SlideShare a Scribd company logo

AWS Meetup - surviving the hybrid cloud - a network perspective

T
Tudor Paul Toma ☁

AWS Meetup - surviving the hybrid cloud - a network perspective

Technology
1 of 22
Download to read offline
©2017 Cloudreach Surviving the Hybrid Cloud Network Connectivity Tudor Paul Toma
©2017 Cloudreach Agenda Surviving the Hybrid Cloud Why Hybrid? Transitive routing Hybrid Challenges Requirements $$Cost$$ Availability / resiliency Outbound internet Summary Q&A Options (..many options) Accessing resources
©2017 Cloudreach Limited First things first … Surviving the Hybrid Cloud 3 Why On-premises? ● Medium - Large enterprise ● CAPEX investments ● Cloud Trust issues ● Monolit applications ● Security policies ● Compliance issues ● Team skills ● Ongoing partnerships
©2017 Cloudreach Limited Why Hybrid? Surviving the Hybrid Cloud 4 ● On-premise ● High fixed cost ● Known security ● Full control ● Low reskill cost On-premises Hybrid Cloud ● Necessary “evil” ● Lower cost ● Trusted security ● Partial reskill ● Elasticity/Availability ● Cloud native services ● Modern applications ● More adoption ● Organic evolution ● Less disruptive Public Cloud ● Off-premise ● Low variable cost ● New security model ● Elasticity ● Availability ● Flexibility ● Cloud native services
©2017 Cloudreach Limited Hybrid Cloud Surviving the Hybrid Cloud 5 .. a lot of them ... Access Management Network connectivity Service availability Security enforcement Network services App Extension ... App Migration Compliance
©2017 Cloudreach Limited Connectivity requirements Surviving the Hybrid Cloud 6 ● Latency - what are the acceptable limits? ● Bandwidth - what is the average need? How big are the spikes? ● Traffic type - understand the traffic type, choose the best option ● Cloud usage - primary, secondary, elastic backend ● Internet access - inbound/outbound? Use AWS IGW or existing? ● Availability - is HA valid end to end? Need for uptime ● Cost - budget? ● Maintenance/Management - network team available? willing? ● Emergency - how quickly is the connection(s) needed? ● Security - what are the accepted levels? ● Routing - static/dynamic
©2017 Cloudreach Limited Why so much planning? Surviving the Hybrid Cloud 7 ...because we want to go in holidays...
©2017 Cloudreach Limited Connectivity options (Site to site) Surviving the Hybrid Cloud 8 ● Transport - physical ○ Over Public Network ○ Over Private Line - DirectConnect ● Routing ○ Static - manually maintained routes ○ Dynamic - BGP ● Traffic engineering ○ Link resiliency ○ Link aggregation ● Access ○ Outbound Internet ○ Transitive: Meshed vs Hub and Spoke
©2017 Cloudreach Limited Options Surviving the Hybrid Cloud 9 AWS managed VPN - single connection, single location 1 VPN connection, 2 IPsec tunnels 1 location, 1 CGW 1 on-premise network 1 SA per tunnel, 2 in total
©2017 Cloudreach Limited More options Surviving the Hybrid Cloud 10 AWS managed VPN - multiple connections, single location 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 1 on-premise network 1 SA per tunnel, 4 in total For BGP: ASN (public or private), peer IPs
©2017 Cloudreach Limited Even more options Surviving the Hybrid Cloud 11 AWS managed VPN - multiple connections, multiple locations 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 2 on-premises networks
©2017 Cloudreach Limited Different options Surviving the Hybrid Cloud 12 Software VPN - customer maintained VPN appliance Vendor (Cisco CSR1000v, Sophos UTM9, Paloalto, Fortinet) or opensource (pfsense, vns3, mikrotik) Extra: - ensure tunnel availability - Ensure appliance HA - Manage patching/configuration - Manage security
©2017 Cloudreach Limited Dedicated or hosted options Surviving the Hybrid Cloud 13 Direct connect (DX) - At least 2 DX locations per region (Frankfurt has 13!!) - 3 DX transport options 1. Owned router in the location (only 1 or 10gbps) 2. Partner provided circuit (sub-gig) 3. Service provider MPLS extension - Can be paired with a hardware VPN connection
©2017 Cloudreach Limited Connectivity cost Surviving the Hybrid Cloud 14 ● Over Public Network - Internet ■ AWS Managed VPN (single or multi region) ● $0.05 / VPN connection hour (available time) ● Outbound traffic only ■ Software VPN ● Instance + license cost ● Outbound traffic only ● Over Private Line - DirectConnect ■ DX - You own location Router (1gbps or 10gbps) ● Port-hour ($0.30 or $2.25) + ● Data Out $0.02/GB (e.g. EU to EU) ■ DX - AWS Partner provided L2 circuit (>50mbps) ● Port-hour ($0.03 or $0.30) + data out ■ DX - Service Provider network (MPLS circuit) ● Circuit/colocation cost
©2017 Cloudreach Limited Connection availability Surviving the Hybrid Cloud 15 DirectConnect + VPN 2 x DX, 1 x circuit (router) 2 x DX, 2 x circuits (routers) 2 x DX, 2 x circuits (routers), 2 x DC
©2017 Cloudreach Limited Routing preference Surviving the Hybrid Cloud 16 So how is the routing decision taken in case of overlap? ● Most prefered: VPC local routes ● Then: Most specific prefix wins ● Still prefered: Static routes ● Not quite last: Dynamic DirectConnect routes ● Second last: VPN static routes ● Last resort: VPN BGP routes: shortest AS_PATH first
©2017 Cloudreach Limited Connection resiliency and aggregation Surviving the Hybrid Cloud 17 ● Active-Active ○ BGP equal-cost (ECMP) ○ Aggregate bandwidth ● Active-Standby ○ One prefered path ○ Use BGP AS_PATH or BGP local pref ● BGP fact sheet ○ Dynamic routing ○ Peering, sessions, prefix exchange ○ Uses ASN (ex. AWS has fixed ASN) ○ iBGP, eBGP
©2017 Cloudreach Limited VPC outbound internet Surviving the Hybrid Cloud 18 VGW + AWS IGW --->>> <<<--- VGW + DC Internet - Originate default route (how?) - Reuse existing connection - Control outbound connection (proxy?) - A must: VPC endpoints (S3, SSM, KMS, etc)
©2017 Cloudreach Limited Accessing VPC resources Surviving the Hybrid Cloud 19 ● Private Virtual interface to access the VPC ● The same VGW is used for both DX and Managed VPN ● Virtual Interface is mapped with a unique VLAN ID ● No transitive routing ● Hairpinning (router on a stick) possible ● Public virtual interface needed for VPC endpoints access
©2017 Cloudreach Limited Transitive routing? Surviving the Hybrid Cloud 20 WHY? ● Routing between VPCs is non-transitive ● Connection limits: ○ Managed VPN: Per region, per VGW ○ DX: per VIF, per region, routes per session ● Scale and number of VPC which participate How exactly? ● Using software VPN appliances ● Opting for ○ Partially or fully meshed design ○ Or Hub and spoke design ● Challenges: ○ Management overhead / Deploy time / Automation
©2017 Cloudreach Limited Summary Surviving the Hybrid Cloud 21 ● Understanding hybrid cloud challenges and motivation ● Focus on Network connectivity - requirements ● Connectivity options ○ VPN ■ AWS Managed ■ Software VPN ○ DX ■ Hosted equipment - full port ■ Dedicated connection (sub-gig) ■ Service Provider MPLS circuit ● Availability and resiliency ● Outbound internet ● Transitive routing
©2017 Cloudreach 22 Vielen Dank! Thank you! Mulțumesc The nice thing about standards is that you have so many to choose from. Andrew S. Tanenbaum, Computer Networks, 2nd ed.

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 

Recommended

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 

More Related Content

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 

Featured

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 

Featured (20)

How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 

AWS Meetup - surviving the hybrid cloud - a network perspective

  • 1. ©2017 Cloudreach Surviving the Hybrid Cloud Network Connectivity Tudor Paul Toma
  • 2. ©2017 Cloudreach Agenda Surviving the Hybrid Cloud Why Hybrid? Transitive routing Hybrid Challenges Requirements $$Cost$$ Availability / resiliency Outbound internet Summary Q&A Options (..many options) Accessing resources
  • 3. ©2017 Cloudreach Limited First things first … Surviving the Hybrid Cloud 3 Why On-premises? ● Medium - Large enterprise ● CAPEX investments ● Cloud Trust issues ● Monolit applications ● Security policies ● Compliance issues ● Team skills ● Ongoing partnerships
  • 4. ©2017 Cloudreach Limited Why Hybrid? Surviving the Hybrid Cloud 4 ● On-premise ● High fixed cost ● Known security ● Full control ● Low reskill cost On-premises Hybrid Cloud ● Necessary “evil” ● Lower cost ● Trusted security ● Partial reskill ● Elasticity/Availability ● Cloud native services ● Modern applications ● More adoption ● Organic evolution ● Less disruptive Public Cloud ● Off-premise ● Low variable cost ● New security model ● Elasticity ● Availability ● Flexibility ● Cloud native services
  • 5. ©2017 Cloudreach Limited Hybrid Cloud Surviving the Hybrid Cloud 5 .. a lot of them ... Access Management Network connectivity Service availability Security enforcement Network services App Extension ... App Migration Compliance
  • 6. ©2017 Cloudreach Limited Connectivity requirements Surviving the Hybrid Cloud 6 ● Latency - what are the acceptable limits? ● Bandwidth - what is the average need? How big are the spikes? ● Traffic type - understand the traffic type, choose the best option ● Cloud usage - primary, secondary, elastic backend ● Internet access - inbound/outbound? Use AWS IGW or existing? ● Availability - is HA valid end to end? Need for uptime ● Cost - budget? ● Maintenance/Management - network team available? willing? ● Emergency - how quickly is the connection(s) needed? ● Security - what are the accepted levels? ● Routing - static/dynamic
  • 7. ©2017 Cloudreach Limited Why so much planning? Surviving the Hybrid Cloud 7 ...because we want to go in holidays...
  • 8. ©2017 Cloudreach Limited Connectivity options (Site to site) Surviving the Hybrid Cloud 8 ● Transport - physical ○ Over Public Network ○ Over Private Line - DirectConnect ● Routing ○ Static - manually maintained routes ○ Dynamic - BGP ● Traffic engineering ○ Link resiliency ○ Link aggregation ● Access ○ Outbound Internet ○ Transitive: Meshed vs Hub and Spoke
  • 9. ©2017 Cloudreach Limited Options Surviving the Hybrid Cloud 9 AWS managed VPN - single connection, single location 1 VPN connection, 2 IPsec tunnels 1 location, 1 CGW 1 on-premise network 1 SA per tunnel, 2 in total
  • 10. ©2017 Cloudreach Limited More options Surviving the Hybrid Cloud 10 AWS managed VPN - multiple connections, single location 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 1 on-premise network 1 SA per tunnel, 4 in total For BGP: ASN (public or private), peer IPs
  • 11. ©2017 Cloudreach Limited Even more options Surviving the Hybrid Cloud 11 AWS managed VPN - multiple connections, multiple locations 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 2 on-premises networks
  • 12. ©2017 Cloudreach Limited Different options Surviving the Hybrid Cloud 12 Software VPN - customer maintained VPN appliance Vendor (Cisco CSR1000v, Sophos UTM9, Paloalto, Fortinet) or opensource (pfsense, vns3, mikrotik) Extra: - ensure tunnel availability - Ensure appliance HA - Manage patching/configuration - Manage security
  • 13. ©2017 Cloudreach Limited Dedicated or hosted options Surviving the Hybrid Cloud 13 Direct connect (DX) - At least 2 DX locations per region (Frankfurt has 13!!) - 3 DX transport options 1. Owned router in the location (only 1 or 10gbps) 2. Partner provided circuit (sub-gig) 3. Service provider MPLS extension - Can be paired with a hardware VPN connection
  • 14. ©2017 Cloudreach Limited Connectivity cost Surviving the Hybrid Cloud 14 ● Over Public Network - Internet ■ AWS Managed VPN (single or multi region) ● $0.05 / VPN connection hour (available time) ● Outbound traffic only ■ Software VPN ● Instance + license cost ● Outbound traffic only ● Over Private Line - DirectConnect ■ DX - You own location Router (1gbps or 10gbps) ● Port-hour ($0.30 or $2.25) + ● Data Out $0.02/GB (e.g. EU to EU) ■ DX - AWS Partner provided L2 circuit (>50mbps) ● Port-hour ($0.03 or $0.30) + data out ■ DX - Service Provider network (MPLS circuit) ● Circuit/colocation cost
  • 15. ©2017 Cloudreach Limited Connection availability Surviving the Hybrid Cloud 15 DirectConnect + VPN 2 x DX, 1 x circuit (router) 2 x DX, 2 x circuits (routers) 2 x DX, 2 x circuits (routers), 2 x DC
  • 16. ©2017 Cloudreach Limited Routing preference Surviving the Hybrid Cloud 16 So how is the routing decision taken in case of overlap? ● Most prefered: VPC local routes ● Then: Most specific prefix wins ● Still prefered: Static routes ● Not quite last: Dynamic DirectConnect routes ● Second last: VPN static routes ● Last resort: VPN BGP routes: shortest AS_PATH first
  • 17. ©2017 Cloudreach Limited Connection resiliency and aggregation Surviving the Hybrid Cloud 17 ● Active-Active ○ BGP equal-cost (ECMP) ○ Aggregate bandwidth ● Active-Standby ○ One prefered path ○ Use BGP AS_PATH or BGP local pref ● BGP fact sheet ○ Dynamic routing ○ Peering, sessions, prefix exchange ○ Uses ASN (ex. AWS has fixed ASN) ○ iBGP, eBGP
  • 18. ©2017 Cloudreach Limited VPC outbound internet Surviving the Hybrid Cloud 18 VGW + AWS IGW --->>> <<<--- VGW + DC Internet - Originate default route (how?) - Reuse existing connection - Control outbound connection (proxy?) - A must: VPC endpoints (S3, SSM, KMS, etc)
  • 19. ©2017 Cloudreach Limited Accessing VPC resources Surviving the Hybrid Cloud 19 ● Private Virtual interface to access the VPC ● The same VGW is used for both DX and Managed VPN ● Virtual Interface is mapped with a unique VLAN ID ● No transitive routing ● Hairpinning (router on a stick) possible ● Public virtual interface needed for VPC endpoints access
  • 20. ©2017 Cloudreach Limited Transitive routing? Surviving the Hybrid Cloud 20 WHY? ● Routing between VPCs is non-transitive ● Connection limits: ○ Managed VPN: Per region, per VGW ○ DX: per VIF, per region, routes per session ● Scale and number of VPC which participate How exactly? ● Using software VPN appliances ● Opting for ○ Partially or fully meshed design ○ Or Hub and spoke design ● Challenges: ○ Management overhead / Deploy time / Automation
  • 21. ©2017 Cloudreach Limited Summary Surviving the Hybrid Cloud 21 ● Understanding hybrid cloud challenges and motivation ● Focus on Network connectivity - requirements ● Connectivity options ○ VPN ■ AWS Managed ■ Software VPN ○ DX ■ Hosted equipment - full port ■ Dedicated connection (sub-gig) ■ Service Provider MPLS circuit ● Availability and resiliency ● Outbound internet ● Transitive routing
  • 22. ©2017 Cloudreach 22 Vielen Dank! Thank you! Mulțumesc The nice thing about standards is that you have so many to choose from. Andrew S. Tanenbaum, Computer Networks, 2nd ed.