This session provides attendees with approaches to their VPC, including creating and protecting subnets, routing, performing VPC peering, and leveraging the latest features in Amazon VPC. Additionally, we'll discuss Amazon Route 53 for delivering traffic.
10. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
Availability Zone B
Availability Zone C
11. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
12. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
13. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
14. Route tables in a VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
15. Security groups in a VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
security group
16. Internet gateway with a VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
security group
19. AWS Direct Connect
AWS Direct Connect location
Private fiber connection
One or multiple
50–500 Mbps,
1 Gbps or 10 Gbps connections
20. VPN and Direct Connect
• Secure connection to you network
• Pair of IPSec tunnels over the internet
• Dedicated line
• Lower latency and lower per GB data transfer rates
• Failover between each
21. Amazon VPC
Availability Zone A Availability Zone B
10.200.0.0/16
Availability Zone A
Availability Zone C
10.200.2.0/27
10.200.1.0/28
Availability Zone B
10.200.1.16/28
Availability Zone C
10.200.1.32/28
10.200.2.32/27 10.200.2.64/27
10.200.2.4 10.200.2.36 10.200.2.68
10.200.1.4
10.200.1.20
10.200.1.36
30. Route 53 overview
• Route 53 is a highly available and scalable cloud
Domain Name System (DNS) web service
• Distributed globally
• Integrates with other AWS services
• Can be used for on-premises and hybrid setups
• Simple to use
31. Route 53 features
• Latency based routing
• Geo DNS
• Weighted round robin
• DNS failover
• Health checks
• Private DNS for VPC
• Domain name registration & transfer
32. Route 53 SLA
100% Available
SLA details: https://aws.amazon.com/route53/sla/
33. Route 53 pricing
• Hosted zones
$0.50 per hosted zone/month for the first 25 hosted zones
$0.10 per hosted zone/month for additional hosted zones
• Standard queries
$0.400 per million queries—first 1 billion queries/month
$0.200 per million queries—over 1 billion queries/month
• Latency based routing queries
$0.600 per million queries—first 1 billion queries/month
$0.300 per million queries—over 1 billion queries/month
• Geo DNS queries
$0.700 per million queries—first 1 billion queries/month
$0.350 per million queries—over 1 billion queries/month
It’s always a good idea to remind everyone of this
Define region/AZ/edge
5 in the next year
You may currently have a data center
You might be running a customer prior to 2013 and running ec2 classic
Overview of what a VPC is
(Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define.
First pick a CIDR block from /28 to /16
Avoid overlapping networks you might connect to
Can’t resize a VPC or a subnet – may not want to make one big subnet
Azs and subnets are 1:1
Pick number of AZs to support design
Pick multiple for HA/resiliency,
Pick multiple for access to larger pool for spot
The first four IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved:
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS for mapping to the Amazon-provided DNS.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.
Several services supported to work within a VPC. Not just EC2
Route tables for traffic flow
Stateful firewall around instances
Internet Gateway to get out to the internet if needed
* Do not have to do this!
Connect multiple VPC within a region
Cross account access
Invitation process
Connect back to on prem networks
Two endpoints per VPC
One to one VPC and VPN tunnel
Connect back to on prem networks
Start off with a VPN
Building out VPCs
You can go through the console and build it
Programmatic access to build it
Node.js snippet
Cfn overview
JSON formatted and templated
Security, DR, COOP become first class citizens
Use that same template to deploy globally
CLI example to launch that environment to all commercial regions
xargs to keep going on error if CLI errors out with 255
$0.40 for 1 million queries
3 million queries is cheaper than the coffee I picked up this morning.
Over 300 TLDs available
https://aws.amazon.com/about-aws/whats-new/2016/05/amazon-route-53-announces-domain-name-registration-enhancements-expanded-tld-catalog-and-detailed-billing-history/
Highlight partitioning of name, domains, and TLDs for resiliency
Here is one of the sites we created earlier with Cfn
Nothing fancy - Here’s what we see when we go to the web site
Grab the list of all the websites I made earlier
Configure a health check for one site
Configure a health check for one site
Do you want to be notified?
Maybe you don’t want to do by hand in the console
Health status bar
powered down the web server, starts to fail after thresholds met
Powered back up, and healthy
Let’s make a health check for each of the sites we made earlier
Remembering IPs is no fun, let’s make an A record
Latency based
Failover
Weighted
Link to Elastic Load Balancer and other AWS services
One in US and one in Europe
Example of getting to least latent web server from wherever I am in the world