Mastering AWS Networking: A Practical Guide to VPCs and Cloud Connectivity
sidathasiri1
61 views
24 slides
Oct 09, 2024
Slide 1 of 24
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
About This Presentation
This presentation covers fundamental concepts of networking in AWS, including an overview of key networking components, how to create and configure a Virtual Private Cloud (VPC), and explore essential AWS features like subnets, route tables, internet gateways, and security groups. Designed for begin...
Slide Content
Networking on AWS with VPC
Sidath Munasinghe
Sidath Munasinghe
Networking Basics
Networking Basics
➔Private vs Public Networks
➔Private IP ranges:
◆10.0.0.0 to 10.255.255.255
◆172.16.0.0 to 172.31.255.255
◆192.168.0.0 to 192.168.255.255
➔Private vs Public Networks
➔Private IP ranges:
◆10.0.0.0 to 10.255.255.255
◆172.16.0.0 to 172.31.255.255
◆192.168.0.0 to 192.168.255.255
NAT (Network Address Translation)
➔Allows devices within the private network to connect to the internet
➔Allows devices within the private network to connect to the internet
Subnets/ Subnetworks
➔ Smaller network segment within a larger network
➔ Used to divide networks for organizational or security purposes
➔ Smaller network segment within a larger network
➔ Used to divide networks for organizational or security purposes
CIDR
➔IP address allocation method
➔Can be used to define IP ranges easily
➔0.0.0.0/0: The Default Route
➔IP address allocation method
➔Can be used to define IP ranges easily
➔0.0.0.0/0: The Default Route
AWS VPC
➔An AWS service to create your networks in AWS Cloud
➔Use reliable AWS infrastructure to build your network
➔Features
◆Basic network capabilities (Networks/Subnets etc.)
◆Traffic monitoring
◆VPN connections
◆Firewalls / Access control
◆VPC peering
◆High performance integration with other AWS services via AWS internal network
AWS VPC (Virtual Private Cloud)
➔Use reliable AWS infrastructure to build your network
➔Features
◆Basic network capabilities (Networks/Subnets etc.)
◆Traffic monitoring
◆VPN connections
◆Firewalls / Access control
◆VPC peering
◆High performance integration with other AWS services via AWS internal network
AWS VPC (Virtual Private Cloud)
Creating a VPC - Components
➔VPC
➔Subnets
➔NAT Gateway : Allows resources in the private subnet to access internet
➔Egress-Only Internet Gateway : NAT Gateway functionality for IPv6
➔Internet Gateway : Internet can reach your resources and vice versa
➔Route table : Define the routing rules
➔Security Group : Access control
➔VPC
➔Subnets
➔NAT Gateway : Allows resources in the private subnet to access internet
➔Egress-Only Internet Gateway : NAT Gateway functionality for IPv6
➔Internet Gateway : Internet can reach your resources and vice versa
➔Route table : Define the routing rules
➔Security Group : Access control
VPC Overview
DEMO
Creating a VPC - Steps
1.Create VPC with CIDR allocation
2.Create subnets with proper CIDR allocation
3.Create internet gateway and attach it to the VPC
4.Create route table for public subnet and associate it
5.Create NAT gateway and attach Elastic IP
6.Create route table for private subnet
1.Create VPC with CIDR allocation
2.Create subnets with proper CIDR allocation
3.Create internet gateway and attach it to the VPC
4.Create route table for public subnet and associate it
5.Create NAT gateway and attach Elastic IP
6.Create route table for private subnet
Using the VPC
Other Features
Security & Access Control
➔NACL (Network Access Control Lists)
➔Security Groups
➔NACL (Network Access Control Lists)
➔Security Groups
NAT Gateway vs NAT Instance
VPC Peering
➔Networking connection between two VPCs that allows them to communicate with each other as if
they were within the same network
➔Supports,
◆ cross-region peering with extra cost for data transfer
◆ across multiple AWS accounts
➔Transitive Peering Is Not Supported
➔Provides low latency since connected by internal AWS network
➔The VPCs involved in peering must have non-overlapping CIDR blocks
➔Networking connection between two VPCs that allows them to communicate with each other as if
they were within the same network
➔Supports,
◆ cross-region peering with extra cost for data transfer
◆ across multiple AWS accounts
➔Transitive Peering Is Not Supported
➔Provides low latency since connected by internal AWS network
➔The VPCs involved in peering must have non-overlapping CIDR blocks
VPC Endpoints
➔Enable to create private connections between your Virtual Private Cloud (VPC) and supported AWS services
➔Benefits
◆ Extra security
◆ Low latency
◆ No Internet/NAT Gateway required
➔Types
◆ Interface Endpoints
●Support for wide range of services
●Works by creating an ENI
◆ Gateway Endpoint
●Support only for S3 & DynamoDB
●Works by updating route tables
●Less costly
➔Enable to create private connections between your Virtual Private Cloud (VPC) and supported AWS services
➔Benefits
◆ Extra security
◆ Low latency
◆ No Internet/NAT Gateway required
➔Types
◆ Interface Endpoints
●Support for wide range of services
●Works by creating an ENI
◆ Gateway Endpoint
●Support only for S3 & DynamoDB
●Works by updating route tables
●Less costly
VPN Connections
➔Virtual Private Network (VPN) is a secure, encrypted connection that allows users to access a private
network over a public network like the Internet
➔Types
◆ Site-to-site VPN
◆ Point to site/Remote Access VPN
➔Need to configure,
◆ Virtual Private Gateway within VPC
◆ Customer Gateway at on premise network
➔Virtual Private Network (VPN) is a secure, encrypted connection that allows users to access a private
network over a public network like the Internet
➔Types
◆ Site-to-site VPN
◆ Point to site/Remote Access VPN
➔Need to configure,
◆ Virtual Private Gateway within VPC
◆ Customer Gateway at on premise network
Direct Connect & Direct Connect Gateway
➔Direct Connect provides a dedicated network connection (fiber) from your on-premises data center
to AWS
◆ more consistent bandwidth
◆ lower latency
◆ enhanced security
➔Direct Connect Gateway allows you to connect a single Direct Connect connection to multiple AWS
VPCs across different AWS regions
➔Direct Connect provides a dedicated network connection (fiber) from your on-premises data center
to AWS
◆ more consistent bandwidth
◆ lower latency
◆ enhanced security
➔Direct Connect Gateway allows you to connect a single Direct Connect connection to multiple AWS
VPCs across different AWS regions
Transit Gateway
➔AWS Transit Gateway enables you to connect multiple VPCs, on-premises networks, and remote
offices together through a single gateway
➔Centralized Hub for Connectivity
➔Highly scalable
➔AWS Transit Gateway enables you to connect multiple VPCs, on-premises networks, and remote
offices together through a single gateway
➔Centralized Hub for Connectivity
➔Highly scalable
Q & A
Thanks!
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 61
- Slides 24
- Age 417 days
Related Slideshows
1
MGV Residential Design projects for different clients, including a New Mexico Adobe project-1-.pdf
mannyvesa
26 views
16
EUNITED_Advocacy and Public Engagement through Visual Media
GeorgeDiamandis11
30 views
31
DESIGN THINKINGGG PPT 2 TOPIC IDEATION.pptx
HibaZaidi2
24 views
36
DESIGN THINKING CHAPTER 1 PPTT PPT 1.pptx
HibaZaidi2
27 views
112
Hinduism and Its History - PowerPoint Slides.pptx
ConorMcCormack10
23 views
20
Service Attributes of Manufactured Parts.pptx
MustafaEnesKrmac
24 views