Please enable JavaScript.
Coggle requires JavaScript to display documents.
Types of VPC Connectivity - Coggle Diagram
Types of VPC Connectivity
AWS Managed VPN
using existing internt
Appliance on prem
Virtual Private Gateway on AWS side
spans VPN over internet
IPSec VPN
supports static routs or BGP Peering
create:
appliance on prem
create VPN connection in AWS
use config file from aws to you appliance
generate initial traffic for the connection to be established
pros:
quick
simple
can have more than one appliance for redundant layout
cons:
depends on your internet connection
fail over must be managed on customer side
could be a redundant/fail over connection for more complex setups (direct connect)
AWS Direct Connect
dedicated network from on prem to aws
pros:
up to 10Gbps
more reliable/predictable
heavy loads ---> enterprises
if you are in need of a "big pipe"
cons:
takes time to setup
further contracts with additional providers
single point of failure (not redundant) --> setup two lanes or use another fail over connection
create:
existing data network provider creates VIF
VIF
public VIF
Virtual Interface conneted S3, Glacier directly
private VIF
virtual interface connected to VPC
AWS Direct Connect + VPN
same as Direct Connect
in addition setup a VPN with IPSec
in theory more secure
AWS VPN Cloud Hub
A Virtual Private GAteway connects different locations in a Hub and Spoke manner
same as AWS Managed VPN but the Gateway is connected to different locations
each customer with it´s own IP range
Transit VPC
Hub & Spoke VPN between VPCs and locations
AWS managed
ultimate flexibility between VPC & location connections
3rd party products full offerings
CISCO
Juniper
common strategy for disperse VPCs and locations
con: must design redundency across the whole chain!
VPC Peering
no internet involved
uses aws backbone alone
link two VPCs together
no transitivity
cross account
create:
vpc peering request
vpc peering request accept
create routetable entries on both sides
AWS Private Link
links single services and interfaces (VPC endpoints)
more fine grained control instead of vpc peering
uses backbone of AWS no internet involved
Two Types of Endpoints
Interfaces
use DNS entries to redirect (RDS, GloudFront)
secured with Security Groups
Gateway
use prefix list in route table to redirect
only Amazon S3
DynamoDB
VPC Endpoint Policies (alow how access more control)
same region: setup an enpoint for each region you need it
Software VPN
do it yourself all the way
ultimate flexibility & manageability
own VPN Endpoint as Server INstance in VPC
e.g OpenVPN
Traffic routes through IGW