Submit Search
Upload
AWS Meetup - surviving the hybrid cloud - a network perspective
•
2 likes
•
343 views
T
Tudor Paul Toma ☁
Follow
AWS Meetup - surviving the hybrid cloud - a network perspective
Read less
Read more
Technology
Report
Share
Report
Share
1 of 22
Download now
Download to read offline
Recommended
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
Skeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
Recommended
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
Skeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
More Related Content
Recently uploaded
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
Recently uploaded
(20)
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Featured
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
Introduction to Data Science
Introduction to Data Science
Christy Abraham Joy
Time Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
Vit Horky
The six step guide to practical project management
The six step guide to practical project management
MindGenius
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson36
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
GetSmarter
ChatGPT webinar slides
ChatGPT webinar slides
Alireza Esmikhani
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Project for Public Spaces & National Center for Biking and Walking
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
DevGAMM Conference
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
Erica Santiago
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software
Introduction to C Programming Language
Introduction to C Programming Language
Simplilearn
Featured
(20)
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Getting into the tech field. what next
Getting into the tech field. what next
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
How to have difficult conversations
How to have difficult conversations
Introduction to Data Science
Introduction to Data Science
Time Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
The six step guide to practical project management
The six step guide to practical project management
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
ChatGPT webinar slides
ChatGPT webinar slides
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Introduction to C Programming Language
Introduction to C Programming Language
AWS Meetup - surviving the hybrid cloud - a network perspective
1.
©2017 Cloudreach Surviving the
Hybrid Cloud Network Connectivity Tudor Paul Toma
2.
©2017 Cloudreach Agenda Surviving the
Hybrid Cloud Why Hybrid? Transitive routing Hybrid Challenges Requirements $$Cost$$ Availability / resiliency Outbound internet Summary Q&A Options (..many options) Accessing resources
3.
©2017 Cloudreach Limited First
things first … Surviving the Hybrid Cloud 3 Why On-premises? ● Medium - Large enterprise ● CAPEX investments ● Cloud Trust issues ● Monolit applications ● Security policies ● Compliance issues ● Team skills ● Ongoing partnerships
4.
©2017 Cloudreach Limited Why
Hybrid? Surviving the Hybrid Cloud 4 ● On-premise ● High fixed cost ● Known security ● Full control ● Low reskill cost On-premises Hybrid Cloud ● Necessary “evil” ● Lower cost ● Trusted security ● Partial reskill ● Elasticity/Availability ● Cloud native services ● Modern applications ● More adoption ● Organic evolution ● Less disruptive Public Cloud ● Off-premise ● Low variable cost ● New security model ● Elasticity ● Availability ● Flexibility ● Cloud native services
5.
©2017 Cloudreach Limited Hybrid
Cloud Surviving the Hybrid Cloud 5 .. a lot of them ... Access Management Network connectivity Service availability Security enforcement Network services App Extension ... App Migration Compliance
6.
©2017 Cloudreach Limited Connectivity
requirements Surviving the Hybrid Cloud 6 ● Latency - what are the acceptable limits? ● Bandwidth - what is the average need? How big are the spikes? ● Traffic type - understand the traffic type, choose the best option ● Cloud usage - primary, secondary, elastic backend ● Internet access - inbound/outbound? Use AWS IGW or existing? ● Availability - is HA valid end to end? Need for uptime ● Cost - budget? ● Maintenance/Management - network team available? willing? ● Emergency - how quickly is the connection(s) needed? ● Security - what are the accepted levels? ● Routing - static/dynamic
7.
©2017 Cloudreach Limited Why
so much planning? Surviving the Hybrid Cloud 7 ...because we want to go in holidays...
8.
©2017 Cloudreach Limited Connectivity
options (Site to site) Surviving the Hybrid Cloud 8 ● Transport - physical ○ Over Public Network ○ Over Private Line - DirectConnect ● Routing ○ Static - manually maintained routes ○ Dynamic - BGP ● Traffic engineering ○ Link resiliency ○ Link aggregation ● Access ○ Outbound Internet ○ Transitive: Meshed vs Hub and Spoke
9.
©2017 Cloudreach Limited Options Surviving
the Hybrid Cloud 9 AWS managed VPN - single connection, single location 1 VPN connection, 2 IPsec tunnels 1 location, 1 CGW 1 on-premise network 1 SA per tunnel, 2 in total
10.
©2017 Cloudreach Limited More
options Surviving the Hybrid Cloud 10 AWS managed VPN - multiple connections, single location 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 1 on-premise network 1 SA per tunnel, 4 in total For BGP: ASN (public or private), peer IPs
11.
©2017 Cloudreach Limited Even
more options Surviving the Hybrid Cloud 11 AWS managed VPN - multiple connections, multiple locations 2 VPN connections, 4 VPN tunnels 1 location, 2 CGWs 2 on-premises networks
12.
©2017 Cloudreach Limited Different
options Surviving the Hybrid Cloud 12 Software VPN - customer maintained VPN appliance Vendor (Cisco CSR1000v, Sophos UTM9, Paloalto, Fortinet) or opensource (pfsense, vns3, mikrotik) Extra: - ensure tunnel availability - Ensure appliance HA - Manage patching/configuration - Manage security
13.
©2017 Cloudreach Limited Dedicated
or hosted options Surviving the Hybrid Cloud 13 Direct connect (DX) - At least 2 DX locations per region (Frankfurt has 13!!) - 3 DX transport options 1. Owned router in the location (only 1 or 10gbps) 2. Partner provided circuit (sub-gig) 3. Service provider MPLS extension - Can be paired with a hardware VPN connection
14.
©2017 Cloudreach Limited Connectivity
cost Surviving the Hybrid Cloud 14 ● Over Public Network - Internet ■ AWS Managed VPN (single or multi region) ● $0.05 / VPN connection hour (available time) ● Outbound traffic only ■ Software VPN ● Instance + license cost ● Outbound traffic only ● Over Private Line - DirectConnect ■ DX - You own location Router (1gbps or 10gbps) ● Port-hour ($0.30 or $2.25) + ● Data Out $0.02/GB (e.g. EU to EU) ■ DX - AWS Partner provided L2 circuit (>50mbps) ● Port-hour ($0.03 or $0.30) + data out ■ DX - Service Provider network (MPLS circuit) ● Circuit/colocation cost
15.
©2017 Cloudreach Limited Connection
availability Surviving the Hybrid Cloud 15 DirectConnect + VPN 2 x DX, 1 x circuit (router) 2 x DX, 2 x circuits (routers) 2 x DX, 2 x circuits (routers), 2 x DC
16.
©2017 Cloudreach Limited Routing
preference Surviving the Hybrid Cloud 16 So how is the routing decision taken in case of overlap? ● Most prefered: VPC local routes ● Then: Most specific prefix wins ● Still prefered: Static routes ● Not quite last: Dynamic DirectConnect routes ● Second last: VPN static routes ● Last resort: VPN BGP routes: shortest AS_PATH first
17.
©2017 Cloudreach Limited Connection
resiliency and aggregation Surviving the Hybrid Cloud 17 ● Active-Active ○ BGP equal-cost (ECMP) ○ Aggregate bandwidth ● Active-Standby ○ One prefered path ○ Use BGP AS_PATH or BGP local pref ● BGP fact sheet ○ Dynamic routing ○ Peering, sessions, prefix exchange ○ Uses ASN (ex. AWS has fixed ASN) ○ iBGP, eBGP
18.
©2017 Cloudreach Limited VPC
outbound internet Surviving the Hybrid Cloud 18 VGW + AWS IGW --->>> <<<--- VGW + DC Internet - Originate default route (how?) - Reuse existing connection - Control outbound connection (proxy?) - A must: VPC endpoints (S3, SSM, KMS, etc)
19.
©2017 Cloudreach Limited Accessing
VPC resources Surviving the Hybrid Cloud 19 ● Private Virtual interface to access the VPC ● The same VGW is used for both DX and Managed VPN ● Virtual Interface is mapped with a unique VLAN ID ● No transitive routing ● Hairpinning (router on a stick) possible ● Public virtual interface needed for VPC endpoints access
20.
©2017 Cloudreach Limited Transitive
routing? Surviving the Hybrid Cloud 20 WHY? ● Routing between VPCs is non-transitive ● Connection limits: ○ Managed VPN: Per region, per VGW ○ DX: per VIF, per region, routes per session ● Scale and number of VPC which participate How exactly? ● Using software VPN appliances ● Opting for ○ Partially or fully meshed design ○ Or Hub and spoke design ● Challenges: ○ Management overhead / Deploy time / Automation
21.
©2017 Cloudreach Limited Summary Surviving
the Hybrid Cloud 21 ● Understanding hybrid cloud challenges and motivation ● Focus on Network connectivity - requirements ● Connectivity options ○ VPN ■ AWS Managed ■ Software VPN ○ DX ■ Hosted equipment - full port ■ Dedicated connection (sub-gig) ■ Service Provider MPLS circuit ● Availability and resiliency ● Outbound internet ● Transitive routing
22.
©2017 Cloudreach 22 Vielen
Dank! Thank you! Mulțumesc The nice thing about standards is that you have so many to choose from. Andrew S. Tanenbaum, Computer Networks, 2nd ed.
Download now