ng: h t t ps:// am z n.to /2NB TFI0
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 13. L l a m a 10.3.0.0/16 P e g a s u s 10.2.0.0/16 B a r r y 10.1.0.0/16 I g u a n a 10.6.0.0/16 S t e v e 10.5.0.0/16 S u e 10.4.0.0/16 AWS Lambda Amazon EC2 Amazon RedshiftAmazon RDS Amazon EC2 Amazon EC2 Prod 1Dev Test Prod2 Prod 3 Prod 4
  • 15. L l a m a 10.3.0.0/16 P e g a s u s 10.2.0.0/16 B a r r y 10.1.0.0/16 I g u a n a 10.6.0.0/16 S t e v e 10.5.0.0/16 S u e 10.4.0.0/16 AWS Lambda Amazon EC2 Amazon RedshiftAmazon RDS Amazon EC2 Amazon EC2 Prod 1Dev Test Prod2 Prod 3 Prod 4
  • 16. L l a m aP e g a s u s 10.2.0.0/16 B a r r y 10.1.0.0/16 I g u a n aS t e v eS u e AWS Lambda Amazon EC2 Amazon RedshiftAmazon RDS Amazon EC2 Amazon EC2 Prod 1Dev Test Prod2 Prod 3 Prod 4 Owner Participant Owner Participant Participant Participant
  • 17. Amazon VPC owners are responsible for creating, managing and deleting all VPC level entities. Amazon VPC owners cannot modify or delete participant resources. Amazon VPC Owner
  • 18. Participants that are in a shared Amazon VPC are responsible for the creation, management and deletion of their resources including Amazon Elastic Compute Cloud (Amazon EC2) instances, Amazon Relational Database Service (Amazon RDS) databases, and load balancers. However, they cannot modify any Amazon VPC-level entities including route tables, network ACLs or subnets (Or view / modify resources belonging to other participants). Amazon VPC Participant
  • 19. Why use multiple accounts?
  • 20. Why use Amazon VPC sharing? P r e s erve I P s p a c e U s e f e we r I P v 4 C I DRs I n t erc onnec tiv ity N o V P C P e e r i ng r e q uired B i l l i n g a n d S e c u r i t y C o n t i n u e t o e n j o y s e g r e g a t i o n w i t h m u l t i p l e a c c o u n t s S e p a r a t i o n o f d u t i e s A c e n t r a l t e a m c a n c r e a t e a n d m a n a g e y o u r A m a z o n V P C S a m e A Z c o s t f o r d a t a t r a n s f e r i s n i l !
  • 21. Amazon VPC Sharing details: https://amzn.to/2Aovw2Z
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 24. AWS Region 1 AWS Region 2
  • 25. After
  • 26. AWS Region 1 AWS Region 2 3.10.3.1253.10.3.125
  • 27. Client StateAWS’s Global Network Static Anycast IP’s Applications can keep state, with connections routed to the same endpoint, after initial connection. Traffic routed through Accelerator traverses AWS global network (instead of the public internet). Global Accelerator uses Static IP addresses are a fixed entry point to your applications. These IP addresses are anycast from AWS edge locations
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 30. On-Premises IPsec Tunnel 1 - Primary IPsec Tunnel 2- Secondary Virtual private gateway VGW IPSEC tunnel over the internet Customer gateway CGW The Internet
  • 31. Before AWS Client VPN VPC VPN connections were site-to-site only
  • 32. How does this change my architecture?
  • 33. After AWS Client VPN AWS now supports client-to-site VPN termination with Open VPN clients through the Client VPN Endpoint
  • 34. Attachment to Amazon VPC TLS based tunnel over the internet User with Open VPN Client Client VPN Endpoint Client The InternetAmazon DynamoDB Amazon S3 On-Premises
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 38. 1 3 2 4 B Local A C PCX-2 D PCX-3 E PCX-4 Destination Target A B C D E PCX-1 Before: V PC Peering
  • 39. Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? n(n-1) 2 VPC x 10
  • 40. Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? 10(10-1) 2 VPC x 10
  • 41. Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? VPC x 10 45
  • 42. Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? 100(100-1) 2 VPC x 100
  • 43. Full mesh: How many Amazon VPC Peering connections do I need (full mesh)? VPC x 100 4500
  • 44. Static routes per Amazon VPC route table 100 Amazon VPC Peering connections per Amazon VPC 125
  • 45. B Local 0.0.0.0/0 Destination Target A B D E VGW Before: Transit V PC with IPSec I P S e c b e t w e e n V P C s ( l i m i t s a p p l y )
  • 46. A B C On-Premises Before: V PN Connection per V PC I P S e c b e t w e e n V P C s ( l i m i t s a p p l y )
  • 47. After: AWS Tra n sit Ga t ewa y (TGW) AWS Transit Gateway (TGW)
  • 48. B Local 0.0.0.0/0 Destination Target A B TGW After: AWS Tra n sit Ga t ewa y (TGW) C TGW 1 2 3 4 TGW Route Table(s) VPC A : Attachment 1 VPC B : Attachment 2 VPC C : Attachment 3 On-prem : VPN 4 RT1 RT2 On-Premises
  • 49. Attachment The connection from a Amazon VPC and VPN to a TGW Association The route table used to route packets coming from an attachment (from an Amazon VPC and VPN) Propagation The route table where the attachment’s routes are installed
  • 50. Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Associations RT1 Z Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 Barry from Z Barry from Z Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via Z 10.1.0.0/16 Local 0.0.0.0/0 TGW Destination Target 10.1.0.0/16 Local 0.0.0.0/0 IGW Destination Target 10.0.0.0/8 TGW
  • 51. Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Associations RT1 Z Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 Barry from Z Barry from Z Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via Z 10.8.0.0/16 10.9.0.0/16 10.8.0.0/16 via X 10.9.0.0/16 via X
  • 52. Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Associations RT1 Z Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 Barry from Z Barry from Z Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via Z 10.8.0.0/16 10.9.0.0/16 10.8.0.0/16 via X 10.9.0.0/16 via X Propagation turned off, you can still statically configure routes
  • 53. Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q
  • 54. Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q Packet SRCLlama DSTOn-prem
  • 55. Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q Packet SRCLlama DSTOn-prem
  • 56. Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q Packet SRC:Barry DSTOn-prem
  • 57. Llama After: AWS Tra n sit Ga t ewa y (TGW) TGW X Y TGW Route Table(s) Z 10.1.0.0/16 Pegasus 10.2.0.0/16 Barry 10.3.0.0/16 O n - P r e m i s e s Q RT1 RT2 RT3 Associations RT1 Propagations Pegasus from Y Llama from X Pegasus from Y Llama from X On-prem from Q Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 172.16.0.0/16 via Q Associations RT2 Propagations On-prem fromQ Barry from ZBarry from Z Routes 172.16.0.0/16 via Q 10.3.0.0/16 via Z Associations RT3 Propagations On-prem from Q Llama from X On-prem from Q Pegasus from Y Routes 10.2.0.0/16 via Y 10.1.0.0/16 via X 10.3.0.0/16 via ZBarry from Z 172.16.0.0/16 172.16.0.0/16 via Q Packet SRCBarry DSTOn-prem
  • 58. Aft er: AWS Transit Gateway (TGW) – The console
  • 59. Unicorn TGW This TGW is Awesome Aft er: AWS Transit Gateway (TGW) – The console
  • 60. Aft er: AWS Transit Gateway (TGW) – The console
  • 61. TGWs per account / TGW attachments per Amazon VPC 5 Maximum burstable bandwidth per attachment 50Gbps
  • 62. Maximum bandwidth per VPN connection 1.25Gbps *With ECMP, you can distribute traffic over multiple tunnels, e.g. 8 tunnels = 10Gbps *
  • 63. Routes per TGW 10,000 Number of TGW attachments per region per account 5,000
  • 64. Cross region connectivity? TGW is a region-level construct today
  • 66. Amazon VPC Peering for full mesh connectivity VPC VPC VPC A B C On-Premises I P S e c b e t w e e n V P C s ( l i m i t s a p p l y ) Instance based Transit Amazon VPC VPN Connection per Amazon VPC
  • 67. After TGW Up to 5000 Amazon VPC attachments per TGW 1.25Gbps per VPN Connection with ECMP 10,000 routes per TGW Multiple TGW route tables for finer routing control 50 Gbps of bandwidth per attachment per availability zone Centralized hub for routing between Amazon VPCs and on-premises to AWS
  • 69. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bruce Wang ykwang@amazon.com