SlideShare ist ein Scribd-Unternehmen logo

VPC and Datacenter Connectivity Options

Als PPTX, PDF herunterladen
john homer alvero
john homer alvero

See why you need VPC and understand various connectivity options.

Internet
1 von 21
VPC & DATACENTER CONNECTIVITY OPTIONS John Homer Alvero jhalvero@voyagerinnovation.com Service Engineering Voyager Innovations, Inc.
VOYAGER INNOVATIONS, INC. • Established in 2013 • Wholly subsidiary of Smart Communications • Drives exploration and creation of disruptive digital services • We focus on digital innovations • We are hiring. CACua@smart.com.ph
VPC
WHY VPC • Logical isolation of AWS assets (think of VLAN) • Control over IP addressing, subnets, routing, gateways • VPN Connectivity to datacenter or 3rd party networks • VPC Peering • S3 Security • NACL apart from Sec Groups • Assign private static IP to EC2 instance • New features / services are VPC-only
USES CASES • Public facing sites • Multi-tier web applications • Host scalable applications that are connected to on-prem resources • Extend on-prem network into the cloud • Disaster recovery
CONNECTIVITY OPTIONS
WHY THE CONNECTIVITY • On-prem components • HSM • MediaServers • Slowly migrating infrastructure from On-Prem to AWS • Connecting to 3rd party networks • Secure administrative access from office network • Compliance
• VPC VPN - IPSec • Direct Connect • Combination • Roll-You-Own (RYO) • VPC Peering CONNECTIVITY OPTIONS
VPC IPSEC • Cheapest, easiest and the quickest to implement • Static or Dynamic Routing (no public AS required) • Secure tunnel through public internet • Supports dual tunnel for redundancy • Supports the most common hardware VPN • Cisco, Fortinet, Juniper, Microsoft, Palo Alto, Yamaha, IIJ • Checkpoint, H3C, etc • … and software • Racoon • StrongSWAN • OpenSWAN
RACOON SCRIPT http://goo.gl/9xDn4o
DIRECT CONNECT • Consistent network performance • PH – SG ~40ms through PLDT • Private access to AWS services such as EC2, S3, VPC, etc • 1Gbps to 10Gbps, but depends on the capability of your Direct Connect Provider • Needs APN partner • SG – Equinix, Tata, Verizon, Level 3, NTT, Pacnet • Philippines – PLDT • Implementation from weeks to months 
COMBINATION DIRECT CONNECT WITH IPSEC FAIL-OVER • IPSec is cost-effective redundancy for Direct Connect • IP Routing through APN Partner • Static • AWS – force Direct Connect by propagating specific routes through BGP (10.10.10.10/32 – BGP, 10.10.10.0/24 IPSec) • IPSec – use static routing • Customer – IPSLA • Need the Direct Connect Provider to propagate for you • Dynamic • AWS – Automatic • Customer - BGP AS-PATH Prepending • You propagate your own routes
ROLL YOUR OWN • IPSec, PPTP, L2TP, SSL • OpenVPN is the easiest to implement • Sites-to-Site connectivity • Can be used Road-Warrior Style • Force routes to remote peer • Integrates with LDAP and TOTP • Requires client software • Free
VPC PEERING • Inter-VPC communication as if they are on the same VPC • Your own or 3rd Party VPC • Think of VLAN trunking • Apply routing policies on both sides • Maybe peer w another VPC in another region (future) • NACL and Sec Groups still apply • Peered VPC to IPSec/Direct Connect not supported • But can use a proxy
End. John Homer Alvero jhalvero@voyagerinnovation.com

Empfohlen

AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic concepts
Abhinav Kumar
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
ThousandEyes
 
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
Amazon Web Services
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”
Khash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit Hub
Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Khash Nakhostin
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
 

Empfohlen

AWS VPC & Networking basic concepts
AWS VPC & Networking basic conceptsAWS VPC & Networking basic concepts
AWS VPC & Networking basic concepts
Abhinav Kumar
 
How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud How ThousandEyes Helps Atlassian Operate in the Public Cloud
How ThousandEyes Helps Atlassian Operate in the Public Cloud
ThousandEyes
 
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
ARC206 Extend your Existing Data Center to the cloud with Amazon VPC - AWS re...
Amazon Web Services
 
Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”Three Innovations that Define a “Next-Generation Global Transit Hub”
Three Innovations that Define a “Next-Generation Global Transit Hub”
Khash Nakhostin
 
What You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit HubWhat You Need to Know About Operationalizing Your AWS Transit Hub
What You Need to Know About Operationalizing Your AWS Transit Hub
Khash Nakhostin
 
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t EnoughSecure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Secure Remote Access to AWS: Why OpenVPN & Jump Hosts Aren’t Enough
Khash Nakhostin
 
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Securing Your AWS Global Transit Network: Are You Asking the Right Questions?
Khash Nakhostin
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
 
An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPC
Sarah Z
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Khash Nakhostin
 
Aws VPC
Aws VPCAws VPC
Aws VPC
Abhishek Amralkar
 
Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit Network
Khash Nakhostin
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Khash Nakhostin
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes Connect
ThousandEyes
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Khash Nakhostin
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & Gateways
Khash Nakhostin
 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning Controller
Akshay Mathur
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNets
Khash Nakhostin
 
ITV& Bashton
ITV& Bashton ITV& Bashton
ITV& Bashton
Amazon Web Services
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
 
ElasticISP
ElasticISPElasticISP
ElasticISP
KHNOG
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX, Inc.
 
Container Orchestration with Traefk on Docker Swarm
Container Orchestration with Traefk on Docker SwarmContainer Orchestration with Traefk on Docker Swarm
Container Orchestration with Traefk on Docker Swarm
Jakub Hajek
 
Netflix s2e1lightningtalk
Netflix s2e1lightningtalkNetflix s2e1lightningtalk
Netflix s2e1lightningtalk
aspyker
 
AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC
Amazon Web Services
 
Networking: Recent Developments and the Road Ahead - AWS Public Sector Summit...
Networking: Recent Developments and the Road Ahead - AWS Public Sector Summit...Networking: Recent Developments and the Road Ahead - AWS Public Sector Summit...
Networking: Recent Developments and the Road Ahead - AWS Public Sector Summit...
Amazon Web Services
 
(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...
(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...
(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...
Amazon Web Services
 
Edge to Instance - AWS Networking
Edge to Instance - AWS Networking Edge to Instance - AWS Networking
Edge to Instance - AWS Networking
Amazon Web Services
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
Amazon Web Services
 
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Khash Nakhostin
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNets
Khash Nakhostin
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
Akshay Mathur
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX, Inc.
 
Netflix s2e1lightningtalk
Netflix s2e1lightningtalkNetflix s2e1lightningtalk
Netflix s2e1lightningtalk
aspyker
 

Was ist angesagt? (20)

An Introduction to Amazon VPC
An Introduction to Amazon VPCAn Introduction to Amazon VPC
An Introduction to Amazon VPC
 
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
Security Requirements and Tradeoffs for Controlling VPC-to-Internet Egress Tr...
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
Seven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit NetworkSeven Criteria for Building an AWS Global Transit Network
Seven Criteria for Building an AWS Global Transit Network
 
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In MinutesSecurely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
Securely Connecting Your Customers to Their Cloud-Hosted App – In Minutes
 
CDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes ConnectCDN Performance at eBay from Thousandeyes Connect
CDN Performance at eBay from Thousandeyes Connect
 
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and GotchasNetwork Troubleshooting in the Cloud: Tools, Techniques and Gotchas
Network Troubleshooting in the Cloud: Tools, Techniques and Gotchas
 
Getting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & GatewaysGetting the Most Value from Your Aviatrix Controller & Gateways
Getting the Most Value from Your Aviatrix Controller & Gateways
 
Kubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning ControllerKubernetes as Orchestrator for A10 Lightning Controller
Kubernetes as Orchestrator for A10 Lightning Controller
 
Five Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNetsFive Connectivity and Security Use Cases for Azure VNets
Five Connectivity and Security Use Cases for Azure VNets
 
ITV& Bashton
ITV& Bashton ITV& Bashton
ITV& Bashton
 
Techniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloudTechniques for scaling application with security and visibility in cloud
Techniques for scaling application with security and visibility in cloud
 
ElasticISP
ElasticISPElasticISP
ElasticISP
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
 
Container Orchestration with Traefk on Docker Swarm
Container Orchestration with Traefk on Docker SwarmContainer Orchestration with Traefk on Docker Swarm
Container Orchestration with Traefk on Docker Swarm
 
Netflix s2e1lightningtalk
Netflix s2e1lightningtalkNetflix s2e1lightningtalk
Netflix s2e1lightningtalk
 
AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC
 
Networking: Recent Developments and the Road Ahead - AWS Public Sector Summit...
Networking: Recent Developments and the Road Ahead - AWS Public Sector Summit...Networking: Recent Developments and the Road Ahead - AWS Public Sector Summit...
Networking: Recent Developments and the Road Ahead - AWS Public Sector Summit...
 
(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...
(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...
(ENT307) AWS Direct Connect Solutions and Network Automation | AWS re:Invent ...
 
Edge to Instance - AWS Networking
Edge to Instance - AWS Networking Edge to Instance - AWS Networking
Edge to Instance - AWS Networking
 

Ähnlich wie VPC and Datacenter Connectivity Options

High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
Amazon Web Services
 
(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy
Amazon Web Services
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azure
Abou CONDE
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
Amazon Web Services
 

Ähnlich wie VPC and Datacenter Connectivity Options (20)

Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
AWS re:Invent 2016: Advanced Tips for Amazon EC2 Networking and High Availabi...
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
Network-Ready Your Hybrid IT Environment (ENT108) | AWS re:Invent 2013
Network-Ready Your Hybrid IT Environment (ENT108) | AWS re:Invent 2013Network-Ready Your Hybrid IT Environment (ENT108) | AWS re:Invent 2013
Network-Ready Your Hybrid IT Environment (ENT108) | AWS re:Invent 2013
 
XCloudLabs- AWS Overview
XCloudLabs- AWS Overview XCloudLabs- AWS Overview
XCloudLabs- AWS Overview
 
Pitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWSPitt Immersion Day Module 3 - networking in AWS
Pitt Immersion Day Module 3 - networking in AWS
 
An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct Connect
 
(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy(NET303) Optimizing Your Cloud Architecture With Network Strategy
(NET303) Optimizing Your Cloud Architecture With Network Strategy
 
Cloud Aggregation: Smart Access to a Smarter Cloud
Cloud Aggregation: Smart Access to a Smarter CloudCloud Aggregation: Smart Access to a Smarter Cloud
Cloud Aggregation: Smart Access to a Smarter Cloud
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
 
Welcome to amazon web services setup aws vpc
Welcome to amazon web services setup aws vpcWelcome to amazon web services setup aws vpc
Welcome to amazon web services setup aws vpc
 
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPCAWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC
AWS Summit 2013 | Singapore - Extending your Datacenter with Amazon VPC
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azure
 
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both WorldsAWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
AWS Enterprise Day | Hybrid IT with AWS: Best of Both Worlds
 
Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)Amazon Virtual Private Cloud (VPC)
Amazon Virtual Private Cloud (VPC)
 
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
(SDD302) A Tale of One Thousand Instances - Migrating from Amazon EC2-Classic...
 
Multi cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architectureMulti cloud network leveraging sd-wan reference architecture
Multi cloud network leveraging sd-wan reference architecture
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 

Kürzlich hochgeladen

Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Monica Sydney
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
F
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
F
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Priya Reddy
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 

Kürzlich hochgeladen (20)

Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 

VPC and Datacenter Connectivity Options

  • 1. VPC & DATACENTER CONNECTIVITY OPTIONS John Homer Alvero jhalvero@voyagerinnovation.com Service Engineering Voyager Innovations, Inc.
  • 2. VOYAGER INNOVATIONS, INC. • Established in 2013 • Wholly subsidiary of Smart Communications • Drives exploration and creation of disruptive digital services • We focus on digital innovations • We are hiring. CACua@smart.com.ph
  • 3. VPC
  • 4. WHY VPC • Logical isolation of AWS assets (think of VLAN) • Control over IP addressing, subnets, routing, gateways • VPN Connectivity to datacenter or 3rd party networks • VPC Peering • S3 Security • NACL apart from Sec Groups • Assign private static IP to EC2 instance • New features / services are VPC-only
  • 5. USES CASES • Public facing sites • Multi-tier web applications • Host scalable applications that are connected to on-prem resources • Extend on-prem network into the cloud • Disaster recovery
  • 6.
  • 8. WHY THE CONNECTIVITY • On-prem components • HSM • MediaServers • Slowly migrating infrastructure from On-Prem to AWS • Connecting to 3rd party networks • Secure administrative access from office network • Compliance
  • 9. • VPC VPN - IPSec • Direct Connect • Combination • Roll-You-Own (RYO) • VPC Peering CONNECTIVITY OPTIONS
  • 10. VPC IPSEC • Cheapest, easiest and the quickest to implement • Static or Dynamic Routing (no public AS required) • Secure tunnel through public internet • Supports dual tunnel for redundancy • Supports the most common hardware VPN • Cisco, Fortinet, Juniper, Microsoft, Palo Alto, Yamaha, IIJ • Checkpoint, H3C, etc • … and software • Racoon • StrongSWAN • OpenSWAN
  • 12.
  • 13. DIRECT CONNECT • Consistent network performance • PH – SG ~40ms through PLDT • Private access to AWS services such as EC2, S3, VPC, etc • 1Gbps to 10Gbps, but depends on the capability of your Direct Connect Provider • Needs APN partner • SG – Equinix, Tata, Verizon, Level 3, NTT, Pacnet • Philippines – PLDT • Implementation from weeks to months 
  • 14.
  • 15. COMBINATION DIRECT CONNECT WITH IPSEC FAIL-OVER • IPSec is cost-effective redundancy for Direct Connect • IP Routing through APN Partner • Static • AWS – force Direct Connect by propagating specific routes through BGP (10.10.10.10/32 – BGP, 10.10.10.0/24 IPSec) • IPSec – use static routing • Customer – IPSLA • Need the Direct Connect Provider to propagate for you • Dynamic • AWS – Automatic • Customer - BGP AS-PATH Prepending • You propagate your own routes
  • 16.
  • 17. ROLL YOUR OWN • IPSec, PPTP, L2TP, SSL • OpenVPN is the easiest to implement • Sites-to-Site connectivity • Can be used Road-Warrior Style • Force routes to remote peer • Integrates with LDAP and TOTP • Requires client software • Free
  • 18. VPC PEERING • Inter-VPC communication as if they are on the same VPC • Your own or 3rd Party VPC • Think of VLAN trunking • Apply routing policies on both sides • Maybe peer w another VPC in another region (future) • NACL and Sec Groups still apply • Peered VPC to IPSec/Direct Connect not supported • But can use a proxy
  • 19.
  • 20.