Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Summit 2016
•Download as PPTX, PDF•
5 likes•2,686 views
This session provides attendees with approaches to their VPC, including creating and protecting subnets, routing, performing VPC peering, and leveraging the latest features in Amazon VPC. Additionally, we'll discuss Amazon Route 53 for delivering traffic.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (8)
Similar to Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Summit 2016
Similar to Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Summit 2016 (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Recently uploaded
Recently uploaded (20)
Advanced Approaches to Amazon VPC and Amazon Route 53 | AWS Public Sector Summit 2016
- 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Mike Kuentz, Solutions Architect June 21, 2016 Advanced Approaches to Amazon VPC and Amazon Route 53
- 2. Agenda • Amazon VPC concepts • Basic VPC setup • Environments with multiple VPCs • Amazon Route 53 concepts • Basic Route 53 setup • Using VPC and Route 53 together
- 4. AWS global infrastructure AWS Region Edge location 12 AWS Regions 33 Availability Zones 55 edge locations
- 5. VPC
- 6. Data center 10.50.2.4 10.50.2.36 10.50.2.68 10.50.1.4 10.50.1.20 10.50.1.20 10.50.0.0/16
- 7. Amazon EC2 Classic 10.141.9.8 10.2.200.36 10.20.20.60 10.16.22.33 10.1.2.3 10.218.1.20
- 9. Amazon VPC Availability Zone A 10.200.0.0/16 10.200.0.0/16
- 10. Amazon VPC Availability Zone A Availability Zone B 10.200.0.0/16 Availability Zone A Availability Zone C Availability Zone B Availability Zone C
- 11. Amazon VPC Availability Zone A Availability Zone B 10.200.0.0/16 Availability Zone A Availability Zone C 10.200.2.0/27 10.200.1.0/28 Availability Zone B 10.200.1.16/28 Availability Zone C 10.200.1.32/28 10.200.2.32/27 10.200.2.64/27
- 12. Amazon VPC Availability Zone A Availability Zone B 10.200.0.0/16 Availability Zone A Availability Zone C 10.200.2.0/27 10.200.1.0/28 Availability Zone B 10.200.1.16/28 Availability Zone C 10.200.1.32/28 10.200.2.32/27 10.200.2.64/27 10.200.2.4 10.200.2.36 10.200.2.68 10.200.1.4 10.200.1.20 10.200.1.36
- 13. Amazon VPC Availability Zone A Availability Zone B 10.200.0.0/16 Availability Zone A Availability Zone C 10.200.2.0/27 10.200.1.0/28 Availability Zone B 10.200.1.16/28 Availability Zone C 10.200.1.32/28 10.200.2.32/27 10.200.2.64/27 10.200.2.4 10.200.2.36 10.200.2.68 10.200.1.4 10.200.1.20 10.200.1.36
- 14. Route tables in a VPC Availability Zone A Availability Zone B 10.200.0.0/16 Availability Zone A Availability Zone C 10.200.2.0/27 10.200.1.0/28 Availability Zone B 10.200.1.16/28 Availability Zone C 10.200.1.32/28 10.200.2.32/27 10.200.2.64/27 10.200.2.4 10.200.2.36 10.200.2.68 10.200.1.4 10.200.1.20 10.200.1.36
- 15. Security groups in a VPC Availability Zone A Availability Zone B 10.200.0.0/16 Availability Zone A Availability Zone C 10.200.2.0/27 10.200.1.0/28 Availability Zone B 10.200.1.16/28 Availability Zone C 10.200.1.32/28 10.200.2.32/27 10.200.2.64/27 10.200.2.4 10.200.2.36 10.200.2.68 10.200.1.4 10.200.1.20 10.200.1.36 security group
- 16. Internet gateway with a VPC Availability Zone A Availability Zone B 10.200.0.0/16 Availability Zone A Availability Zone C 10.200.2.0/27 10.200.1.0/28 Availability Zone B 10.200.1.16/28 Availability Zone C 10.200.1.32/28 10.200.2.32/27 10.200.2.64/27 10.200.2.4 10.200.2.36 10.200.2.68 10.200.1.4 10.200.1.20 10.200.1.36 security group
- 17. VPC peering
- 18. VPC VPN
- 19. AWS Direct Connect AWS Direct Connect location Private fiber connection One or multiple 50–500 Mbps, 1 Gbps or 10 Gbps connections
- 20. VPN and Direct Connect • Secure connection to you network • Pair of IPSec tunnels over the internet • Dedicated line • Lower latency and lower per GB data transfer rates • Failover between each
- 21. Amazon VPC Availability Zone A Availability Zone B 10.200.0.0/16 Availability Zone A Availability Zone C 10.200.2.0/27 10.200.1.0/28 Availability Zone B 10.200.1.16/28 Availability Zone C 10.200.1.32/28 10.200.2.32/27 10.200.2.64/27 10.200.2.4 10.200.2.36 10.200.2.68 10.200.1.4 10.200.1.20 10.200.1.36
- 23. AWS Command Line Interface (AWS CLI) [ec2-user@nebulous ~]$ aws ec2 create-vpc --cidr-block 10.200.0.0/16 { "Vpc": { "VpcId": "vpc-ef33f888", "InstanceTenancy": "default", "State": "pending", "DhcpOptionsId": "dopt-1a504c78", "CidrBlock": "10.200.0.0/16", "IsDefault": false } } [ec2-user@nebulous ~]$ aws ec2 create-subnet --vpc-id vpc-ef33f888 --cidr-block 10.200.1.0/28 -- availability-zone us-east-1a { "Subnet": { "VpcId": "vpc-ef33f888", "CidrBlock": "10.200.1.0/28", "State": "pending", "AvailabilityZone": "us-east-1a", "SubnetId": "subnet-822d55da", "AvailableIpAddressCount": 11 } }
- 24. AWS SDKs var params = { CidrBlock: ’10.200.0.0/16, /* required */ DryRun: false, InstanceTenancy: 'default' }; ec2.createVpc(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response }); var params = { CidrBlock: ‘10.200.1.0/28', /* required */ VpcId: ' vpc-ef33f888 ', /* required */ AvailabilityZone: ‘us-east-1a', DryRun: false }; ec2.createSubnet(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
- 25. AWS CloudFormation { "AWSTemplateFormatVersion" : "2010-09-09", "Description" : "AWS CloudFormation Template VPC for VPC Talk", "Resources" : { "VPC" : { "Type" : "AWS::EC2::VPC", "Properties" : { "CidrBlock" : "10.200.0.0/16", "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ] } }, "Subnet" : { "Type" : "AWS::EC2::Subnet", "Properties" : { "VpcId" : { "Ref" : "VPC" }, "CidrBlock" : "10.200.1.0/28", "Tags" : [ {"Key" : "Application", "Value" : { "Ref" : "AWS::StackId"} } ] } },
- 26. AWS Regions 12 AWS Regions 33 Availability Zones
- 27. AWS CloudFormation & AWS CLI [ec2-user@nebulous ~]$ aws ec2 describe-regions | grep "RegionName" | awk '{print $2}' | xargs -I '{}' sh -c "aws cloudformation create-stack --template-url https://s3.amazonaws.com/mlk-cfn- templates/webserver.template --stack-name vpcr53talk --region '{}' || true"
- 29. Amazon Route 53
- 30. Route 53 overview • Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service • Distributed globally • Integrates with other AWS services • Can be used for on-premises and hybrid setups • Simple to use
- 31. Route 53 features • Latency based routing • Geo DNS • Weighted round robin • DNS failover • Health checks • Private DNS for VPC • Domain name registration & transfer
- 32. Route 53 SLA 100% Available SLA details: https://aws.amazon.com/route53/sla/
- 33. Route 53 pricing • Hosted zones $0.50 per hosted zone/month for the first 25 hosted zones $0.10 per hosted zone/month for additional hosted zones • Standard queries $0.400 per million queries—first 1 billion queries/month $0.200 per million queries—over 1 billion queries/month • Latency based routing queries $0.600 per million queries—first 1 billion queries/month $0.300 per million queries—over 1 billion queries/month • Geo DNS queries $0.700 per million queries—first 1 billion queries/month $0.350 per million queries—over 1 billion queries/month
- 34. Route 53 domain registration
- 35. Route 53 domain registration
- 37. Sample website
- 38. AWS CloudFormation [ec2-user@nebulous ~]$ aws ec2 describe-regions | grep "RegionName" | awk '{print $2}' | xargs -I '{}' sh -c "aws cloudformation describe-stacks --region '{}' || true" | grep "OutputValue" | awk '{print $2}' "http://54.72.210.244" "http://52.77.119.167" "http://52.62.2.174" "http://52.58.203.28" "http://52.78.4.248" "http://52.196.172.135" "http://52.203.253.83" "http://52.67.33.11" "http://52.9.240.65" "http://52.40.118.107"
- 39. Health checks
- 40. Health checks
- 41. Health checks
- 42. Health checks [ec2-user@nebulous ~]$ aws route53 create-health-check --caller-reference $RANDOM --health-check-config IPAddress=52.203.253.83,Port=80,Type=HTTP_STR_MATCH,SearchString="web server running",RequestInterval=10,FailureThreshold=3,MeasureLatency=true,Inverted=false,EnableSNI=false { "HealthCheck": { "HealthCheckConfig": { "SearchString": "web server running", "IPAddress": "52.203.253.83", "EnableSNI": false, "Inverted": false, "MeasureLatency": true, "RequestInterval": 10, "Type": "HTTP_STR_MATCH", "Port": 80, "FailureThreshold": 3 }, "CallerReference": "1008", "HealthCheckVersion": 1, "Id": "0f779143-14ff-4ff0-9476-12a2467f0f1a" }, "Location": "https://route53.amazonaws.com/2015-01-01/healthcheck/0f779143-14ff-4ff0-9476-12a2467f0f1a" }
- 43. Health checks
- 44. Health checks
- 45. Health checks
- 46. Health checks [ec2-user@nebulous ~]$ aws ec2 describe-regions | grep "RegionName" | awk '{print $2}' | xargs -I '{}' sh -c "aws cloudformation describe-stacks --region '{}' || true" | egrep "OutputValue" | awk '{print $2}' | tr 'htp:/"' ' ' | awk '{$1=$1};1' | xargs -I '{}' sh -c "aws route53 create-health-check --caller- reference '{}' --health-check-config IPAddress='{}',Port=80,Type=HTTP_STR_MATCH,SearchString="web server running",RequestInterval=10,FailureThreshold=3,MeasureLatency=true,Inverted=false,EnableSNI=false"
- 47. Health checks
- 48. Sample website
- 49. Supported DNS record types • A • AAAA • CNAME • MX • NS • PTR • SOA • SPF • SRV • TXT
- 50. Latency based record with health check
- 51. Latency based record with health check
- 54. Thank you!
Editor's Notes
- It’s always a good idea to remind everyone of this
- Define region/AZ/edge 5 in the next year
- You may currently have a data center
- You might be running a customer prior to 2013 and running ec2 classic
- Overview of what a VPC is (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. First pick a CIDR block from /28 to /16 Avoid overlapping networks you might connect to
- Can’t resize a VPC or a subnet – may not want to make one big subnet
- Azs and subnets are 1:1
- Pick number of AZs to support design Pick multiple for HA/resiliency, Pick multiple for access to larger pool for spot
- The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved: 10.0.0.0: Network address. 10.0.0.1: Reserved by AWS for the VPC router. 10.0.0.2: Reserved by AWS for mapping to the Amazon-provided DNS. 10.0.0.3: Reserved by AWS for future use. 10.0.0.255: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.
- Several services supported to work within a VPC. Not just EC2
- Route tables for traffic flow
- Stateful firewall around instances
- Internet Gateway to get out to the internet if needed * Do not have to do this!
- Connect multiple VPC within a region Cross account access Invitation process
- Connect back to on prem networks Two endpoints per VPC One to one VPC and VPN tunnel
- Connect back to on prem networks
- Start off with a VPN
- Building out VPCs
- You can go through the console and build it
- Programmatic access to build it
- Node.js snippet
- Cfn overview JSON formatted and templated Security, DR, COOP become first class citizens
- Use that same template to deploy globally
- CLI example to launch that environment to all commercial regions xargs to keep going on error if CLI errors out with 255
- Cloud ninja credit - https://twitter.com/nuage_ninja/status/652286193183379456
- $0.40 for 1 million queries 3 million queries is cheaper than the coffee I picked up this morning.
- Over 300 TLDs available https://aws.amazon.com/about-aws/whats-new/2016/05/amazon-route-53-announces-domain-name-registration-enhancements-expanded-tld-catalog-and-detailed-billing-history/
- Highlight partitioning of name, domains, and TLDs for resiliency
- Here is one of the sites we created earlier with Cfn
- Nothing fancy - Here’s what we see when we go to the web site
- Grab the list of all the websites I made earlier
- Configure a health check for one site
- Configure a health check for one site
- Do you want to be notified?
- Maybe you don’t want to do by hand in the console
- Health status bar
- powered down the web server, starts to fail after thresholds met
- Powered back up, and healthy
- Let’s make a health check for each of the sites we made earlier
- Remembering IPs is no fun, let’s make an A record
- Latency based Failover Weighted Link to Elastic Load Balancer and other AWS services
- One in US and one in Europe
- Example of getting to least latent web server from wherever I am in the world
- Power one off and the other picks up