SlideShare une entreprise Scribd logo
1  sur  94
Télécharger pour lire hors ligne
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Steve Seymour, Solutions Architect
October 2015
Deep Dive: AWS Direct
Connect and VPNs
NET406
What to Expect from the Session
The Team
• Network Engineering
• Cloud Architects
• Application Developers
• AWS Solutions Architects & Support
Amazon VPC
Availability Zone
Virtual Private Cloud
AWS Cloud
Public Subnet
Internet
Virtual Private Cloud
Availability Zone
Private Subnet
Availability Zone
VPN Only Subnet
Application Servers
Web Server Web Server
NAT
Corporate
Network
R
Database Servers
Amazon VPC
Corporate Network
Internet
ISP 2
(BGP)
FIREWALL
Internet
ISP 1
Internet
ISP 3
OSPF
Router
PublicIP
Router
BGP
Inside GRE Tunnels
Over IPSEC
FIREWALL
Internet
ISP 4
Internet
ISP 5
OSPF
.1
Wireless Controller
Backup GRE Tunnels
Router
Corporate Network
The Environment
The Environment
The Environment
CORP
The Toolbox
Virtual Private Cloud
Route Tables
Internet Gateway
Virtual Private Gateway
VPN Connection
Customer Gateway
AWS Direct Connect
The Toolbox
VPC
Route Tables
IGW
VGW
VPN
CGW
DX
Connectivity Options
AWS Hardware VPN
AWS VPN CloudHub
Software VPN
AWS Direct Connect
AWS Hardware VPN
Internet Protocol Security (IPsec) is a protocol suite for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet
of a communication session.
IPsec includes protocols for establishing mutual authentication between agents
at the beginning of the session and negotiation of cryptographic keys to be used
during the session.
Reference: Wikipedia - http://en.wikipedia.org/wiki/IPsec
VPN Connection – IPsec
Internet Protocol Security (IPsec) is a protocol suite for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet
of a communication session.
IPsec includes protocols for establishing mutual authentication between agents
at the beginning of the session and negotiation of cryptographic keys to be used
during the session.
Reference: Wikipedia - http://en.wikipedia.org/wiki/IPsec
VPN Connection – IPsec
AWS VPN Features
• Static or Dynamic (BGP)
• Static requires routes (IP Prefixes) to be specified
• Dynamic VPN supports max-prefixes of 100
• BGP over VPN supports 2-byte AS Numbers
AWS VPN Requirements
• Connections initiated from the Customer Gateway
• IKE Security Association using a Pre-Shared Key
• IPSec Security Associations in Tunnel Mode
• AES 128-bit encryption, SHA-1 hashing function
• Diffie-Hellman Perfect Forward Secrecy – Group 2
• Dead Peer Detection
• Fragment IP Packets before encryption
Static VPN
CORP
• 1 unique Security Association (SA) pair per tunnel
• 1 inbound and 1 outbound
• 2 unique pairs for 2 tunnels – 4 SA’s
10.0.0.0 /16
10.0.0.0 /16
192.168.0.0 /16
192.168.0.0 /16
10.0.0.0 /16
Static VPN
CORP
• Consolidate ACL’s to cover all IP’s
• Filter to block unwanted traffic
0.0.0.0/0 (any)
0.0.0.0/0 (any)
172.16.0.0 /12
192.168.1.0 /24
192.168.9.0 /24
192.168.1.0 /24
192.168.9.0 /24
172.16.0.0 /12
10.0.0.0 /16
Static VPN
CORP
• Consolidate ACL’s to cover all IP’s
• Filter to block unwanted traffic
10.0.0.0 /16
10.0.0.0 /16
0.0.0.0 /0
(any)
0.0.0.0 /0
(any)
10.0.0.0 /16
What is BGP ?
• TCP based protocol on port 179
• BGP Neighbors exchange routing information - prefixes
• More specific prefixes are preferred
• Uses Autonomous System Numbers – AS Numbers
• iBGP – between peers in the same AS
• eBGP – between peers in different AS
• AS_PATH – measure of network “distance”
• Local Preference – weighting of identical prefixes
Dynamic VPN
CORP
Tunnel 1
IP 169.254.169.1 /30
BGP AS 7224
Route Table
Destination Target
10.0.0.0/16 Local
172.16.0.0/16 VGW
Tunnel 2
IP 169.254.169.5 /30
BGP AS 7224
10.0.0.0 /16
Tunnel 1
IP 169.254.169.2 /30
BGP AS 65001
Tunnel 2
IP 169.254.169.6 /30
BGP AS 65001
172.16.0.0 /16
Dynamic VPN
CORP
Tunnel 1
IP 169.254.169.1 /30
BGP AS 17493
Tunnel 2
IP 169.254.169.5 /30
BGP AS 17493
10.0.0.0 /16
Tunnel 1
IP 169.254.169.2 /30
BGP AS 65001
Tunnel 2
IP 169.254.169.6 /30
BGP AS 65001
172.16.0.0 /16
• BGP Peer IP Addresses are automatically generated
• Customer AS Number – owned or private ASN
• Amazon AS Number is fixed per region
Path Selection – inside the VGW
1. Most specific IP prefix
192.168.10.0/24 over 192.168.0.0/16
2. Direct Connect (irrelevant of AS PATH length)
3. Static VPN Connection
4. Dynamic (BGP) VPN Connection
4. Shortest AS PATH
65001 i over 65001 65001 i
Resilient Dynamic VPN
CORP
iBGP
OSPF
eBGP
Resilient Dynamic VPN – Multiple VPC’s
CORP
Re-usable Customer Gateway IP
• Update to AWS VPN Solution
• Rolling out across regions
• Allows for the same Customer Gateway (CGW) IP
• Create a new VGW and VPN then attach to your VPC
Note: Only one VGW can be attached to a VPC at one time.
• Further features to be announced in the coming months
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
AWS Direct Connect
What is AWS Direct Connect…
Dedicated, private pipes into AWS
Create private (VPC) or public virtual interfaces to AWS
Reduced data-out rates (data-in still free))
Consistent network performance
At least 1 location to each AWS region
Option for redundant connections
Multiple AWS accounts can share a connection
Inter-Region enables connectivity to multiple regions in US
Uses BGP to exchange routing information over a VLAN
Direct Connect - Locations
AWS Region AWS Direct Connect Location
Asia Pacific (Singapore) Equinix SG2
Asia Pacific (Sydney) Equinix SY3
Asia Pacific (Sydney) Global Switch
Asia Pacific (Tokyo) Equinix OS1
Asia Pacific (Tokyo) Equinix TY2
China (Beijing) Sinnet JiuXianqiao IDC
China (Beijing) CIDS Jiachuang IDC
EU (Frankfurt) Equinix FR5
EU (Frankfurt) Interxion Frankfurt
EU (Ireland) Eircom Clonshaugh
EU (Ireland) TelecityGroup, London Docklands'
South America (Sao Paulo) Terremark NAP do Brasil
US East (Virginia) CoreSite NY1 & NY2
US East (Virginia) Equinix DC1 - DC6 & DC10
US West (Northern California) CoreSite One Wilshire & 900 North Alameda, CA
US West (Northern California) Equinix SV1 & SV5
US West (Oregon) Equinix SE2 & SE3
US West (Oregon) Switch SUPERNAP, Las Vegas
Layers of Direct Connect
Single Mode Fiber – 1G or 10GLayer 1 - Physical
Ethernet – 802.1Q VLANLayer 2 – Data Link
Peer & Amazon IPLayer 3 - Network
TCPLayer 4 - Transport
BGPLayer 7 - Application
“Routing of traffic”
Terminology For Physical Connections
Leased Line
Ethernet Private Line
Pseudo-wire
Point-to-point circuit
LAN Extension
MPLS / VPLS / IP-VPN / L3-VPN
Terminology For Physical Connections
Leased Line
Ethernet Private Line
Pseudo-wire
Point-to-point circuit
LAN Extension
MPLS / VPLS / IP-VPN / L3-VPN
All generally deliver an
“extension” of a port from
a Direct Connect Location
to a Customer Location}
Leased Line
Ethernet Private Line
Pseudo-wire
Point-to-point circuit
LAN Extension
MPLS / VPLS / IP-VPN / L3-VPN
Terminology For Physical Connections
A little different …}
Physical Connection
• Cross Connect at the location
• Single Mode Fiber
- 1000Base-LX or 10GBASE-LR
• Potential onward Delivery via Direct Connect Partner
• Customer Router
At the Direct Connect Location
CORP
AWS Direct
Connect
Routers
Customer
Router
Colocation
DX Location
Customer
Network
`
AWS Backbone
Network
Cross
Connect
Customer
Router
Access
Circuit
Customers Network
Backbone
Access
Circuit
Demarcation
Dedicated Port via Direct Connect Partner
CORP
AWS Direct
Connect
Routers
Colocation
DX Location
Partner Network
AWS Backbone
Network
Cross
Connect
Customer
Router
Partner
Network
Access
Circuit
Demarcation
Partner
Equipment
At the Direct Connect Location – via MPLS
CORP
AWS Direct
Connect
Routers
Partner
PE Router
Colocation
DX Location
MPLS Core
`
AWS Backbone
Network
Cross
Connect
Provider
Edge
Partner MPLS
Core
Access
Circuit to CE
Demarcation
`
`
CE Router
CE Router
Layers of Direct Connect
Direct Connect Connection
Ethernet – 802.1Q VLAN
Peer & Amazon IP
Virtual Interface
(One per VLAN)
BGP
Virtual Private Gateway
A/C 1
“Routing of traffic”
Single Mode Fiber – 1G or 10G
Public and Private Virtual Interfaces
• 802.1Q VLAN
• eBGP Session
Note: Max Prefixes on the AWS peer : 100
• Private Virtual Interface – Access to VPC
Note: Not VPC Endpoints or transitive via VPC Peering
• Public Virtual Interface – Access to non-VPC Services
Account ownership of Direct Connect
Direct Connect Connection
Ethernet – 802.1Q VLAN
Peer & Amazon IP
Hosted Virtual Interface
(One per VLAN)
BGP
Virtual Private Gateway
A/C 1
A/C 2
“Routing of traffic”
Single Mode Fiber – 1G or 10G
Sub-1G via Direct Connect Partner
Direct Connect Interconnect
Ethernet – 802.1Q VLAN
Hosted Connection
Virtual Interface
(Single)
BGP
Virtual Private Gateway
PartnerCustomer
Bandwidth VLAN
Peer & Amazon IP’s
“Routing of traffic”
Single Mode Fiber – 1G or 10G
50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps and 500Mbps
Sharing Hosted Connections
Direct Connect Interconnect
Ethernet – 802.1Q VLAN
Hosted Connection
Hosted Virtual Interface
(Single)
BGP
Virtual Private Gateway
PartnerCustomerA/C2
Bandwidth VLAN
Peer & Amazon IP’s
A/C 1
“Routing of traffic”
Single Mode Fiber – 1G or 10G
Private Virtual Interface
• Only provides access to resources in a VPC
Note: Not VPC Endpoints or transitive via VPC Peering
• Attaches to the Virtual Private Gateway
Same as a VPN Connection
• Multiple Private VIF’s can be attached for resilience
• Any IP Addresses and ASN for BGP Peering acceptable
Single Private Virtual Interface
CORP
Route Table
Destination Target Propagated
10.0.0.0/16 Local
172.16.0.0/16 VGW Yes
10.0.0.0 /16 172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 100
IP 169.254.254.9 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.10 /30
BGP AS 65001
MD5 Key
eBGP
AS65001 Announcing
172.16.0.0 /16
AS7224 Announcing
10.0.0.0 /16
Dual DX – Single Location
CORP
AWS Direct
Connect
Routers
Customer
Router
Colocation
DX Location
Service Provider
Network
`
eBGP
eBGP
Dual Private Virtual Interface
CORP
10.0.0.0 /16 172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 100
IP 169.254.254.9 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.10 /30
BGP AS 65001
MD5 Key
dxvif-aabbccdd
VLAN 100
IP 169.254.254.13 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.14 /30
BGP AS 65001
MD5 Key
eBGP
eBGP
Dual Private Virtual Interface
CORP
10.0.0.0 /16 172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 100
IP 169.254.254.9 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.10 /30
BGP AS 65001
MD5 Key
dxvif-aabbccdd
VLAN 100
IP 169.254.254.13 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.14 /30
BGP AS 65001
MD5 Key
Dual DX – Single Location revisited
CORP
AWS Direct
Connect
Routers
Customer
Router
Colocation
DX Location
Service Provider
Network
`
Dual DX – Single Location revisited
CORP
AWS Direct
Connect
Routers
Customer
Routers
Colocation
DX Location
`
Service Provider
Network
`
Single DX – Dual Location
CORP
Customer
Routers
Colocation
DX Location 1
`
Customer
Routers
Colocation
DX Location 2
`
Service Provider
Network
AWS Direct
Connect Routers
AWS Direct
Connect Routers
Dual DX – Dual Location
CORP
AWS Direct
Connect Routers
Customer
Routers
Colocation
DX Location 1
`
`
AWS Direct
Connect Routers
Customer
Routers
Colocation
DX Location 2
`
`
Service Provider
Network
Dual VIF – Active/Active
IP 169.254.254.9 /30
IP 169.254.254.13 /30
Active/Active – the VGW Perspective
IP 169.254.254.10 /30
IP 169.254.254.14 /30
Dual VIF – Active/Passive
IP 169.254.254.9 /30
IP 169.254.254.13 /30
Active/Passive – the VGW Perspective
IP 169.254.254.10 /30
IP 169.254.254.14 /30
Dual VIF – Active/Passive
IP 169.254.254.9 /30
IP 169.254.254.13 /30
Active/Passive – the VGW Perspective
IP 169.254.254.10 /30
IP 169.254.254.14 /30
Public Virtual Interface
• Provides access to Amazon Public IP Addresses
• Requires Public IP Addresses for BGP Session
If you can’t provide them, raise a case with AWS Support
• Public ASN must be owned by customer – Private is OK
• Inter-Region is available in the US
Public VIF – Inter-Region – US Only
Public VIF’s receive prefixes for all US Regions
Prefixes are identified by BGP Communities
Advertisements can be controlled via BGP Communities
Public Virtual Interface
CORP
172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 200
IP 54.239.244.57 /31
BGP AS 7224
MD5 Key
Interface gi0/0.200
VLAN 200
IP 54.239.244.56 /31
BGP AS 65001
MD5 Key
AS65001 Announcing
54.239.244.56 /31
AS7224 Announcing
184.72.96.0/19 via 7224 16509 14618 i
184.72.128.0/17 via 7224 16509 14618 i
184.73.0.0 via 7224 16509 14618 i
184.169.128.0/17 via 7224 16509 i
199.127.232.0/22 via 7224 16509 i
199.255.192.0/22 via 7224 16509 I
…...
…..
Public Virtual Interface
IP 54.239.244.57 /31
BGP AS 7224
Public Virtual Interface
IP 54.239.244.57 /31
BGP AS 7224
Ordering Process
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order sub-1G via an APN Partner
1. Provide your Direct Connect Partner with Account Number
2. Accept Hosted Connection
3. Create Virtual Interface
4. Configure Customer Router
How to order sub-1G via an APN Partner
1. Provide your Direct Connect Partner with Account Number
2. Accept Hosted Connection
3. Create Virtual Interface
4. Configure Customer Router
How to order sub-1G via an APN Partner
1. Provide your Direct Connect Partner with Account Number
2. Accept Hosted Connection
3. Create Virtual Interface
4. Configure Customer Router
How to order sub-1G via an APN Partner
1. Provide your Direct Connect Partner with Account Number
2. Accept Hosted Connection
3. Create Virtual Interface
4. Configure Customer Router
Direct Connect with VPN Backup
CORP
DX Location 1
DX Location 2
Hardware VPN over DX Public VIF
CORP
172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 200
IP 54.239.244.57 /31
BGP AS 7224
MD5 Key
Interface gi0/0.200
VLAN 200
IP 54.239.244.56 /31
BGP AS 65001
MD5 Key
Tunnel 1
IP 169.254.169.1 /30
BGP AS 17493
Tunnel 2
IP 169.254.169.5 /30
BGP AS 17493
Tunnel 1
IP 169.254.169.2 /30
BGP AS 65001
Tunnel 2
IP 169.254.169.6 /30
BGP AS 65001
Billing
• VPN Connections
Connection Hours
Data Transfer (Internet rates)
• Direct Connect
Port Hours
Reduced Data Transfer Rates
No charge for resources owned by other accounts
VPN Data Transfer over Direct Connect at reduced rate
Things to remember
All Direct Connect locations are at 3rd party data centers
You will have to work with at least one other organization
• Could be just the Data Center
• Could be a Network Provider / Direct Connect Partner
• Could be multiple Network Providers AND the Data Center
Sub-1G Hosted Connections support a single VIF
You can share VIF’s with other accounts
Public VIF’s include the Hardware VPN Endpoints
Example Implementation Plan
AWS CloudHub
AS65001
AS65002
AS65003
eBGP
Note: You can use the same Border Gateway Protocol (BGP)
Autonomous System Numbers (ASNs) for each site, or use a
unique ASN if you prefer.
Software VPN
VPN
Software VPN
VPN
VPN
AWS CloudHub and Software VPN
AS65001
AS65002
AS65003
eBGP
VPN
VPN
US-EAST-1
EU-CENTRAL-1
Summary
Connectivity via VPN – Static & Dynamic
Connectivity via AWS Direct Connect – Public & Private
CloudHub & Software VPN’s
Insight into the steps required
Thank you!
Remember to complete
your evaluations!
Related Sessions
• NET201 - Creating Your Virtual Data Center: VPC Fundamentals
and Connectivity Options
• NET301 - Next Gen Networking: New Capabilities for Amazon
Virtual Private Cloud
• NET307 - Pinterest: The Road From EC2-Classic to EC2-VPC
• NET402 - Using Route53 to Consolidate DNS Infrastructure
• NET403 - Another Day, Another Billion Packets with Amazon VPC
• NET404 - Making Every Packet Count
• NET409 - Movin’ On Up to Amazon VPC: How Twilio Migrated Its
Services from EC2-Classic to EC2-VPC

Contenu connexe

Tendances

더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
 
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019Amazon Web Services Korea
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Amazon Web Services Korea
 
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안Amazon Web Services Korea
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS OrganizationsAmazon Web Services
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018Amazon Web Services
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019Amazon Web Services Korea
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...Amazon Web Services
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 

Tendances (20)

Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
 
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
AWS를 활용한 글로벌 오피스 업무 환경 구축하기 - 류한진, 이랜드시스템스 :: AWS Summit Seoul 2019
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
 
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
AWS Summit Seoul 2023 | SK쉴더스: AWS Native Security 서비스를 활용한 경계보안
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
 
Introduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless ApplicationsIntroduction to AWS Lambda and Serverless Applications
Introduction to AWS Lambda and Serverless Applications
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
Amazon VPC VPN接続設定 参考資料
Amazon VPC VPN接続設定 参考資料Amazon VPC VPN接続設定 参考資料
Amazon VPC VPN接続設定 参考資料
 
AWS Route53
AWS Route53AWS Route53
AWS Route53
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
 
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
KINX와 함께 하는 AWS Direct Connect 도입 - 남시우 매니저, KINX :: AWS Summit Seoul 2019
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
[NEW LAUNCH!] AWS Transit Gateway and Transit VPCs - Reference Architectures ...
 
Become an AWS IAM Policy Ninja
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
AWS PrivateLink Fundamentals
AWS PrivateLink FundamentalsAWS PrivateLink Fundamentals
AWS PrivateLink Fundamentals
 

En vedette

Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013Amazon Web Services
 
AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)Amazon Web Services
 
AWS CLOUD 2017 - Enterprise is Cloud Ready. 클라우드 뉴노멀 시대에 글로벌 혁신 기업들의 클라우드 전략 ...
AWS CLOUD 2017 - Enterprise is Cloud Ready. 클라우드 뉴노멀 시대에 글로벌 혁신 기업들의 클라우드 전략 ...AWS CLOUD 2017 - Enterprise is Cloud Ready. 클라우드 뉴노멀 시대에 글로벌 혁신 기업들의 클라우드 전략 ...
AWS CLOUD 2017 - Enterprise is Cloud Ready. 클라우드 뉴노멀 시대에 글로벌 혁신 기업들의 클라우드 전략 ...Amazon Web Services Korea
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...Amazon Web Services
 
AWS CLOUD 2017 - AWS 기반 하이브리드 클라우드 환경 구성 전략 (김용우 솔루션즈 아키텍트)
AWS CLOUD 2017 - AWS 기반 하이브리드 클라우드 환경 구성 전략 (김용우 솔루션즈 아키텍트)AWS CLOUD 2017 - AWS 기반 하이브리드 클라우드 환경 구성 전략 (김용우 솔루션즈 아키텍트)
AWS CLOUD 2017 - AWS 기반 하이브리드 클라우드 환경 구성 전략 (김용우 솔루션즈 아키텍트)Amazon Web Services Korea
 
(E Book) Asp .Net Tips, Tutorials And Code
(E Book) Asp .Net Tips,  Tutorials And Code(E Book) Asp .Net Tips,  Tutorials And Code
(E Book) Asp .Net Tips, Tutorials And Codesyedjee
 
Aws direct connect webinar 29062017
Aws direct connect webinar 29062017Aws direct connect webinar 29062017
Aws direct connect webinar 29062017Krishnan K ☁
 
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Amazon Web Services
 
Public cloud 101,One individual does not hold all the keys to the kingdom. Co...
Public cloud 101,One individual does not hold all the keys to the kingdom. Co...Public cloud 101,One individual does not hold all the keys to the kingdom. Co...
Public cloud 101,One individual does not hold all the keys to the kingdom. Co...Samuel K. Itotia
 
AWS and Serverless with Alexa
AWS and Serverless with AlexaAWS and Serverless with Alexa
AWS and Serverless with AlexaRory Preddy
 
Oracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion EditionOracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion EditionMarkus Michalewicz
 
Oracle Databases on AWS - Getting the Best Out of RDS and EC2
Oracle Databases on AWS - Getting the Best Out of RDS and EC2Oracle Databases on AWS - Getting the Best Out of RDS and EC2
Oracle Databases on AWS - Getting the Best Out of RDS and EC2Maris Elsins
 
Database as a Service on the Oracle Database Appliance Platform
Database as a Service on the Oracle Database Appliance PlatformDatabase as a Service on the Oracle Database Appliance Platform
Database as a Service on the Oracle Database Appliance PlatformMaris Elsins
 
Disaster Recovery using AWS -Architecture blueprints
Disaster Recovery using AWS -Architecture blueprintsDisaster Recovery using AWS -Architecture blueprints
Disaster Recovery using AWS -Architecture blueprintsHarish Ganesan
 
AWS初心者向けWebinar AWSとのネットワーク接続入門
AWS初心者向けWebinar AWSとのネットワーク接続入門AWS初心者向けWebinar AWSとのネットワーク接続入門
AWS初心者向けWebinar AWSとのネットワーク接続入門Amazon Web Services Japan
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Brendan Gregg
 
Cloud Instances Price Comparison: AWS vs Azure vs Google vs IBM
Cloud Instances Price Comparison: AWS vs Azure vs Google vs IBMCloud Instances Price Comparison: AWS vs Azure vs Google vs IBM
Cloud Instances Price Comparison: AWS vs Azure vs Google vs IBMRightScale
 
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingMicrosoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingIlyas F ☁☁☁
 
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksEssential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksAmazon Web Services
 

En vedette (20)

Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
Cloud Architectures with AWS Direct Connect (ARC304) | AWS re:Invent 2013
 
AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)AWS 101: Cloud Computing Seminar (2012)
AWS 101: Cloud Computing Seminar (2012)
 
AWS CLOUD 2017 - Enterprise is Cloud Ready. 클라우드 뉴노멀 시대에 글로벌 혁신 기업들의 클라우드 전략 ...
AWS CLOUD 2017 - Enterprise is Cloud Ready. 클라우드 뉴노멀 시대에 글로벌 혁신 기업들의 클라우드 전략 ...AWS CLOUD 2017 - Enterprise is Cloud Ready. 클라우드 뉴노멀 시대에 글로벌 혁신 기업들의 클라우드 전략 ...
AWS CLOUD 2017 - Enterprise is Cloud Ready. 클라우드 뉴노멀 시대에 글로벌 혁신 기업들의 클라우드 전략 ...
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
 
AWS CLOUD 2017 - AWS 기반 하이브리드 클라우드 환경 구성 전략 (김용우 솔루션즈 아키텍트)
AWS CLOUD 2017 - AWS 기반 하이브리드 클라우드 환경 구성 전략 (김용우 솔루션즈 아키텍트)AWS CLOUD 2017 - AWS 기반 하이브리드 클라우드 환경 구성 전략 (김용우 솔루션즈 아키텍트)
AWS CLOUD 2017 - AWS 기반 하이브리드 클라우드 환경 구성 전략 (김용우 솔루션즈 아키텍트)
 
(E Book) Asp .Net Tips, Tutorials And Code
(E Book) Asp .Net Tips,  Tutorials And Code(E Book) Asp .Net Tips,  Tutorials And Code
(E Book) Asp .Net Tips, Tutorials And Code
 
Aws direct connect webinar 29062017
Aws direct connect webinar 29062017Aws direct connect webinar 29062017
Aws direct connect webinar 29062017
 
Cloudschool 2014
Cloudschool 2014Cloudschool 2014
Cloudschool 2014
 
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
Build Your Mobile App Faster with AWS Mobile Services (Cognito, Lambda, SNS, ...
 
Public cloud 101,One individual does not hold all the keys to the kingdom. Co...
Public cloud 101,One individual does not hold all the keys to the kingdom. Co...Public cloud 101,One individual does not hold all the keys to the kingdom. Co...
Public cloud 101,One individual does not hold all the keys to the kingdom. Co...
 
AWS and Serverless with Alexa
AWS and Serverless with AlexaAWS and Serverless with Alexa
AWS and Serverless with Alexa
 
Oracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion EditionOracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion Edition
 
Oracle Databases on AWS - Getting the Best Out of RDS and EC2
Oracle Databases on AWS - Getting the Best Out of RDS and EC2Oracle Databases on AWS - Getting the Best Out of RDS and EC2
Oracle Databases on AWS - Getting the Best Out of RDS and EC2
 
Database as a Service on the Oracle Database Appliance Platform
Database as a Service on the Oracle Database Appliance PlatformDatabase as a Service on the Oracle Database Appliance Platform
Database as a Service on the Oracle Database Appliance Platform
 
Disaster Recovery using AWS -Architecture blueprints
Disaster Recovery using AWS -Architecture blueprintsDisaster Recovery using AWS -Architecture blueprints
Disaster Recovery using AWS -Architecture blueprints
 
AWS初心者向けWebinar AWSとのネットワーク接続入門
AWS初心者向けWebinar AWSとのネットワーク接続入門AWS初心者向けWebinar AWSとのネットワーク接続入門
AWS初心者向けWebinar AWSとのネットワーク接続入門
 
Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016Broken Linux Performance Tools 2016
Broken Linux Performance Tools 2016
 
Cloud Instances Price Comparison: AWS vs Azure vs Google vs IBM
Cloud Instances Price Comparison: AWS vs Azure vs Google vs IBMCloud Instances Price Comparison: AWS vs Azure vs Google vs IBM
Cloud Instances Price Comparison: AWS vs Azure vs Google vs IBM
 
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature MappingMicrosoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
Microsoft Azure vs Amazon Web Services (AWS) Services & Feature Mapping
 
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech TalksEssential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
Essential Capabilities of an IoT Cloud Platform - AWS Online Tech Talks
 

Similaire à (NET406) Deep Dive: AWS Direct Connect and VPNs

AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAmazon Web Services
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...Amazon Web Services Korea
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載Amazon Web Services
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]Amazon Web Services
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 
Let’s get Connected_ Exploring Connectivity in your Cloud Journey
Let’s get Connected_ Exploring Connectivity in your Cloud JourneyLet’s get Connected_ Exploring Connectivity in your Cloud Journey
Let’s get Connected_ Exploring Connectivity in your Cloud JourneyAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPROIDEA
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesAmazon Web Services
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWSAmazon Web Services
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureAbou CONDE
 

Similaire à (NET406) Deep Dive: AWS Direct Connect and VPNs (20)

AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel AvivAWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
 
VPC and DX PoP @ HKG
VPC and DX PoP @ HKGVPC and DX PoP @ HKG
VPC and DX PoP @ HKG
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 
Let’s get Connected_ Exploring Connectivity in your Cloud Journey
Let’s get Connected_ Exploring Connectivity in your Cloud JourneyLet’s get Connected_ Exploring Connectivity in your Cloud Journey
Let’s get Connected_ Exploring Connectivity in your Cloud Journey
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Welcome to amazon web services setup aws vpc
Welcome to amazon web services setup aws vpcWelcome to amazon web services setup aws vpc
Welcome to amazon web services setup aws vpc
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
 
Brk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azureBrk30176 enterprise class networking in azure
Brk30176 enterprise class networking in azure
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Dernier

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 

Dernier (20)

Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 

(NET406) Deep Dive: AWS Direct Connect and VPNs

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Steve Seymour, Solutions Architect October 2015 Deep Dive: AWS Direct Connect and VPNs NET406
  • 2. What to Expect from the Session
  • 3. The Team • Network Engineering • Cloud Architects • Application Developers • AWS Solutions Architects & Support
  • 4. Amazon VPC Availability Zone Virtual Private Cloud AWS Cloud Public Subnet Internet Virtual Private Cloud Availability Zone Private Subnet Availability Zone VPN Only Subnet Application Servers Web Server Web Server NAT Corporate Network R Database Servers
  • 6. Corporate Network Internet ISP 2 (BGP) FIREWALL Internet ISP 1 Internet ISP 3 OSPF Router PublicIP Router BGP Inside GRE Tunnels Over IPSEC FIREWALL Internet ISP 4 Internet ISP 5 OSPF .1 Wireless Controller Backup GRE Tunnels Router
  • 11. The Toolbox Virtual Private Cloud Route Tables Internet Gateway Virtual Private Gateway VPN Connection Customer Gateway AWS Direct Connect
  • 13. Connectivity Options AWS Hardware VPN AWS VPN CloudHub Software VPN AWS Direct Connect
  • 15. Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Reference: Wikipedia - http://en.wikipedia.org/wiki/IPsec VPN Connection – IPsec
  • 16. Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Reference: Wikipedia - http://en.wikipedia.org/wiki/IPsec VPN Connection – IPsec
  • 17. AWS VPN Features • Static or Dynamic (BGP) • Static requires routes (IP Prefixes) to be specified • Dynamic VPN supports max-prefixes of 100 • BGP over VPN supports 2-byte AS Numbers
  • 18. AWS VPN Requirements • Connections initiated from the Customer Gateway • IKE Security Association using a Pre-Shared Key • IPSec Security Associations in Tunnel Mode • AES 128-bit encryption, SHA-1 hashing function • Diffie-Hellman Perfect Forward Secrecy – Group 2 • Dead Peer Detection • Fragment IP Packets before encryption
  • 19. Static VPN CORP • 1 unique Security Association (SA) pair per tunnel • 1 inbound and 1 outbound • 2 unique pairs for 2 tunnels – 4 SA’s 10.0.0.0 /16 10.0.0.0 /16 192.168.0.0 /16 192.168.0.0 /16 10.0.0.0 /16
  • 20. Static VPN CORP • Consolidate ACL’s to cover all IP’s • Filter to block unwanted traffic 0.0.0.0/0 (any) 0.0.0.0/0 (any) 172.16.0.0 /12 192.168.1.0 /24 192.168.9.0 /24 192.168.1.0 /24 192.168.9.0 /24 172.16.0.0 /12 10.0.0.0 /16
  • 21. Static VPN CORP • Consolidate ACL’s to cover all IP’s • Filter to block unwanted traffic 10.0.0.0 /16 10.0.0.0 /16 0.0.0.0 /0 (any) 0.0.0.0 /0 (any) 10.0.0.0 /16
  • 22. What is BGP ? • TCP based protocol on port 179 • BGP Neighbors exchange routing information - prefixes • More specific prefixes are preferred • Uses Autonomous System Numbers – AS Numbers • iBGP – between peers in the same AS • eBGP – between peers in different AS • AS_PATH – measure of network “distance” • Local Preference – weighting of identical prefixes
  • 23. Dynamic VPN CORP Tunnel 1 IP 169.254.169.1 /30 BGP AS 7224 Route Table Destination Target 10.0.0.0/16 Local 172.16.0.0/16 VGW Tunnel 2 IP 169.254.169.5 /30 BGP AS 7224 10.0.0.0 /16 Tunnel 1 IP 169.254.169.2 /30 BGP AS 65001 Tunnel 2 IP 169.254.169.6 /30 BGP AS 65001 172.16.0.0 /16
  • 24. Dynamic VPN CORP Tunnel 1 IP 169.254.169.1 /30 BGP AS 17493 Tunnel 2 IP 169.254.169.5 /30 BGP AS 17493 10.0.0.0 /16 Tunnel 1 IP 169.254.169.2 /30 BGP AS 65001 Tunnel 2 IP 169.254.169.6 /30 BGP AS 65001 172.16.0.0 /16 • BGP Peer IP Addresses are automatically generated • Customer AS Number – owned or private ASN • Amazon AS Number is fixed per region
  • 25. Path Selection – inside the VGW 1. Most specific IP prefix 192.168.10.0/24 over 192.168.0.0/16 2. Direct Connect (irrelevant of AS PATH length) 3. Static VPN Connection 4. Dynamic (BGP) VPN Connection 4. Shortest AS PATH 65001 i over 65001 65001 i
  • 27. Resilient Dynamic VPN – Multiple VPC’s CORP
  • 28. Re-usable Customer Gateway IP • Update to AWS VPN Solution • Rolling out across regions • Allows for the same Customer Gateway (CGW) IP • Create a new VGW and VPN then attach to your VPC Note: Only one VGW can be attached to a VPC at one time. • Further features to be announced in the coming months
  • 29. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 30. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 31. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 32. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 33. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 34. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 36. What is AWS Direct Connect… Dedicated, private pipes into AWS Create private (VPC) or public virtual interfaces to AWS Reduced data-out rates (data-in still free)) Consistent network performance At least 1 location to each AWS region Option for redundant connections Multiple AWS accounts can share a connection Inter-Region enables connectivity to multiple regions in US Uses BGP to exchange routing information over a VLAN
  • 37. Direct Connect - Locations AWS Region AWS Direct Connect Location Asia Pacific (Singapore) Equinix SG2 Asia Pacific (Sydney) Equinix SY3 Asia Pacific (Sydney) Global Switch Asia Pacific (Tokyo) Equinix OS1 Asia Pacific (Tokyo) Equinix TY2 China (Beijing) Sinnet JiuXianqiao IDC China (Beijing) CIDS Jiachuang IDC EU (Frankfurt) Equinix FR5 EU (Frankfurt) Interxion Frankfurt EU (Ireland) Eircom Clonshaugh EU (Ireland) TelecityGroup, London Docklands' South America (Sao Paulo) Terremark NAP do Brasil US East (Virginia) CoreSite NY1 & NY2 US East (Virginia) Equinix DC1 - DC6 & DC10 US West (Northern California) CoreSite One Wilshire & 900 North Alameda, CA US West (Northern California) Equinix SV1 & SV5 US West (Oregon) Equinix SE2 & SE3 US West (Oregon) Switch SUPERNAP, Las Vegas
  • 38. Layers of Direct Connect Single Mode Fiber – 1G or 10GLayer 1 - Physical Ethernet – 802.1Q VLANLayer 2 – Data Link Peer & Amazon IPLayer 3 - Network TCPLayer 4 - Transport BGPLayer 7 - Application “Routing of traffic”
  • 39. Terminology For Physical Connections Leased Line Ethernet Private Line Pseudo-wire Point-to-point circuit LAN Extension MPLS / VPLS / IP-VPN / L3-VPN
  • 40. Terminology For Physical Connections Leased Line Ethernet Private Line Pseudo-wire Point-to-point circuit LAN Extension MPLS / VPLS / IP-VPN / L3-VPN All generally deliver an “extension” of a port from a Direct Connect Location to a Customer Location}
  • 41. Leased Line Ethernet Private Line Pseudo-wire Point-to-point circuit LAN Extension MPLS / VPLS / IP-VPN / L3-VPN Terminology For Physical Connections A little different …}
  • 42. Physical Connection • Cross Connect at the location • Single Mode Fiber - 1000Base-LX or 10GBASE-LR • Potential onward Delivery via Direct Connect Partner • Customer Router
  • 43. At the Direct Connect Location CORP AWS Direct Connect Routers Customer Router Colocation DX Location Customer Network ` AWS Backbone Network Cross Connect Customer Router Access Circuit Customers Network Backbone Access Circuit Demarcation
  • 44. Dedicated Port via Direct Connect Partner CORP AWS Direct Connect Routers Colocation DX Location Partner Network AWS Backbone Network Cross Connect Customer Router Partner Network Access Circuit Demarcation Partner Equipment
  • 45. At the Direct Connect Location – via MPLS CORP AWS Direct Connect Routers Partner PE Router Colocation DX Location MPLS Core ` AWS Backbone Network Cross Connect Provider Edge Partner MPLS Core Access Circuit to CE Demarcation ` ` CE Router CE Router
  • 46. Layers of Direct Connect Direct Connect Connection Ethernet – 802.1Q VLAN Peer & Amazon IP Virtual Interface (One per VLAN) BGP Virtual Private Gateway A/C 1 “Routing of traffic” Single Mode Fiber – 1G or 10G
  • 47. Public and Private Virtual Interfaces • 802.1Q VLAN • eBGP Session Note: Max Prefixes on the AWS peer : 100 • Private Virtual Interface – Access to VPC Note: Not VPC Endpoints or transitive via VPC Peering • Public Virtual Interface – Access to non-VPC Services
  • 48. Account ownership of Direct Connect Direct Connect Connection Ethernet – 802.1Q VLAN Peer & Amazon IP Hosted Virtual Interface (One per VLAN) BGP Virtual Private Gateway A/C 1 A/C 2 “Routing of traffic” Single Mode Fiber – 1G or 10G
  • 49. Sub-1G via Direct Connect Partner Direct Connect Interconnect Ethernet – 802.1Q VLAN Hosted Connection Virtual Interface (Single) BGP Virtual Private Gateway PartnerCustomer Bandwidth VLAN Peer & Amazon IP’s “Routing of traffic” Single Mode Fiber – 1G or 10G 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps and 500Mbps
  • 50. Sharing Hosted Connections Direct Connect Interconnect Ethernet – 802.1Q VLAN Hosted Connection Hosted Virtual Interface (Single) BGP Virtual Private Gateway PartnerCustomerA/C2 Bandwidth VLAN Peer & Amazon IP’s A/C 1 “Routing of traffic” Single Mode Fiber – 1G or 10G
  • 51. Private Virtual Interface • Only provides access to resources in a VPC Note: Not VPC Endpoints or transitive via VPC Peering • Attaches to the Virtual Private Gateway Same as a VPN Connection • Multiple Private VIF’s can be attached for resilience • Any IP Addresses and ASN for BGP Peering acceptable
  • 52. Single Private Virtual Interface CORP Route Table Destination Target Propagated 10.0.0.0/16 Local 172.16.0.0/16 VGW Yes 10.0.0.0 /16 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 100 IP 169.254.254.9 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.10 /30 BGP AS 65001 MD5 Key eBGP AS65001 Announcing 172.16.0.0 /16 AS7224 Announcing 10.0.0.0 /16
  • 53. Dual DX – Single Location CORP AWS Direct Connect Routers Customer Router Colocation DX Location Service Provider Network `
  • 54. eBGP eBGP Dual Private Virtual Interface CORP 10.0.0.0 /16 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 100 IP 169.254.254.9 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.10 /30 BGP AS 65001 MD5 Key dxvif-aabbccdd VLAN 100 IP 169.254.254.13 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.14 /30 BGP AS 65001 MD5 Key
  • 55. eBGP eBGP Dual Private Virtual Interface CORP 10.0.0.0 /16 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 100 IP 169.254.254.9 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.10 /30 BGP AS 65001 MD5 Key dxvif-aabbccdd VLAN 100 IP 169.254.254.13 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.14 /30 BGP AS 65001 MD5 Key
  • 56. Dual DX – Single Location revisited CORP AWS Direct Connect Routers Customer Router Colocation DX Location Service Provider Network `
  • 57. Dual DX – Single Location revisited CORP AWS Direct Connect Routers Customer Routers Colocation DX Location ` Service Provider Network `
  • 58. Single DX – Dual Location CORP Customer Routers Colocation DX Location 1 ` Customer Routers Colocation DX Location 2 ` Service Provider Network AWS Direct Connect Routers AWS Direct Connect Routers
  • 59. Dual DX – Dual Location CORP AWS Direct Connect Routers Customer Routers Colocation DX Location 1 ` ` AWS Direct Connect Routers Customer Routers Colocation DX Location 2 ` ` Service Provider Network
  • 60. Dual VIF – Active/Active IP 169.254.254.9 /30 IP 169.254.254.13 /30
  • 61. Active/Active – the VGW Perspective IP 169.254.254.10 /30 IP 169.254.254.14 /30
  • 62. Dual VIF – Active/Passive IP 169.254.254.9 /30 IP 169.254.254.13 /30
  • 63. Active/Passive – the VGW Perspective IP 169.254.254.10 /30 IP 169.254.254.14 /30
  • 64. Dual VIF – Active/Passive IP 169.254.254.9 /30 IP 169.254.254.13 /30
  • 65. Active/Passive – the VGW Perspective IP 169.254.254.10 /30 IP 169.254.254.14 /30
  • 66. Public Virtual Interface • Provides access to Amazon Public IP Addresses • Requires Public IP Addresses for BGP Session If you can’t provide them, raise a case with AWS Support • Public ASN must be owned by customer – Private is OK • Inter-Region is available in the US
  • 67. Public VIF – Inter-Region – US Only Public VIF’s receive prefixes for all US Regions Prefixes are identified by BGP Communities Advertisements can be controlled via BGP Communities
  • 68. Public Virtual Interface CORP 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 200 IP 54.239.244.57 /31 BGP AS 7224 MD5 Key Interface gi0/0.200 VLAN 200 IP 54.239.244.56 /31 BGP AS 65001 MD5 Key AS65001 Announcing 54.239.244.56 /31 AS7224 Announcing 184.72.96.0/19 via 7224 16509 14618 i 184.72.128.0/17 via 7224 16509 14618 i 184.73.0.0 via 7224 16509 14618 i 184.169.128.0/17 via 7224 16509 i 199.127.232.0/22 via 7224 16509 i 199.255.192.0/22 via 7224 16509 I …... …..
  • 69. Public Virtual Interface IP 54.239.244.57 /31 BGP AS 7224
  • 70. Public Virtual Interface IP 54.239.244.57 /31 BGP AS 7224
  • 72. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 73. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 74. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 75. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 76. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 77. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 78. How to order sub-1G via an APN Partner 1. Provide your Direct Connect Partner with Account Number 2. Accept Hosted Connection 3. Create Virtual Interface 4. Configure Customer Router
  • 79. How to order sub-1G via an APN Partner 1. Provide your Direct Connect Partner with Account Number 2. Accept Hosted Connection 3. Create Virtual Interface 4. Configure Customer Router
  • 80. How to order sub-1G via an APN Partner 1. Provide your Direct Connect Partner with Account Number 2. Accept Hosted Connection 3. Create Virtual Interface 4. Configure Customer Router
  • 81. How to order sub-1G via an APN Partner 1. Provide your Direct Connect Partner with Account Number 2. Accept Hosted Connection 3. Create Virtual Interface 4. Configure Customer Router
  • 82. Direct Connect with VPN Backup CORP DX Location 1 DX Location 2
  • 83. Hardware VPN over DX Public VIF CORP 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 200 IP 54.239.244.57 /31 BGP AS 7224 MD5 Key Interface gi0/0.200 VLAN 200 IP 54.239.244.56 /31 BGP AS 65001 MD5 Key Tunnel 1 IP 169.254.169.1 /30 BGP AS 17493 Tunnel 2 IP 169.254.169.5 /30 BGP AS 17493 Tunnel 1 IP 169.254.169.2 /30 BGP AS 65001 Tunnel 2 IP 169.254.169.6 /30 BGP AS 65001
  • 84. Billing • VPN Connections Connection Hours Data Transfer (Internet rates) • Direct Connect Port Hours Reduced Data Transfer Rates No charge for resources owned by other accounts VPN Data Transfer over Direct Connect at reduced rate
  • 85. Things to remember All Direct Connect locations are at 3rd party data centers You will have to work with at least one other organization • Could be just the Data Center • Could be a Network Provider / Direct Connect Partner • Could be multiple Network Providers AND the Data Center Sub-1G Hosted Connections support a single VIF You can share VIF’s with other accounts Public VIF’s include the Hardware VPN Endpoints
  • 87. AWS CloudHub AS65001 AS65002 AS65003 eBGP Note: You can use the same Border Gateway Protocol (BGP) Autonomous System Numbers (ASNs) for each site, or use a unique ASN if you prefer.
  • 90. AWS CloudHub and Software VPN AS65001 AS65002 AS65003 eBGP VPN VPN US-EAST-1 EU-CENTRAL-1
  • 91. Summary Connectivity via VPN – Static & Dynamic Connectivity via AWS Direct Connect – Public & Private CloudHub & Software VPN’s Insight into the steps required
  • 94. Related Sessions • NET201 - Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options • NET301 - Next Gen Networking: New Capabilities for Amazon Virtual Private Cloud • NET307 - Pinterest: The Road From EC2-Classic to EC2-VPC • NET402 - Using Route53 to Consolidate DNS Infrastructure • NET403 - Another Day, Another Billion Packets with Amazon VPC • NET404 - Making Every Packet Count • NET409 - Movin’ On Up to Amazon VPC: How Twilio Migrated Its Services from EC2-Classic to EC2-VPC