SlideShare a Scribd company logo
1 of 88
Download to read offline
AWS Direct Connect & VPN’s
Steve Seymour
Specialist Solutions Architect
Amazon VPC
Availability Zone
Virtual Private Cloud
AWS Cloud
Public Subnet
Internet
Virtual	Private	Cloud
Availability Zone
Private Subnet
Availability Zone
VPN Only Subnet
Application	Servers
Web	Server Web	Server
NAT
Corporate	
Network
R
Database	 Servers
Amazon VPC
Corporate Network
Internet
ISP 2
(BGP)
FIREWALL
Internet
ISP 1
Internet
ISP 3
OSPF
Router
PublicIP
Router
BGP
Inside GRE Tunnels
Over IPSEC
FIREWALL
Internet
ISP 4
Internet
ISP 5
OSPF
.1
Wireless Controller
Backup GRE Tunnels
Router
Corporate Network
The Environment
The Environment
The Environment
CORP
The Toolbox
Virtual Private Cloud
Route Tables
Internet Gateway
Virtual Private Gateway
VPN Connection
Customer Gateway
AWS Direct Connect
The Toolbox
VPC
Route Tables
IGW
VGW
VPN
CGW
DX
Connectivity Options
AWS Hardware VPN
Demo
AWS Direct Connect
AWS Hardware VPN
Internet Protocol Security (IPsec) is a protocol suite for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet
of a communication session.
IPsec includes protocols for establishing mutual authentication between agents
at the beginning of the session and negotiation of cryptographic keys to be used
during the session.
Reference: Wikipedia - http://en.wikipedia.org/wiki/IPsec
VPN Connection – IPsec
Internet Protocol Security (IPsec) is a protocol suite for securing Internet
Protocol (IP) communications by authenticating and encrypting each IP packet
of a communication session.
IPsec includes protocols for establishing mutual authentication between agents
at the beginning of the session and negotiation of cryptographic keys to be used
during the session.
Reference: Wikipedia - http://en.wikipedia.org/wiki/IPsec
VPN Connection – IPsec
AWS VPN Features
• Static or Dynamic (BGP)
• Static requires routes (IP Prefixes) to be specified
• Dynamic VPN supports max-prefixes of 100
• BGP over VPN supports 2-byte AS Numbers
AWS VPN Requirements
• Connections initiated from the Customer Gateway
• IKE Security Association using a Pre-Shared Key
• IPSec Security Associations in Tunnel Mode
• AES 128-bit encryption, SHA-1 hashing function
• Diffie-Hellman Perfect Forward Secrecy – Group 2
• Dead Peer Detection
• Fragment IP Packets before encryption
Static VPN
CORP
• 1 unique Security Association (SA) pair per tunnel
• 1 inbound and 1 outbound
• 2 unique pairs for 2 tunnels – 4 SA’s
10.0.0.0 /16
10.0.0.0 /16
192.168.0.0 /16
192.168.0.0 /16
10.0.0.0 /16
Static VPN
CORP
• Consolidate ACL’s to cover all IP’s
• Filter to block unwanted traffic
0.0.0.0/0 (any)
0.0.0.0/0 (any)
172.16.0.0 /12
192.168.1.0 /24
192.168.9.0 /24
192.168.1.0 /24
192.168.9.0 /24
172.16.0.0 /12
10.0.0.0 /16
Static VPN
CORP
• Consolidate ACL’s to cover all IP’s
• Filter to block unwanted traffic
10.0.0.0 /16
10.0.0.0 /16
0.0.0.0 /0
(any)
0.0.0.0 /0
(any)
10.0.0.0 /16
What is BGP ?
• TCP based protocol on port 179
• BGP Neighbors exchange routing information - prefixes
• More specific prefixes are preferred
• Uses Autonomous System Numbers – AS Numbers
• iBGP – between peers in the same AS
• eBGP – between peers in different AS
• AS_PATH – measure of network “distance”
• Local Preference – weighting of identical prefixes
Dynamic VPN
CORP
Tunnel 1
IP 169.254.169.1 /30
BGP AS 7224
Route Table
Destination Target
10.0.0.0/16 Local
172.16.0.0/16 VGW
Tunnel 2
IP 169.254.169.5 /30
BGP AS 7224
10.0.0.0 /16
Tunnel 1
IP 169.254.169.2 /30
BGP AS 65001
Tunnel 2
IP 169.254.169.6 /30
BGP AS 65001
172.16.0.0 /16
Dynamic VPN
CORP
Tunnel 1
IP 169.254.169.1 /30
BGP AS 17493
Tunnel 2
IP 169.254.169.5 /30
BGP AS 17493
10.0.0.0 /16
Tunnel 1
IP 169.254.169.2 /30
BGP AS 65001
Tunnel 2
IP 169.254.169.6 /30
BGP AS 65001
172.16.0.0 /16
• BGP Peer IP Addresses are automatically generated
• Customer AS Number – owned or private ASN
• Amazon AS Number is fixed per region
Path Selection – inside the VGW
1. Most specific IP prefix
192.168.10.0/24 over 192.168.0.0/16
2. Direct Connect (irrelevant of AS PATH length)
3. Static VPN Connection
4. Dynamic (BGP) VPN Connection
4. Shortest AS PATH
65001 i over 65001 65001 i
Resilient Dynamic VPN
CORP
iBGP
OSPF
eBGP
Resilient Dynamic VPN – Multiple VPC’s
CORP
Recent VPN Updates
• NAT Traversal (NAT-T)
• Re-usable Customer Gateway
• Allows for the same Customer Gateway (CGW) IP
• Create a new VGW and VPN then attach to your VPC
Note: Only one VGW can be attached to a VPC at one time.
• Additional Encryption Options
• AES256, SHA-256
• Phase 1 can now use DH groups 2, 14-18, 22, 23, and 24.
• Phase 2 can now use DH groups 1, 2, 5, 14-18, 22, 23, and 24.
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
How to Create a VPN Connection
1. Create a VGW
2. Attach it to the VPC
3. Create a CGW
4. Create a VPN
5. Update Route Tables
6. Configure CGW
AWS Direct Connect
What is AWS Direct Connect…
Dedicated, private pipes into AWS
Create private (VPC) or public virtual interfaces to AWS
Reduced data-out rates (data-in still free))
Consistent network performance
At least 1 location to each AWS region
Option for redundant connections
Multiple AWS accounts can share a connection
Inter-Region enables connectivity to multiple regions in US
Uses BGP to exchange routing information over a VLAN
Direct Connect - Locations
AWS Region AWS Direct ConnectLocation
Asia	Pacific	(Seoul) KINX,	Seoul,	Korea
Asia	Pacific	(Singapore) Equinix	SG2,	Singapore
Asia	Pacific	(Singapore) GPX,	Mumbai,	India
Asia	Pacific	(Sydney) Equinix	SY3,	Sydney,	Australia
Asia	Pacific	(Sydney) Global	Switch,	Sydney,	Australia
Asia	Pacific	(Tokyo) Equinix OS1,	Osaka,	Japan
Asia	Pacific	(Tokyo) Equinix	TY2,	Tokyo,	Japan
AWS	GovCloud	(US) Equinix	SV1	&	SV5,	San	Francisco,	CA
China	(Beijing) CIDS	Jiachuang	IDC,	Beijing,	China
China	(Beijing) Sinnet	Jiuxianqiao	IDC,	Beijing,	China
EU	Central	(Frankfurt) Equinix	FR5,	Frankfurt,	Germany
EU	Central	(Frankfurt) Interxion	Frankfurt,	Germany
EU	West	(Ireland) Equinix	LD4	- LD6,	London,	England
EU	West	(Ireland) Eircom	Clonshaugh,	Dublin,	Ireland
EU	West	(Ireland) TelecityGroup,	London	Docklands',	London,	England
South	America	(Sao	Paulo) Terremark	NAP	do	Brasil,	Sao	Paulo,	Brasil
South	America	(Sao	Paulo) Tivit,	Sao	Paulo,	Brasil
US	East	(Virginia) CoreSite	NY1	&	NY2,	New	York,	NY
US	East	(Virginia) Equinix	DA1	- DA3	&	DA6,	Dallas,	TX
US	East	(Virginia) Equinix	DC1	- DC6	&	DC10,	Ashburn,	VA
US	West	(Northern	California) CoreSite	One	Wilshire	&	900	North	Alameda,	CA
US	West	(Northern	California) Equinix	SV1	&	SV5,	San	Francisco,	CA
US	West	(Oregon) Equinix	SE2	&	SE3,	Seattle,	WA
US	West	(Oregon) Switch	SUPERNAP	8,	Las	Vegas,	NV
Layers of Direct Connect
Single Mode Fiber – 1G or 10GLayer 1 - Physical
Ethernet – 802.1Q VLANLayer 2 – Data Link
Peer & Amazon IPLayer 3 - Network
TCPLayer 4 - Transport
BGPLayer 7 - Application
“Routing of traffic”
Terminology For Physical Connections
Leased Line
Ethernet Private Line
Pseudo-wire
Point-to-point circuit
LAN Extension
MPLS / VPLS / IP-VPN / L3-VPN
Terminology For Physical Connections
Leased Line
Ethernet Private Line
Pseudo-wire
Point-to-point circuit
LAN Extension
MPLS / VPLS / IP-VPN / L3-VPN
All generally deliver an
“extension” of a port from
a Direct Connect Location
to a Customer Location}
Leased Line
Ethernet Private Line
Pseudo-wire
Point-to-point circuit
LAN Extension
MPLS / VPLS / IP-VPN / L3-VPN
Terminology For Physical Connections
A little different …}
Physical Connection
• Cross Connect at the location
• Single Mode Fiber
- 1000Base-LX or 10GBASE-LR
• Potential onward Delivery via Direct Connect Partner
• Customer Router
At the Direct Connect Location
CORP
AWS Direct
Connect
Routers
Customer
Router
Colocation
DX Location
Customer
Network
`
AWS Backbone
Network
Cross
Connect
Customer
Router
Access
Circuit
Customers Network
Backbone
Access
Circuit
Demarcation
Dedicated Port via Direct Connect Partner
CORP
AWS Direct
Connect
Routers
Colocation
DX Location
Partner Network
AWS Backbone
Network
Cross
Connect
Customer
Router
Partner
Network
Access
Circuit
Demarcation
Partner
Equipment
At the Direct Connect Location – via MPLS
CORP
AWS Direct
Connect
Routers
Partner
PE Router
Colocation
DX Location
MPLS Core
`
AWS Backbone
Network
Cross
Connect
Provider
Edge
Partner MPLS
Core
Access
Circuit to CE
Demarcation
`
`
CE Router
CE Router
Layers of Direct Connect
Direct Connect Connection
Ethernet – 802.1Q VLAN
Peer & Amazon IP
Virtual Interface
(One per VLAN)
BGP
Virtual Private Gateway
A/C 1
“Routing of traffic”
Single Mode Fiber – 1G or 10G
Public and Private Virtual Interfaces
• 802.1Q VLAN
• eBGP Session
Note: Max Prefixes on the AWS peer : 100
• Private Virtual Interface – Access to VPC
Note: Not VPC Endpoints or transitive via VPC Peering
• Public Virtual Interface – Access to non-VPC Services
Account ownership of Direct Connect
Direct Connect Connection
Ethernet – 802.1Q VLAN
Peer & Amazon IP
Hosted Virtual Interface
(One per VLAN)
BGP
Virtual Private Gateway
A/C 1
A/C 2
“Routing of traffic”
Single Mode Fiber – 1G or 10G
Sub-1G via Direct Connect Partner
Direct Connect Interconnect
Ethernet – 802.1Q VLAN
Hosted Connection
Virtual Interface
(Single)
BGP
Virtual Private Gateway
PartnerCustomer
Bandwidth VLAN
Peer & Amazon IP’s
“Routing of traffic”
Single Mode Fiber – 1G or 10G
50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps and 500Mbps
Sharing Hosted Connections
Direct Connect Interconnect
Ethernet – 802.1Q VLAN
Hosted Connection
Hosted Virtual Interface
(Single)
BGP
Virtual Private Gateway
PartnerCustomerA/C2
Bandwidth VLAN
Peer & Amazon IP’s
A/C 1
“Routing of traffic”
Single Mode Fiber – 1G or 10G
Private Virtual Interface
• Only provides access to resources in a VPC
Note: Not VPC Endpoints or transitive via VPC Peering
• Attaches to the Virtual Private Gateway
Same as a VPN Connection
• Multiple Private VIF’s can be attached for resilience
• Any IP Addresses and ASN for BGP Peering acceptable
Single Private Virtual Interface
CORP
Route Table
Destination Target Propagated
10.0.0.0/16 Local
172.16.0.0/16 VGW Yes
10.0.0.0 /16 172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 100
IP 169.254.254.9 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.10 /30
BGP AS 65001
MD5 Key
eBGP
AS65001 Announcing
172.16.0.0 /16
AS7224 Announcing
10.0.0.0 /16
Dual DX – Single Location
CORP
AWS Direct
Connect
Routers
Customer
Router
Colocation
DX Location
Service Provider
Network
`
eBGP
eBGP
Dual Private Virtual Interface
CORP
10.0.0.0 /16 172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 100
IP 169.254.254.9 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.10 /30
BGP AS 65001
MD5 Key
dxvif-aabbccdd
VLAN 100
IP 169.254.254.13 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.14 /30
BGP AS 65001
MD5 Key
eBGP
eBGP
Dual Private Virtual Interface
CORP
10.0.0.0 /16 172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 100
IP 169.254.254.9 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.10 /30
BGP AS 65001
MD5 Key
dxvif-aabbccdd
VLAN 100
IP 169.254.254.13 /30
BGP AS 7224
MD5 Key
Interface gi0/0.100
VLAN 100
IP 169.254.254.14 /30
BGP AS 65001
MD5 Key
Dual DX – Single Location revisited
CORP
AWS Direct
Connect
Routers
Customer
Router
Colocation
DX Location
Service Provider
Network
`
Dual DX – Single Location revisited
CORP
AWS Direct
Connect
Routers
Customer
Routers
Colocation
DX Location
`
Service Provider
Network
`
Single DX – Dual Location
CORP
Customer
Routers
Colocation
DX Location 1
`
Customer
Routers
Colocation
DX Location 2
`
Service Provider
Network
AWS Direct
Connect Routers
AWS Direct
Connect Routers
Dual DX – Dual Location
CORP
AWS Direct
Connect Routers
Customer
Routers
Colocation
DX Location 1
`
`
AWS Direct
Connect Routers
Customer
Routers
Colocation
DX Location 2
`
`
Service Provider
Network
Dual VIF – Active/Active
IP 169.254.254.9 /30
IP 169.254.254.13 /30
Active/Active – the VGW Perspective
IP 169.254.254.10 /30
IP 169.254.254.14 /30
Dual VIF – Active/Passive
IP 169.254.254.9 /30
IP 169.254.254.13 /30
Active/Passive – the VGW Perspective
IP 169.254.254.10 /30
IP 169.254.254.14 /30
Dual VIF – Active/Passive
IP 169.254.254.9 /30
IP 169.254.254.13 /30
Active/Passive – the VGW Perspective
IP 169.254.254.10 /30
IP 169.254.254.14 /30
Public Virtual Interface
• Provides access to Amazon Public IP Addresses
• Requires Public IP Addresses for BGP Session
If you can’t provide them, raise a case with AWS Support
• Public ASN must be owned by customer – Private is OK
• Inter-Region is available in the US
Public VIF – Inter-Region – US Only
Public VIF’s receive prefixes for all US Regions
Prefixes are identified by BGP Communities
Advertisements can be controlled via BGP Communities
Public Virtual Interface
CORP
172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 200
IP 54.239.244.57 /31
BGP AS 7224
MD5 Key
Interface gi0/0.200
VLAN 200
IP 54.239.244.56 /31
BGP AS 65001
MD5 Key
AS65001 Announcing
54.239.244.56 /31
AS7224 Announcing
184.72.96.0/19 via 7224 16509 14618 i
184.72.128.0/17 via 7224 16509 14618 i
184.73.0.0 via 7224 16509 14618 i
184.169.128.0/17 via 7224 16509 i
199.127.232.0/22 via 7224 16509 i
199.255.192.0/22 via 7224 16509 I
…...
…..
Public Virtual Interface
IP 54.239.244.57 /31
BGP AS 7224
Public Virtual Interface
IP 54.239.244.57 /31
BGP AS 7224
Ordering Process
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order AWS Direct Connect
1. Select Your Region
2. Create a Connection
3. Receive LOA-CFA
4. Cross Connect
5. Create Virtual Interface
6. Configure Customer Router
How to order sub-1G via an APN Partner
1. Provide your Direct Connect Partner with Account Number
2. Accept Hosted Connection
3. Create Virtual Interface
4. Configure Customer Router
How to order sub-1G via an APN Partner
1. Provide your Direct Connect Partner with Account Number
2. Accept Hosted Connection
3. Create Virtual Interface
4. Configure Customer Router
How to order sub-1G via an APN Partner
1. Provide your Direct Connect Partner with Account Number
2. Accept Hosted Connection
3. Create Virtual Interface
4. Configure Customer Router
How to order sub-1G via an APN Partner
1. Provide your Direct Connect Partner with Account Number
2. Accept Hosted Connection
3. Create Virtual Interface
4. Configure Customer Router
Direct Connect with VPN Backup
CORP
DX Location 1
DX Location 2
Hardware VPN over DX Public VIF
CORP
172.16.0.0 /16
dxvif-wwxxyyzz
VLAN 200
IP 54.239.244.57 /31
BGP AS 7224
MD5 Key
Interface gi0/0.200
VLAN 200
IP 54.239.244.56 /31
BGP AS 65001
MD5 Key
Tunnel 1
IP 169.254.169.1 /30
BGP AS 17493
Tunnel 2
IP 169.254.169.5 /30
BGP AS 17493
Tunnel 1
IP 169.254.169.2 /30
BGP AS 65001
Tunnel 2
IP 169.254.169.6 /30
BGP AS 65001
Billing
• VPN Connections
Connection Hours
Data Transfer (Internet rates)
• Direct Connect
Port Hours
Reduced Data Transfer Rates
No charge for resources owned by other accounts
VPN Data Transfer over Direct Connect at reduced rate
Things to remember
All Direct Connect locations are at 3rd party data centers
You will have to work with at least one other organization
• Could be just the Data Center
• Could be a Network Provider / Direct Connect Partner
• Could be multiple Network Providers AND the Data Center
Sub-1G Hosted Connections support a single VIF
You can share VIF’s with other accounts
Public VIF’s include the Hardware VPN Endpoints
Example Implementation Plan
Demo
Demo Architecture
192.168.51.0 /24
192.168.51.10
Gi0/1: 192.168.51.254
Gi0/0
Internet
Gi0/0/0
DX 1
DX Location
(Telecity London)
eu-west-1 (Ireland)
10.0.0.0 /16
Summary
Connectivity via VPN – Static & Dynamic
Connectivity via AWS Direct Connect – Public & Private
Demo
Steve Seymour
Specialist Solutions Architect
seymours@amazon.co.uk
@sseymour

More Related Content

What's hot

다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트Amazon Web Services Korea
 
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Web Services
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitAmazon Web Services
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAMKnoldus Inc.
 
20180704(20190520 Renewed) AWS Black Belt Online Seminar Amazon Elastic File ...
20180704(20190520 Renewed) AWS Black Belt Online Seminar Amazon Elastic File ...20180704(20190520 Renewed) AWS Black Belt Online Seminar Amazon Elastic File ...
20180704(20190520 Renewed) AWS Black Belt Online Seminar Amazon Elastic File ...Amazon Web Services Japan
 
AWS Black Belt Online Seminar 2018 動画配信 on AWS
AWS Black Belt Online Seminar 2018 動画配信 on AWSAWS Black Belt Online Seminar 2018 動画配信 on AWS
AWS Black Belt Online Seminar 2018 動画配信 on AWSAmazon Web Services Japan
 
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitInfrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitAmazon Web Services
 
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage GatewayAWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage GatewayAmazon Web Services Japan
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateAmazon Web Services
 
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows ServerAmazon Web Services Japan
 
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft AzureAdvanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft AzureKemp
 
20190604 AWS Black Belt Online Seminar Amazon Simple Notification Service (SNS)
20190604 AWS Black Belt Online Seminar Amazon Simple Notification Service (SNS)20190604 AWS Black Belt Online Seminar Amazon Simple Notification Service (SNS)
20190604 AWS Black Belt Online Seminar Amazon Simple Notification Service (SNS)Amazon Web Services Japan
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Amazon Web Services
 

What's hot (20)

다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
 
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
Amazon VPC와 ELB/Direct Connect/VPN 알아보기 - 김세준, AWS 솔루션즈 아키텍트
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015
 
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS SummitPlan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
Plan Advanced AWS Networking Architectures - SRV323 - Chicago AWS Summit
 
AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3) AWS Simple Storage Service (s3)
AWS Simple Storage Service (s3)
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
20180704(20190520 Renewed) AWS Black Belt Online Seminar Amazon Elastic File ...
20180704(20190520 Renewed) AWS Black Belt Online Seminar Amazon Elastic File ...20180704(20190520 Renewed) AWS Black Belt Online Seminar Amazon Elastic File ...
20180704(20190520 Renewed) AWS Black Belt Online Seminar Amazon Elastic File ...
 
AWS networking fundamentals
AWS networking fundamentalsAWS networking fundamentals
AWS networking fundamentals
 
AWS Black Belt Online Seminar 2018 動画配信 on AWS
AWS Black Belt Online Seminar 2018 動画配信 on AWSAWS Black Belt Online Seminar 2018 動画配信 on AWS
AWS Black Belt Online Seminar 2018 動画配信 on AWS
 
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS SummitInfrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
Infrastructure is code with the AWS CDK - MAD312 - New York AWS Summit
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 Masterclass
 
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage GatewayAWS Black Belt Online Seminar 2017 AWS Storage Gateway
AWS Black Belt Online Seminar 2017 AWS Storage Gateway
 
Deep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & FargateDeep Dive into Amazon ECS & Fargate
Deep Dive into Amazon ECS & Fargate
 
AWS EC2 Fundametals
AWS EC2 FundametalsAWS EC2 Fundametals
AWS EC2 Fundametals
 
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
 
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft AzureAdvanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure
Advanced Load Balancer/Traffic Manager and App Gateway for Microsoft Azure
 
20190604 AWS Black Belt Online Seminar Amazon Simple Notification Service (SNS)
20190604 AWS Black Belt Online Seminar Amazon Simple Notification Service (SNS)20190604 AWS Black Belt Online Seminar Amazon Simple Notification Service (SNS)
20190604 AWS Black Belt Online Seminar Amazon Simple Notification Service (SNS)
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
Webinar AWS 201 - Using Amazon Virtual Private Cloud (VPC)
 

Viewers also liked

AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)Amazon Web Services
 
An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct ConnectJulien SIMON
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsKent Plummer
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)Amazon Web Services
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...Amazon Web Services
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)佑介 九岡
 
AWS re:Invent 2016: Design, Deploy, and Optimize Microsoft SharePoint on AWS ...
AWS re:Invent 2016: Design, Deploy, and Optimize Microsoft SharePoint on AWS ...AWS re:Invent 2016: Design, Deploy, and Optimize Microsoft SharePoint on AWS ...
AWS re:Invent 2016: Design, Deploy, and Optimize Microsoft SharePoint on AWS ...Amazon Web Services
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)Amazon Web Services
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many:  Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many:  Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013Amazon Web Services
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSDoiT International
 
Expanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureExpanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)Amazon Web Services
 
Women in Technology: Supporting Diversity in a Technical Workplace
Women in Technology: Supporting Diversity in a Technical WorkplaceWomen in Technology: Supporting Diversity in a Technical Workplace
Women in Technology: Supporting Diversity in a Technical WorkplaceAmazon Web Services
 
AWSome Day Intro - Stockholm 20160308
AWSome Day Intro - Stockholm 20160308AWSome Day Intro - Stockholm 20160308
AWSome Day Intro - Stockholm 20160308Amazon Web Services
 
Event-Driven Serverless Apps - Pop-up Loft Tel Aviv
Event-Driven Serverless Apps - Pop-up Loft Tel AvivEvent-Driven Serverless Apps - Pop-up Loft Tel Aviv
Event-Driven Serverless Apps - Pop-up Loft Tel AvivAmazon Web Services
 
Using amazon machine learning to identify trends in io t data technical 201
Using amazon machine learning to identify trends in io t data   technical 201Using amazon machine learning to identify trends in io t data   technical 201
Using amazon machine learning to identify trends in io t data technical 201Amazon Web Services
 

Viewers also liked (20)

AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
AWS re:Invent 2016: Deep Dive: AWS Direct Connect and VPNs (NET402)
 
An introduction to AWS Direct Connect
An introduction to AWS Direct ConnectAn introduction to AWS Direct Connect
An introduction to AWS Direct Connect
 
AWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN SolutionsAWS Hybrid Cloud Connectivity - VPN Solutions
AWS Hybrid Cloud Connectivity - VPN Solutions
 
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
AWS re:Invent 2016: From One to Many: Evolving VPC Design (ARC302)
 
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
AWS re:Invent 2016: Extending Datacenters to the Cloud: Connectivity Options ...
 
From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)From dev to prod: Kubernetes on AWS (short ver.)
From dev to prod: Kubernetes on AWS (short ver.)
 
AWS re:Invent 2016: Design, Deploy, and Optimize Microsoft SharePoint on AWS ...
AWS re:Invent 2016: Design, Deploy, and Optimize Microsoft SharePoint on AWS ...AWS re:Invent 2016: Design, Deploy, and Optimize Microsoft SharePoint on AWS ...
AWS re:Invent 2016: Design, Deploy, and Optimize Microsoft SharePoint on AWS ...
 
AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)AWS re:Invent 2016: Making Every Packet Count (NET404)
AWS re:Invent 2016: Making Every Packet Count (NET404)
 
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many:  Evolving VPC Design (ARC401) | AWS re:Invent 2013From One to Many:  Evolving VPC Design (ARC401) | AWS re:Invent 2013
From One to Many: Evolving VPC Design (ARC401) | AWS re:Invent 2013
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWS
 
Expanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureExpanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud Infrastructure
 
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
AWS re:Invent 2016: Moving Mountains: Netflix's Migration into VPC (NET304)
 
Women in Technology: Supporting Diversity in a Technical Workplace
Women in Technology: Supporting Diversity in a Technical WorkplaceWomen in Technology: Supporting Diversity in a Technical Workplace
Women in Technology: Supporting Diversity in a Technical Workplace
 
Ingest and storage options
Ingest and storage optionsIngest and storage options
Ingest and storage options
 
AWSome Day Intro - Stockholm 20160308
AWSome Day Intro - Stockholm 20160308AWSome Day Intro - Stockholm 20160308
AWSome Day Intro - Stockholm 20160308
 
Sundog Media Toolkit
Sundog Media Toolkit Sundog Media Toolkit
Sundog Media Toolkit
 
Simplestream
SimplestreamSimplestream
Simplestream
 
Event-Driven Serverless Apps - Pop-up Loft Tel Aviv
Event-Driven Serverless Apps - Pop-up Loft Tel AvivEvent-Driven Serverless Apps - Pop-up Loft Tel Aviv
Event-Driven Serverless Apps - Pop-up Loft Tel Aviv
 
Using amazon machine learning to identify trends in io t data technical 201
Using amazon machine learning to identify trends in io t data   technical 201Using amazon machine learning to identify trends in io t data   technical 201
Using amazon machine learning to identify trends in io t data technical 201
 
Movidiam
MovidiamMovidiam
Movidiam
 

Similar to AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv

(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNsAmazon Web Services
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...Amazon Web Services Korea
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載Amazon Web Services
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載Amazon Web Services
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]Amazon Web Services
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveAmazon Web Services
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWSAmazon Web Services
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPROIDEA
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...Amazon Web Services
 
高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)Amazon Web Services
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Amazon Web Services
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking   shapeblue technical deep diveCloud stack networking   shapeblue technical deep dive
Cloud stack networking shapeblue technical deep diveShapeBlue
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...Amazon Web Services
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data CenterAmazon Web Services
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingShannon McFarland
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
 

Similar to AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv (20)

(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs(NET406) Deep Dive: AWS Direct Connect and VPNs
(NET406) Deep Dive: AWS Direct Connect and VPNs
 
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
AWS Direct Connect 및 VPN을 이용한 클라우드 아키텍쳐 설계:: Steve Seymour :: AWS Summit Seou...
 
打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載打破時空藩籬,輕鬆存取您的雲端工作負載
打破時空藩籬,輕鬆存取您的雲端工作負載
 
打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載打破時空藩籬-輕鬆存取您的雲端工作負載
打破時空藩籬-輕鬆存取您的雲端工作負載
 
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
An Overview to Networking in the AWS Cloud for Education [Webinar Slides]
 
Getting Started on AWS
Getting Started on AWS Getting Started on AWS
Getting Started on AWS
 
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep DiveNEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
NEW LAUNCH IPv6 in the Cloud: Virtual Private Cloud Deep Dive
 
VPC and DX PoP @ HKG
VPC and DX PoP @ HKGVPC and DX PoP @ HKG
VPC and DX PoP @ HKG
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
 
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWSPLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
PLNOG 17 - Tomasz Stachlewski - Infrastruktura sieciowa w chmurze AWS
 
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
GPSTEC322-GPS Creating Your Virtual Data Center VPC Fundamentals Connectivity...
 
高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)高度規模化、可信賴的混合雲網路 (Level 300-400)
高度規模化、可信賴的混合雲網路 (Level 300-400)
 
Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)Deep Dive - Amazon Virtual Private Cloud (VPC)
Deep Dive - Amazon Virtual Private Cloud (VPC)
 
Cloud stack networking shapeblue technical deep dive
Cloud stack networking   shapeblue technical deep diveCloud stack networking   shapeblue technical deep dive
Cloud stack networking shapeblue technical deep dive
 
Amazon Virtual Private Cloud
Amazon Virtual Private CloudAmazon Virtual Private Cloud
Amazon Virtual Private Cloud
 
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
AWS re:Invent 2016: NextGen Networking: New Capabilities for Amazon’s Virtual...
 
Creating Your Virtual Data Center
Creating Your Virtual Data CenterCreating Your Virtual Data Center
Creating Your Virtual Data Center
 
Openstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud NetworkingOpenstack Summit Vancouver 2018 - Multicloud Networking
Openstack Summit Vancouver 2018 - Multicloud Networking
 
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
VMworld 2013: vCloud Hybrid Service Jump Start Part Two of Five: vCloud Hybri...
 
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum ComputingGDSC PJATK
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 

Recently uploaded (20)

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Introduction to Quantum Computing
Introduction to Quantum ComputingIntroduction to Quantum Computing
Introduction to Quantum Computing
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 

AWS Direct Connect & VPN's - Pop-up Loft Tel Aviv

  • 1. AWS Direct Connect & VPN’s Steve Seymour Specialist Solutions Architect
  • 2. Amazon VPC Availability Zone Virtual Private Cloud AWS Cloud Public Subnet Internet Virtual Private Cloud Availability Zone Private Subnet Availability Zone VPN Only Subnet Application Servers Web Server Web Server NAT Corporate Network R Database Servers
  • 4. Corporate Network Internet ISP 2 (BGP) FIREWALL Internet ISP 1 Internet ISP 3 OSPF Router PublicIP Router BGP Inside GRE Tunnels Over IPSEC FIREWALL Internet ISP 4 Internet ISP 5 OSPF .1 Wireless Controller Backup GRE Tunnels Router
  • 9. The Toolbox Virtual Private Cloud Route Tables Internet Gateway Virtual Private Gateway VPN Connection Customer Gateway AWS Direct Connect
  • 11. Connectivity Options AWS Hardware VPN Demo AWS Direct Connect
  • 13. Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Reference: Wikipedia - http://en.wikipedia.org/wiki/IPsec VPN Connection – IPsec
  • 14. Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Reference: Wikipedia - http://en.wikipedia.org/wiki/IPsec VPN Connection – IPsec
  • 15. AWS VPN Features • Static or Dynamic (BGP) • Static requires routes (IP Prefixes) to be specified • Dynamic VPN supports max-prefixes of 100 • BGP over VPN supports 2-byte AS Numbers
  • 16. AWS VPN Requirements • Connections initiated from the Customer Gateway • IKE Security Association using a Pre-Shared Key • IPSec Security Associations in Tunnel Mode • AES 128-bit encryption, SHA-1 hashing function • Diffie-Hellman Perfect Forward Secrecy – Group 2 • Dead Peer Detection • Fragment IP Packets before encryption
  • 17. Static VPN CORP • 1 unique Security Association (SA) pair per tunnel • 1 inbound and 1 outbound • 2 unique pairs for 2 tunnels – 4 SA’s 10.0.0.0 /16 10.0.0.0 /16 192.168.0.0 /16 192.168.0.0 /16 10.0.0.0 /16
  • 18. Static VPN CORP • Consolidate ACL’s to cover all IP’s • Filter to block unwanted traffic 0.0.0.0/0 (any) 0.0.0.0/0 (any) 172.16.0.0 /12 192.168.1.0 /24 192.168.9.0 /24 192.168.1.0 /24 192.168.9.0 /24 172.16.0.0 /12 10.0.0.0 /16
  • 19. Static VPN CORP • Consolidate ACL’s to cover all IP’s • Filter to block unwanted traffic 10.0.0.0 /16 10.0.0.0 /16 0.0.0.0 /0 (any) 0.0.0.0 /0 (any) 10.0.0.0 /16
  • 20. What is BGP ? • TCP based protocol on port 179 • BGP Neighbors exchange routing information - prefixes • More specific prefixes are preferred • Uses Autonomous System Numbers – AS Numbers • iBGP – between peers in the same AS • eBGP – between peers in different AS • AS_PATH – measure of network “distance” • Local Preference – weighting of identical prefixes
  • 21. Dynamic VPN CORP Tunnel 1 IP 169.254.169.1 /30 BGP AS 7224 Route Table Destination Target 10.0.0.0/16 Local 172.16.0.0/16 VGW Tunnel 2 IP 169.254.169.5 /30 BGP AS 7224 10.0.0.0 /16 Tunnel 1 IP 169.254.169.2 /30 BGP AS 65001 Tunnel 2 IP 169.254.169.6 /30 BGP AS 65001 172.16.0.0 /16
  • 22. Dynamic VPN CORP Tunnel 1 IP 169.254.169.1 /30 BGP AS 17493 Tunnel 2 IP 169.254.169.5 /30 BGP AS 17493 10.0.0.0 /16 Tunnel 1 IP 169.254.169.2 /30 BGP AS 65001 Tunnel 2 IP 169.254.169.6 /30 BGP AS 65001 172.16.0.0 /16 • BGP Peer IP Addresses are automatically generated • Customer AS Number – owned or private ASN • Amazon AS Number is fixed per region
  • 23. Path Selection – inside the VGW 1. Most specific IP prefix 192.168.10.0/24 over 192.168.0.0/16 2. Direct Connect (irrelevant of AS PATH length) 3. Static VPN Connection 4. Dynamic (BGP) VPN Connection 4. Shortest AS PATH 65001 i over 65001 65001 i
  • 25. Resilient Dynamic VPN – Multiple VPC’s CORP
  • 26. Recent VPN Updates • NAT Traversal (NAT-T) • Re-usable Customer Gateway • Allows for the same Customer Gateway (CGW) IP • Create a new VGW and VPN then attach to your VPC Note: Only one VGW can be attached to a VPC at one time. • Additional Encryption Options • AES256, SHA-256 • Phase 1 can now use DH groups 2, 14-18, 22, 23, and 24. • Phase 2 can now use DH groups 1, 2, 5, 14-18, 22, 23, and 24.
  • 27. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 28. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 29. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 30. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 31. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 32. How to Create a VPN Connection 1. Create a VGW 2. Attach it to the VPC 3. Create a CGW 4. Create a VPN 5. Update Route Tables 6. Configure CGW
  • 34. What is AWS Direct Connect… Dedicated, private pipes into AWS Create private (VPC) or public virtual interfaces to AWS Reduced data-out rates (data-in still free)) Consistent network performance At least 1 location to each AWS region Option for redundant connections Multiple AWS accounts can share a connection Inter-Region enables connectivity to multiple regions in US Uses BGP to exchange routing information over a VLAN
  • 35. Direct Connect - Locations AWS Region AWS Direct ConnectLocation Asia Pacific (Seoul) KINX, Seoul, Korea Asia Pacific (Singapore) Equinix SG2, Singapore Asia Pacific (Singapore) GPX, Mumbai, India Asia Pacific (Sydney) Equinix SY3, Sydney, Australia Asia Pacific (Sydney) Global Switch, Sydney, Australia Asia Pacific (Tokyo) Equinix OS1, Osaka, Japan Asia Pacific (Tokyo) Equinix TY2, Tokyo, Japan AWS GovCloud (US) Equinix SV1 & SV5, San Francisco, CA China (Beijing) CIDS Jiachuang IDC, Beijing, China China (Beijing) Sinnet Jiuxianqiao IDC, Beijing, China EU Central (Frankfurt) Equinix FR5, Frankfurt, Germany EU Central (Frankfurt) Interxion Frankfurt, Germany EU West (Ireland) Equinix LD4 - LD6, London, England EU West (Ireland) Eircom Clonshaugh, Dublin, Ireland EU West (Ireland) TelecityGroup, London Docklands', London, England South America (Sao Paulo) Terremark NAP do Brasil, Sao Paulo, Brasil South America (Sao Paulo) Tivit, Sao Paulo, Brasil US East (Virginia) CoreSite NY1 & NY2, New York, NY US East (Virginia) Equinix DA1 - DA3 & DA6, Dallas, TX US East (Virginia) Equinix DC1 - DC6 & DC10, Ashburn, VA US West (Northern California) CoreSite One Wilshire & 900 North Alameda, CA US West (Northern California) Equinix SV1 & SV5, San Francisco, CA US West (Oregon) Equinix SE2 & SE3, Seattle, WA US West (Oregon) Switch SUPERNAP 8, Las Vegas, NV
  • 36. Layers of Direct Connect Single Mode Fiber – 1G or 10GLayer 1 - Physical Ethernet – 802.1Q VLANLayer 2 – Data Link Peer & Amazon IPLayer 3 - Network TCPLayer 4 - Transport BGPLayer 7 - Application “Routing of traffic”
  • 37. Terminology For Physical Connections Leased Line Ethernet Private Line Pseudo-wire Point-to-point circuit LAN Extension MPLS / VPLS / IP-VPN / L3-VPN
  • 38. Terminology For Physical Connections Leased Line Ethernet Private Line Pseudo-wire Point-to-point circuit LAN Extension MPLS / VPLS / IP-VPN / L3-VPN All generally deliver an “extension” of a port from a Direct Connect Location to a Customer Location}
  • 39. Leased Line Ethernet Private Line Pseudo-wire Point-to-point circuit LAN Extension MPLS / VPLS / IP-VPN / L3-VPN Terminology For Physical Connections A little different …}
  • 40. Physical Connection • Cross Connect at the location • Single Mode Fiber - 1000Base-LX or 10GBASE-LR • Potential onward Delivery via Direct Connect Partner • Customer Router
  • 41. At the Direct Connect Location CORP AWS Direct Connect Routers Customer Router Colocation DX Location Customer Network ` AWS Backbone Network Cross Connect Customer Router Access Circuit Customers Network Backbone Access Circuit Demarcation
  • 42. Dedicated Port via Direct Connect Partner CORP AWS Direct Connect Routers Colocation DX Location Partner Network AWS Backbone Network Cross Connect Customer Router Partner Network Access Circuit Demarcation Partner Equipment
  • 43. At the Direct Connect Location – via MPLS CORP AWS Direct Connect Routers Partner PE Router Colocation DX Location MPLS Core ` AWS Backbone Network Cross Connect Provider Edge Partner MPLS Core Access Circuit to CE Demarcation ` ` CE Router CE Router
  • 44. Layers of Direct Connect Direct Connect Connection Ethernet – 802.1Q VLAN Peer & Amazon IP Virtual Interface (One per VLAN) BGP Virtual Private Gateway A/C 1 “Routing of traffic” Single Mode Fiber – 1G or 10G
  • 45. Public and Private Virtual Interfaces • 802.1Q VLAN • eBGP Session Note: Max Prefixes on the AWS peer : 100 • Private Virtual Interface – Access to VPC Note: Not VPC Endpoints or transitive via VPC Peering • Public Virtual Interface – Access to non-VPC Services
  • 46. Account ownership of Direct Connect Direct Connect Connection Ethernet – 802.1Q VLAN Peer & Amazon IP Hosted Virtual Interface (One per VLAN) BGP Virtual Private Gateway A/C 1 A/C 2 “Routing of traffic” Single Mode Fiber – 1G or 10G
  • 47. Sub-1G via Direct Connect Partner Direct Connect Interconnect Ethernet – 802.1Q VLAN Hosted Connection Virtual Interface (Single) BGP Virtual Private Gateway PartnerCustomer Bandwidth VLAN Peer & Amazon IP’s “Routing of traffic” Single Mode Fiber – 1G or 10G 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps and 500Mbps
  • 48. Sharing Hosted Connections Direct Connect Interconnect Ethernet – 802.1Q VLAN Hosted Connection Hosted Virtual Interface (Single) BGP Virtual Private Gateway PartnerCustomerA/C2 Bandwidth VLAN Peer & Amazon IP’s A/C 1 “Routing of traffic” Single Mode Fiber – 1G or 10G
  • 49. Private Virtual Interface • Only provides access to resources in a VPC Note: Not VPC Endpoints or transitive via VPC Peering • Attaches to the Virtual Private Gateway Same as a VPN Connection • Multiple Private VIF’s can be attached for resilience • Any IP Addresses and ASN for BGP Peering acceptable
  • 50. Single Private Virtual Interface CORP Route Table Destination Target Propagated 10.0.0.0/16 Local 172.16.0.0/16 VGW Yes 10.0.0.0 /16 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 100 IP 169.254.254.9 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.10 /30 BGP AS 65001 MD5 Key eBGP AS65001 Announcing 172.16.0.0 /16 AS7224 Announcing 10.0.0.0 /16
  • 51. Dual DX – Single Location CORP AWS Direct Connect Routers Customer Router Colocation DX Location Service Provider Network `
  • 52. eBGP eBGP Dual Private Virtual Interface CORP 10.0.0.0 /16 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 100 IP 169.254.254.9 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.10 /30 BGP AS 65001 MD5 Key dxvif-aabbccdd VLAN 100 IP 169.254.254.13 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.14 /30 BGP AS 65001 MD5 Key
  • 53. eBGP eBGP Dual Private Virtual Interface CORP 10.0.0.0 /16 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 100 IP 169.254.254.9 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.10 /30 BGP AS 65001 MD5 Key dxvif-aabbccdd VLAN 100 IP 169.254.254.13 /30 BGP AS 7224 MD5 Key Interface gi0/0.100 VLAN 100 IP 169.254.254.14 /30 BGP AS 65001 MD5 Key
  • 54. Dual DX – Single Location revisited CORP AWS Direct Connect Routers Customer Router Colocation DX Location Service Provider Network `
  • 55. Dual DX – Single Location revisited CORP AWS Direct Connect Routers Customer Routers Colocation DX Location ` Service Provider Network `
  • 56. Single DX – Dual Location CORP Customer Routers Colocation DX Location 1 ` Customer Routers Colocation DX Location 2 ` Service Provider Network AWS Direct Connect Routers AWS Direct Connect Routers
  • 57. Dual DX – Dual Location CORP AWS Direct Connect Routers Customer Routers Colocation DX Location 1 ` ` AWS Direct Connect Routers Customer Routers Colocation DX Location 2 ` ` Service Provider Network
  • 58. Dual VIF – Active/Active IP 169.254.254.9 /30 IP 169.254.254.13 /30
  • 59. Active/Active – the VGW Perspective IP 169.254.254.10 /30 IP 169.254.254.14 /30
  • 60. Dual VIF – Active/Passive IP 169.254.254.9 /30 IP 169.254.254.13 /30
  • 61. Active/Passive – the VGW Perspective IP 169.254.254.10 /30 IP 169.254.254.14 /30
  • 62. Dual VIF – Active/Passive IP 169.254.254.9 /30 IP 169.254.254.13 /30
  • 63. Active/Passive – the VGW Perspective IP 169.254.254.10 /30 IP 169.254.254.14 /30
  • 64. Public Virtual Interface • Provides access to Amazon Public IP Addresses • Requires Public IP Addresses for BGP Session If you can’t provide them, raise a case with AWS Support • Public ASN must be owned by customer – Private is OK • Inter-Region is available in the US
  • 65. Public VIF – Inter-Region – US Only Public VIF’s receive prefixes for all US Regions Prefixes are identified by BGP Communities Advertisements can be controlled via BGP Communities
  • 66. Public Virtual Interface CORP 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 200 IP 54.239.244.57 /31 BGP AS 7224 MD5 Key Interface gi0/0.200 VLAN 200 IP 54.239.244.56 /31 BGP AS 65001 MD5 Key AS65001 Announcing 54.239.244.56 /31 AS7224 Announcing 184.72.96.0/19 via 7224 16509 14618 i 184.72.128.0/17 via 7224 16509 14618 i 184.73.0.0 via 7224 16509 14618 i 184.169.128.0/17 via 7224 16509 i 199.127.232.0/22 via 7224 16509 i 199.255.192.0/22 via 7224 16509 I …... …..
  • 67. Public Virtual Interface IP 54.239.244.57 /31 BGP AS 7224
  • 68. Public Virtual Interface IP 54.239.244.57 /31 BGP AS 7224
  • 70. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 71. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 72. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 73. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 74. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 75. How to order AWS Direct Connect 1. Select Your Region 2. Create a Connection 3. Receive LOA-CFA 4. Cross Connect 5. Create Virtual Interface 6. Configure Customer Router
  • 76. How to order sub-1G via an APN Partner 1. Provide your Direct Connect Partner with Account Number 2. Accept Hosted Connection 3. Create Virtual Interface 4. Configure Customer Router
  • 77. How to order sub-1G via an APN Partner 1. Provide your Direct Connect Partner with Account Number 2. Accept Hosted Connection 3. Create Virtual Interface 4. Configure Customer Router
  • 78. How to order sub-1G via an APN Partner 1. Provide your Direct Connect Partner with Account Number 2. Accept Hosted Connection 3. Create Virtual Interface 4. Configure Customer Router
  • 79. How to order sub-1G via an APN Partner 1. Provide your Direct Connect Partner with Account Number 2. Accept Hosted Connection 3. Create Virtual Interface 4. Configure Customer Router
  • 80. Direct Connect with VPN Backup CORP DX Location 1 DX Location 2
  • 81. Hardware VPN over DX Public VIF CORP 172.16.0.0 /16 dxvif-wwxxyyzz VLAN 200 IP 54.239.244.57 /31 BGP AS 7224 MD5 Key Interface gi0/0.200 VLAN 200 IP 54.239.244.56 /31 BGP AS 65001 MD5 Key Tunnel 1 IP 169.254.169.1 /30 BGP AS 17493 Tunnel 2 IP 169.254.169.5 /30 BGP AS 17493 Tunnel 1 IP 169.254.169.2 /30 BGP AS 65001 Tunnel 2 IP 169.254.169.6 /30 BGP AS 65001
  • 82. Billing • VPN Connections Connection Hours Data Transfer (Internet rates) • Direct Connect Port Hours Reduced Data Transfer Rates No charge for resources owned by other accounts VPN Data Transfer over Direct Connect at reduced rate
  • 83. Things to remember All Direct Connect locations are at 3rd party data centers You will have to work with at least one other organization • Could be just the Data Center • Could be a Network Provider / Direct Connect Partner • Could be multiple Network Providers AND the Data Center Sub-1G Hosted Connections support a single VIF You can share VIF’s with other accounts Public VIF’s include the Hardware VPN Endpoints
  • 85. Demo
  • 86. Demo Architecture 192.168.51.0 /24 192.168.51.10 Gi0/1: 192.168.51.254 Gi0/0 Internet Gi0/0/0 DX 1 DX Location (Telecity London) eu-west-1 (Ireland) 10.0.0.0 /16
  • 87. Summary Connectivity via VPN – Static & Dynamic Connectivity via AWS Direct Connect – Public & Private Demo
  • 88. Steve Seymour Specialist Solutions Architect seymours@amazon.co.uk @sseymour