Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Transit Gateway를 통한
Multi-VPC 아키텍처 패턴
강동환, S...
발표자료 바로 공개
발표자료는 발표 종료 후 해당
사이트에서 바로 보실 수
있습니다
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Amazon VPC 요약
AWS Region
가용영역(AZ)-2
VPC
가용영역(AZ)...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Lambda
AWS Region
가용영역(AZ)-2
VPC
가용영역(AZ)-1
...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Region
가용영역(AZ)-2
VPC
가용영역(AZ)-1
Private Sub...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS PrivateLink 지원 서비스 확장 (18+)
AWS Region
Avail...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC간의 상호 연결 – VPC Peering
VPC
10.1.0.0/16
VPC
10...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Peering
VPC VPC VPC VPC VPC
1 2 3 4
5 7
8 9
...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Peering - Limits
VPC Route Table당
Static Rou...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Sharing (MA-VPC)
VPC
10.1.0.0/16
Amazon EC2
...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Sharing - 역할
VPC 사용자 (Participant)VPC 소유자 (O...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Sharing을 사용하는 목적
IP 공간의 효율적인 사용
• VPC 마다 별도의...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Resource Access Manager (RAM)
※ Resource Acc...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Sharing 구성 예제
VPC 사용자 (Participant)의 SubnetV...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
다수의 VPC, On-Premise를 연결하기 위해
Transit VPC - AWS S...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway 발표 – re:Invent 2018
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Transit Gateway (TGW)
“수 많은 Virtual Private ...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway 핵심 기능
• 수많은 VPC를 쉽고 자유롭게 연결
• 지점...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
지금까지의 연결 형태 (VPCs, On-Premise)
Customer Gateway
...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway를 통한 새로운 연결 구조
Transit
Gateway
Am...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway 구성 요소
Attachment
Amazon VPC, VPN...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
TGW의 생성
Amazon side ASN : Direct Connect
Gateway...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
TGW Attachment
VPC
AZ-1 AZ-2 AZ-3
Transit Gatewa...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
TGW Route Table (Default)
Routing Domain 분리/격리의 ...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
TGW Association
기본 설정에 따라 모든 Attachment는 기본 Rout...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
TGW Propagation
기본 설정에 따라 모든 Attachment는 기본 Rout...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
TGW Routes
해당 Route Table에 Propagate된 Route Tabl...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Static Routes and Blackhole
Propagate 되지 않은 대상을 ...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Destination
10.3.0.0/16
Target
local
C
Transit G...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
TGW VPN 연결 구성
고객 VPN Device(CGW)에 대한 정의 및 Routin...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Site-to-Site VPN 구성
VPN Attachment를 생성하면, CGW구성을...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Site-to-Site VPN Tunnel 상태
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPN BGP 연결 상태
on_prem_vpn_router# show ip bgp
BG...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway – 라우팅 격리 (Isolation)
VPC VPC VPC...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Traffic Flow (North-South 통신)
RT1
(VPCs)
VPC-C
V...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
구성 예제 (Attachment)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
구성 예제 VPC->VPN (Associations)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
구성 예제 VPC->VPN (Propagation)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
구성 예제 VPC->VPN (Routes)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
구성 예제 VPN->VPC (Associations)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
구성 예제 VPN->VPC (Propagation)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
구성 예제 VPN->VPC (Routes)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway – NAT Gateway 통합
VPC
VPC VPC
1
A...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway - Limits
Account 당 최대 TGW
VPC당 최...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Transit Gateway - Limits
TGW당 Route
10,000
TGW 최...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Reference Architecture
Direct Connect
(지원예정)
VPC...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Next Step
• AWS Transit Gateway 살펴보기
• https://a...
여러분의 피드백을 기다립니다!
#AWSSummit 해시태그로
소셜미디어에 여러분의
행사소감을 올려주세요.
AWS Summit Seoul 2019
모바일 앱과 QR코드를 통해
강연평가 및 설문조사에
참여하시고 재미있는 기...
감사합니다!
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Nächste SlideShare
Wird geladen in …5
×

AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit Seoul 2019

1.897 Aufrufe

Veröffentlicht am

AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴
강동환 솔루션즈 아키텍트, AWS

고객의 조직, 서비스 구조에 따라 함께 늘어나는 VPC를 효과적으로 통합, 관리, 운영하기 위한 서비스와 아키텍처 패턴을 소개합니다. Peering의 한계를 넘어 VPC간 자유로운 연동을 제공하는 Transit Gateway(TGW), 조직내 다양한 Account간의 VPC 공유를 위한 Multi-Account VPC(MAVPC), 그리고 AWS 자원의 안전한 공유를 제공하기 위한 Resource Access Manager(RAM)를 활용하는 다양한 아키텍처 패턴을 살펴봅니다.

Veröffentlicht in: Technologie
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 - 강동환 솔루션즈 아키텍트, AWS :: AWS Summit Seoul 2019

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Transit Gateway를 통한 Multi-VPC 아키텍처 패턴 강동환, Solutions Architect
  2. 2. 발표자료 바로 공개 발표자료는 발표 종료 후 해당 사이트에서 바로 보실 수 있습니다 © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon VPC 요약 AWS Region 가용영역(AZ)-2 VPC 가용영역(AZ)-1 Private Subnet Private Subnet Public Subnet Public Subnet VPC CIDR 10.1.0.0/16 + Expand + IPv6
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Lambda AWS Region 가용영역(AZ)-2 VPC 가용영역(AZ)-1 Private Subnet VPC VGW VPC Peering VPC Flow Logs VPN AWS Direct Connect 인터넷 Private Subnet Public Subnet Instance A Public Subnet AWS IoTAmazon DynamoDB Amazon S3 Amazon SQS Amazon SNS VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 DXGW + Expand + IPv6 IGWVPCE 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target Intra or Inter region 10.1.0.0/16 Local 0.0.0.0/0 Instance B S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target VPC AWS PrivateLink Service Provider VPC NLB AWS PrivateLink NAT 고객 On-Premises VPC-B EIP - 10.1.0.11 : 54.23.12.43 EIP - 10.1.1.11 : 54.19.12.23 NAT-GW NAT-GW
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Region 가용영역(AZ)-2 VPC 가용영역(AZ)-1 Private Subnet Private Subnet Public Subnet Instance A Public Subnet VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 + Expand+ IPv6 10.1.0.0/16 Local 0.0.0.0/0 IGW S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target 10.1.0.0/16 Local 0.0.0.0/0 Instance B S3.prefix.list VPCE-123 On-premises VGW VPC-B PCX-123 Destination Target VPC AWS PrivateLink Service Provider VPC NLB AWS PrivateLink NAT NAT-GW NAT-GW • API Endpoints for Amazon EC2 and Elastic Load Balancing (ELB) • Amazon Kinesis Data Streams • AWS Service Catalog • Amazon EC2 Systems Manager
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS PrivateLink 지원 서비스 확장 (18+) AWS Region Availability zone 2 VPC Availability zone 1 Private subnet Private subnet Public subnet Instance A Public subnet VPC CIDR 10.1.0.0/16 10.1.0.11/24 Instance B 10.1.1.11/24 Instance C 10.1.2.11/24 Instance D 10.1.3.11/24 + Expand+ IPv6 Amazon API Gateway AWS CloudFormation Amazon CloudWatch Amazon CloudWatch Events Amazon CloudWatch Logs AWS CodeBuild AWS Config Amazon EC2 API Elastic Load Balancing API AWS Key Management Service Amazon Kinesis Data Streams Amazon SageMaker Runtime AWS Secrets Manager AWS Security Token Service AWS Service Catalog Amazon SNS AWS Systems Manager + More
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC간의 상호 연결 – VPC Peering VPC 10.1.0.0/16 VPC 10.4.0.0/16 Amazon EC2 Amazon EC2 Account Dev Account Test VPC 10.2.0.0/16 VPC 10.5.0.0/16 AWS Lambda Amazon RDS Account Prod 1 Account Prod 3 10.3.0.0/16 VPC 10.6.0.0/16 VPC Amazon EC2 Amazon Redshift Account Prod 2 Account Prod 4 VPC Peering VPC Peering VPC Peering VPC Peering
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Peering VPC VPC VPC VPC VPC 1 2 3 4 5 7 8 9 10 6 VPC-PROD-A VPC-PROD-B VPC-SHARED VPC-DEV VPC-STAGE VPN VPN VPN VPN VPN Full Mesh 구성을 위해 얼마나 많은 VPC Peering이 필요해 질까요? n(n-1) 2
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Peering - Limits VPC Route Table당 Static Route 수 100 VPC 당 최대 구성 가능한 Peering 개수 125
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Sharing (MA-VPC) VPC 10.1.0.0/16 Amazon EC2 Amazon EC2 Account Dev Account Test VPC 10.2.0.0/16 AWS Lambda Amazon RDS Account Prod 1 Account Prod 3 Amazon EC2 Amazon Redshift Account Prod 2 Account Prod 4 Owner Participant Owner Participant Participant Participant
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Sharing - 역할 VPC 사용자 (Participant)VPC 소유자 (Owner) VPC 수준의 모든 자원을 생성하고 관리 Subnet, IGW, NAT-GW, Route Table, NACL 등 Resource Access Manager(RAM)를 통해 VPC 사용자에게 공유할 Subnet을 지정 (AWS Organization) 소유자는 사용자의 자원(EC2, RDS, ELB)을 삭제 할 수 없음 조직 구조상 인프라스트럭처팀에 적합 소유자가 Resource Access Manager를 통해 사용자에게 공유한 VPC의 Subnet에 자원을 생성하고 관리 Amazon EC2, Amazon RDS 및 Elastic Load Balancer(ELB) 사용자는 소유자가 설정한 VPC내의 구성을 변경 할 수 없음 (Route Table, NACL내 Rule 등) 조직 구조상 개별 개발팀, 개별 서비스 운영팀에 적합
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Sharing을 사용하는 목적 IP 공간의 효율적인 사용 • VPC 마다 별도의 CIDR을 할당해야 하는 문제 (체계적인 할당 계획 필요) • 확장 및 연동시, VPC간 IP중복의 문제 손쉬운 상호 연결 • VPC Peering이 필요하지 않음 • 운영의 부담을 줄이고, 중복 자원을 최소화 역할과 책임의 분리 • 인프라 운영팀이 전체 VPC의 공통 자원을 관리/통제 (기존 데이터센터와 동일한 운영 모델) • 일관성 있는 보안 정책의 적용 빌링 과 보안 • 추가적인 비용이 없음 (RAM) • 동일 AZ간 데이터 전송 비용이 없음 (VPC Peering은 동일 AZ간에도 데이터 전송 요금이 발생)
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Resource Access Manager (RAM) ※ Resource Access Manager를 통해 공유 가능한 자원 (2019년 4월 현재) • Subnets (VPC) • Transit Gateways (TGW) • Route53 Resolver Rules • License Configurations
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC Sharing 구성 예제 VPC 사용자 (Participant)의 SubnetVPC 소유자 (Owner) 의 Subnet 소유자는 Resource Access Manager를 통해 Organization내의 Account에게 Subnet을 공유 사용자는 공유된 Subnet에 자원(EC2, RDS, ELB등)을 배포할 수 있음 Route Table 및 Network ACL은 소유자의 설정을 그대로 상속하며, 사용자가 변경할 수 없음
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 다수의 VPC, On-Premise를 연결하기 위해 Transit VPC - AWS Summit Seoul, 2018
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transit Gateway 발표 – re:Invent 2018
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Transit Gateway (TGW) “수 많은 Virtual Private Cloud(VPC)와 고객의 On- Premise 네트워크를 쉽고 자유롭게 연결할 수 있도록 하는 AWS Hyperplane 기반의 Regional Virtual Router”
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transit Gateway 핵심 기능 • 수많은 VPC를 쉽고 자유롭게 연결 • 지점/지사/On-Premise를 단순하게 통합 (VPN, Direct Connect Gateway) • Routing Domain을 활용한 다양한 구성 (Consolidation/Isolation)
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 지금까지의 연결 형태 (VPCs, On-Premise) Customer Gateway (VPN 백업 회선) Amazon VPC Amazon VPCAmazon VPC Amazon VPC Direct Connect Gateway (전용 회선 연결) VPN Connection VPN Connection VPN Connection VPN Connection VPC Peering VPC PeeringVPC Peering VPC Peering VPC Peering
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transit Gateway를 통한 새로운 연결 구조 Transit Gateway Amazon VPCAmazon VPC Amazon VPCAmazon VPC Amazon VPCAmazon VPC VPN Connection Direct Connect Gateway (전용회선 연결) Customer Gateway (VPN 연결)
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transit Gateway 구성 요소 Attachment Amazon VPC, VPN 연결과 TGW간의 연결을 의미 리전내 모든 가용영역(Subnet)을 지정하여 가용성과 성능을 확보 (Subnet내 ENI) 향후 Direct Connect Gateway(DX-GW) 추가 예정 (Very Soon) Association TGW는 별도의 Route Table을 운영함 (VPC Route Table과 별개) 각각의 Attachment는 반드시 하나의 TGW Route Table에 Associate(연결, 소속)되어야 함 하나의 TGW Route Table은 하나 또는 다수의 Attachment를 가질 수 있음 Propagation Route Table을 전파 BGP 및 Static Routing VPC의 CIDR는 API를 통해 동적으로 Propagation
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. TGW의 생성 Amazon side ASN : Direct Connect Gateway, VPN과 BGP 연동 시 필요한 Amazon Side의 ASN (Private ASN) VPN EMCP support : 단일 대상에 대한 다수의 VPN연결이 있는 경우, ECMP를 사용할지에 대한 구성 Default route table association : TGW에 Attach되는 VPC 또는 VPN을 Default Route Table에 포함 시킬 것인지에 대한 선택 Default route table propagation : Association된 대상(VPC, VPN, DX)을 자동으로 Default Route Table에 적용 Auto accept shared attachments : 다른 계정과 공유하는 경우(RAM), 자동 요청 수락 여부
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. TGW Attachment VPC AZ-1 AZ-2 AZ-3 Transit Gateway A 1 VPC AZ-1 AZ-2 AZ-3 B 2 AZ-1 AZ-2 AZ-3 C 3 VPC Attachment Attachment Attachment
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. TGW Route Table (Default) Routing Domain 분리/격리의 목적으로 다수의 TGW Route Table을 생성할 수 있음
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. TGW Association 기본 설정에 따라 모든 Attachment는 기본 Route Table에 Association 됨 Routing Domain분리를 위해 추가적인 TGW Route Table을 생성하여 운영할 수 있음
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. TGW Propagation 기본 설정에 따라 모든 Attachment는 기본 Route Table에 Propagation됨 다른 Route Table과 통신을 위해 상호 Propagation할 수 있음
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. TGW Routes 해당 Route Table에 Propagate된 Route Table이 반영 (VPC CIDR은 API기반, VPN은 BGP기반) Propagate 되지 않은 대상을 위해 Static Route 지정 가능
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Static Routes and Blackhole Propagate 되지 않은 대상을 위해 Static Route 지정 가능 모두 허용되는 구조에서 TGW에서 특정 네트워크의 통신을 차단(Drop) 하고자 하는 경우, Blackhole로 지정하고, 다른 모든 Route Entry를 Override 함
  35. 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Destination 10.3.0.0/16 Target local C Transit Gateway – 라우팅 통합 (Consolidation) VPC VPC VPC VPN Connection 10.21.0.0/16 10.100.0.0/16 1 Attachment 2 Attachment 3 Attachment 4 Attachment Propagation (BGP) Propagation (API) VPC A : Attachment 1 VPC B : Attachment 2 VPC C : Attachment 3 On-Prem. : VPN 4 TGW Route Table RT A 1 B 2 C 3 10.0.0.0/8 tgw-xxx 0.0.0.0/0 IGW
  36. 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  37. 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. TGW VPN 연결 구성 고객 VPN Device(CGW)에 대한 정의 및 Routing 방식을 지정
  38. 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Site-to-Site VPN 구성 VPN Attachment를 생성하면, CGW구성을 기반으로 Site-to-Site VPN 구성이 생성됨 On-Premise VPN장비의 모델에 적합한 구성을 Download하여 적용
  39. 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Site-to-Site VPN Tunnel 상태
  40. 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPN BGP 연결 상태 on_prem_vpn_router# show ip bgp BGP table version is 8, local router ID is 169.254.27.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path * 10.1.0.0/16 169.254.27.157 100 0 64512 e *> 169.254.27.1 100 0 64512 e * 10.2.0.0/16 169.254.27.1 100 0 64512 e *> 169.254.27.157 100 0 64512 e * 10.3.0.0/16 169.254.27.1 100 0 64512 e *> 169.254.27.157 100 0 64512 e *> 10.21.0.0/16 0.0.0.0 0 32768 ? *> 10.100.0.0/16 0.0.0.0 0 32768 ?
  41. 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  42. 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transit Gateway – 라우팅 격리 (Isolation) VPC VPC VPC VPN Connection 10.21.0.0/16 10.100.0.0/16 1 Attachment 2 Attachment 3 Attachment 4 Attachment Propagation (BGP) Propagation (API) A 1 B 2 C 3 TGW Route Table (s) VPC A : Attachment 1 VPC B : Attachment 2 VPC C : Attachment 3 RT1 (VPC) On-Prem. : VPN 4 RT2 (VPN) East-West 통신 차단 Destination 10.3.0.0/16 Target local C 10.0.0.0/8 tgw-xxx 0.0.0.0/0 IGW North-South통신허용
  43. 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traffic Flow (North-South 통신) RT1 (VPCs) VPC-C VPN 10.21.0.0/16 10.100.0.0/16 RT2 (VPN) VPN VPC-A VPC-B VPC-C 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 3 21 Destination 10.3.0.0/16 Target local 10.0.0.0/8 TGW 0.0.0.0/0 IGW
  44. 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 구성 예제 (Attachment)
  45. 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 구성 예제 VPC->VPN (Associations)
  46. 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 구성 예제 VPC->VPN (Propagation)
  47. 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 구성 예제 VPC->VPN (Routes)
  48. 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 구성 예제 VPN->VPC (Associations)
  49. 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 구성 예제 VPN->VPC (Propagation)
  50. 50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 구성 예제 VPN->VPC (Routes)
  51. 51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  52. 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transit Gateway – NAT Gateway 통합 VPC VPC VPC 1 Attachment 2 Attachment 3 Attachment A (Outbound) 1 B 2 C 3 NAT-GW PRIVATE SUBNET RT (VPCs) VPC-A VPC-B VPC-C VPC-A VPC-B VPC-C 10.1.0.0/16 10.2.0.0/16 10.3.0.0/16 0.0.0.0/0->VPC-A (Static Route) Destination 10.3.0.0/16 Target local 0.0.0.0/0 TGW Destination 10.1.0.0/16 Target local 10.0.0.0/8 TGW 0.0.0.0/0 NAT-GW
  53. 53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  54. 54. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transit Gateway - Limits Account 당 최대 TGW VPC당 최대 TGW 연결 5 연결(Attachment)당 최대 Bandwidth 50Gbps(Burst, per Availability Zone) VPN 연결당 최대 Bandwidth 1.25Gbps (ECMP 지원, 8 VPN Tunnel = 10Gbps) * 각 기능별 최대 한도, 성능 및 추가 기능은 최신의 AWS Web Page에서 확인해 주시기 바랍니다.
  55. 55. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transit Gateway - Limits TGW당 Route 10,000 TGW 최대 연결(Attachment) Per Region, Per Account 1,000 * 각 기능별 최대 한도, 성능 및 추가 기능은 최신의 AWS Web Page에서 확인해 주시기 바랍니다.
  56. 56. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  57. 57. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Reference Architecture Direct Connect (지원예정) VPC DEVELOPMENT Account-A Account-B Account-C Account-D VPC TEST/STAGE Account-A Account-B Account-C Account-D VPC PRODUCTION Account-A Account-B Account-C Account-D 인증 모니터링 VPC SHARED SERVICE VPC INLINE SERVICES IDS / IPS Firewall NGFW VPC OUTBOUND URL Filtering NAT Gateway DLP / Proxy VPC EDGE SERVICES WAF/ADC SD-WAN VPN/Firewall ROUTE TABLE ROUTE TABLE (VPN)
  58. 58. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Next Step • AWS Transit Gateway 살펴보기 • https://aws.amazon.com/ko/transit-gateway/ • re:Invent 2018 발표 영상 • [NEW LAUNCH!] Introducing AWS Transit Gateway (NET331) • Advanced VPC Design and New Capabilities for Amazon VPC (NET303) • [NEW LAUNCH] AWS Transit Gateway & Transit VPCs, Ref Arch for Many VPCs (NET402)
  59. 59. 여러분의 피드백을 기다립니다! #AWSSummit 해시태그로 소셜미디어에 여러분의 행사소감을 올려주세요. AWS Summit Seoul 2019 모바일 앱과 QR코드를 통해 강연평가 및 설문조사에 참여하시고 재미있는 기념품을 받아가세요. 내년 Summit을 만들 여러분의 소중한 의견 부탁 드립니다. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  60. 60. 감사합니다! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×