aws transit gateway introduction and use cases
play

AWS Transit Gateway Introduction and use cases Wolfgang Bauer| - PowerPoint PPT Presentation

AWS Transit Gateway Introduction and use cases Wolfgang Bauer| 09.09.2019 Community Day 2019 Sponsors Agenda Motivation and Introduction Use cases before Transit Gateway and now Interconnecting VPCs Connecting multiple VPCs to


  1. AWS Transit Gateway Introduction and use cases Wolfgang Bauer| 09.09.2019 Community Day 2019 Sponsors

  2. Agenda • Motivation and Introduction • Use cases before Transit Gateway and now • Interconnecting VPCs • Connecting multiple VPCs to on-premise / office • Transit • EMnify‘s use case 2

  3. About me • Wolfgang Bauer @wo_wue • Software Developer at EMnify GmbH 3

  4. EMnify GmbH • Cloud-based virtual mobile network operator (MVNO) focussed on IoT • Provide global connectivity for IoT devices • Running virtualized, self-developed mobile core on AWS • Located in Würzburg & Berlin • Technology stack: AWS, Terraform, Java, Akka, Perl, C++, Go 4

  5. Motivation and Introduction 5

  6. Why do we need something new? • For any VPC traffic we need source or destination address to be in VPC • Tunnels or NAT needed to actually have transit traffic • Many VPCs need a lot of setup and maintenance effort 6

  7. Transit Gateway • Virtual router • Connects VPCs, VPNs multiple route tables and Direct Connects • Associate route tables • Propagate your routes or to your attachment configure them statically 7

  8. 8

  9. Border Gateway Protocol • Routers tell their neighbours, which network prefixes they can route • Used to find the shortest path between two nodes • Used in internet, but also also internal BGP within own infrastructure AS 12 AS 890 AS 61234 10.1.0.0/16 10.1.0.0/16 10.2.0.0/16 10.1.0.0/16 10.100.0.0/16 10.2.0.0/16 10.2.0.0/16 10.100.0.0/16 9

  10. Use cases 10

  11. Interconnecting Virtual Private Clouds 11

  12. Interconnecting VPCs VPC Webshop VPC Logistics VPCs Peerings 10.10.0.0/16 10.11.0.0/16 2 1 3 3 4 6 5 10 VPC Databases/BI VPC Manifacturing 10.12.0.0/16 10.13.0.0/16 12

  13. Interconnecting VPCs Transit Gateway 13

  14. 14

  15. 15

  16. Interconnecting VPCs VPC Webshop VPC Logistics VPC Databases 10.10.0.0/16 10.11.0.0/16 10.11.0.0/16 tgw-attach-3 tgw-attach-2 tgw-attach-1 tgw-rtb-a1a1a3b2 Destination CIDR Attachment 10.10.0.0/16 tgw-attach-1 10.11.0.0/16 tgw-attach-2 10.12.0.0/16 tgw-attach-3 16

  17. Interconnecting VPCs VPC Webshop VPC Logistics VPC Databases 10.10.0.0/16 10.11.0.0/16 10.11.0.0/16 tgw-attach-3 tgw-attach-2 tgw-attach-1 tgw-rtb-a1a1a3b2 Destination CIDR Attachment 10.10.0.0/16 tgw-attach-1 10.11.128.0/15 tgw-attach-2 10.12.0.0/16 tgw-attach-3 17

  18. 18

  19. Connecting VPCs to on-premise 19

  20. Connecting VPCs to on premise AWS Cloud VPC VPC VPC VPC 2: tenant 2 VPC 3: tenant 3 VPC 1: tenant 1 Private subnet Private subnet Private subnet VPN VPN VPN Customer Gateway 20

  21. Connecting VPCs to on premise AWS Cloud VPC VPC VPC VPC 2: tenant 2 VPC 3: tenant 3 VPC 1: tenant 1 Private subnet Private subnet Private subnet 21

  22. Connecting VPCs to on premise VPC 1: 10.10.0.0/16 VPC 2: 10.11.0.0/16 VPC VPC Private subnet Private subnet tgw-rtb-north Destination CIDR Attachment Resource Type 192.168.0.0/22 tgw-attach-vpn VPN tgw-rtb-south Destination CIDR Attachment Resource Type 10.10.0.0/16 tgw-attach-vpc1 VPC 10.11.0.0/16 tgw-attach-vpc2 VPC 22 192.168.0.0/22

  23. 23

  24. Transit VPC 24

  25. Transit VPC VPC VPC VPC 1 VPC 2 Private subnet Private subnet VPC Transit VPC 25

  26. Transit VPC VPC VPC Private subnet Private subnet VPC 26

  27. Transit VPC VPC VPC Private subnet Private subnet tgw-attach-2 tgw-attach-1 VPC tgw-rtb-out tgw-rtb-in Destinati Attachment Resource Route Type Destinati Attachment Resource Route on CIDR Type on CIDR Type Type 0.0.0.0/0 tgw-attach- VPN propagated 10.10.0.0 tgw-attach-1 VPC static transit1 /16 tgw-attach- VPN propagated 10.11.0.0 tgw-attach-2 VPC static transit2 /16 27

  28. Transit VPC for Direct Connect VPC VPC Private subnet Private subnet VPC AWS Direct Connect 28

  29. Transit Gateway with Direct Connect VPC VPC Private subnet Private subnet AWS Direct Connect 29

  30. The EMnify use case: Connect customer to their devices 30

  31. Connect customer to their devices VPC EMnify VPC Private subnet NAT EMnify gateway Operator Mobile SGSN Customer gateway gateway network device 31

  32. Connect customer to their devices Customer1 VPC EMnify VPC VPC VPC Private subnet Private subnet Application server EMnify gateway Operator Mobile Customer 10.123.0.0/16 10.10.0.0/16 gateway network device tgw-rtb-fromCustomer tgw-rtb-toCustomer Customer2 on Azure Destination Attachment Resource Destinatio Attachme Resource CIDR Type n CIDR nt Type 10.10.5.0/24 tgw-attach-c1 VPC 100.64.0. tgw- VPC Application server 0/10 attach-em 10.22.0.0/24 tgw-attach-c2 VPN 10.4.192.0/24 tgw-attach-c3 VPN 10.19.11.0/24 tgw-attach-c4 VPC 32

  33. 33

  34. Connect customer to their devices - HA EMnify VPC VPC BGP Private subnet EMnify gateway Operator Mobile Customer 10.123.0.0/16 gateway network device tgw-rtb-fromCustomer tgw-rtb-toCustomer Destination Attachment Route Type Destination Attachment Route Type 10.10.5.0/24 tgw-attach-vpn1 propagated 100.64.0.0/10 tgw-attach- static tgw-attach-vpn2 propagated emvpc 34

  35. Connect customer to their devices - HA 35

  36. Important Limits • Routes: 10 000 per route table (VPC route table 50 soft, 1000 hard) • Bandwidth: • VPC: 50 Gbps • VPN: 1.25 Gbps (higher using multiple connections with ECMP) • Transit Gateways per region: 5, 5000 attachments per region • No inter-region attachments (yet) 36

  37. Summary 37

  38. Pricing eu-west-1 eu-central-1 Attachment 0.05 $ per hour 0.06 $ per hour 36 $ per month 43,20 $ per month Data Traffic 0.02 $ per GB 0.02 $ per GB 38

  39. Summary • Virtual router • Flexible routing • Control route table association and propagation • High Availability by AWS 39

Recommend


More recommend