Development Notes
  • Introduction
  • Programming Langauges
    • Java
      • Cache
      • Java Fundamentals
      • Multithreading & Concurrency
      • Spring Boot
        • Spring Security
        • Development tips
      • ORM
        • Mybatis
      • Implementation & Testing
    • Node.js
      • Asynchronous Execution
      • Node.js Notes
    • Python
      • Memo
  • Data Structure & Algorithm
  • Database
  • Design Pattern
  • AWS Notes
    • Services
      • API Gateway
      • CloudHSM
      • Compute & Load Balancing
        • Auto Scaling Group
        • EC2
        • ECS
        • ELB
        • Lambda
      • Data Engineering
        • Athena
        • Batch
        • EMR
        • IoT
        • Kinesis
        • Video Streaming
        • Quicksight
      • Deployment
        • CloudFormation
        • Code Deploy
        • Elastic Beanstalk
        • OpsWorks
        • SAM
        • SSM
      • ElasticSearch
      • Identity & Federation
        • Directory Service
        • IAM
        • Organizations
        • Resource Access Manager (RAM)
        • SSO
        • STS
      • KMS
      • Management Tools
        • Catalog
        • CloudTrail
        • CloudWatch
        • Config
        • Cost Allocation Tags
        • GuardDuty
        • Savings Plans
        • Trusted Advisor
        • X-Ray
      • Migration
        • Cloud Migration: The 6R
        • Disaster Recovery
        • DMS
        • VM Migrations
      • Networking
        • ACM
        • CloudFront
        • Direct Connect
        • EIP & ENI
        • Network Security
        • PrivateLink
        • Route53
        • VPC
        • VPN
      • Service Commnucation
        • Amazon MQ
        • SNS
        • SQS
        • Step Functions
        • SWF
      • Storage
        • Aurora
        • DynamoDB
        • EBS
        • EFS
        • ElastiCache
        • RDS
        • Redshift
        • S3
        • Storage Gateway
      • Other Services
        • Alexa for Business, Lex, Connect
        • AppStream 2.0
        • CloudSearch
        • Comprehend
        • Data Tools
        • Elastic Transcoder
        • Mechanical Turk
        • Rekognition
        • WorkDocs
        • WorkSpaces
    • Well Architect Framework
      • Security
      • Reliability
      • Performance Effeciency
      • Cost Optimization
      • Operational Excellence
    • Labs
      • Webserver Implementation
      • ELB Implementation
      • Auto-scaling Implementation
      • A 3-tier Architecture In VPC
  • Architecture
    • Security
  • Spark
    • Memo
  • Conference Notes
    • Notes of JCConf 2017
  • AI Notes
Powered by GitBook
On this page

Was this helpful?

  1. AWS Notes
  2. Services
  3. Networking

VPN

PreviousVPCNextService Commnucation

Last updated 4 years ago

Was this helpful?

Introduction

  • Connection for on-premise to VPC. Not for VPC to VPC.

Site to Site VPN (AWS managed VPN)

  • On-premise

    • Setup a software / hardware VPN appliance to on-premise network

    • The on-premise VPN should be accessible with a public IP

  • AWS side

    • Setup a Virtual Private Gateway (VGW), not IGW. And attach to the VPC (1 VPC can only attach utmost 1 VGW)

    • Setup Customer Gateway to point the on-premise VPN appliance

  • 2 VPN connections (tunnels) are created for redundancy, encrypted with IPSec for one Site to Site VPN

  • Can have another Site to Site VPN with a different Customer Gateway to connect to the same VGW for HA

  • Can optionally accelerate it with (for worldwide networks)

Route Propagation in Site-to-site VPN

  • Routing Options:

    • Static Routing:

      • Create static route in corporate data center for 10.0.0.1/24 through the CGW

      • Create static route in AWS for 10.3.0.0/20 through VGW

      • Like GPS navigator, the best route is determined by different factors, such as traffic congestion, roads temporarily closed for maintenance, etc. The path is calculated dynamically depending on the situation of the network nodes.

      • Uses BGP (Border Gateway Protocol) to share routes automatically (eBGP for internet)

      • No need to update Routing Tables

      • Just need to specify the ASN (Autonomous System Number) of the CGW and VGW

      • It's optional for VPN. (But required for Direct Connect)

Site to Site VPN and Internet access

AWS VPN CloudHub

  • Usage:

    • Can connect up to 10 Customer Gateways for each Virtual Private Gateway (VGW)

    • Low cost hub-and-spoke model for connectivity between locations

  • Can be a failover connection between locations.

AWS Client VPN

  • Connect from your computer with OpenVPN to your private network in AWS and on-premise

Non-AWS Software VPN

  • Can setup your own software VPN, but have to manage everything including bandwidth, redendancy, etc.

VPN to multiple VPC

  • For VPN-based customers, AWS recommends creating a separate VPN connection for each customer VPC.

  • Direct Connect is recommended

Dynamic Routing ():

BGP
Global Accelerator
Site to Site VPN
Route Propagation in Site-to-site VPN
Site to Site Internet Access with NAT Gateway / NAT Instance
Site to Site Internet Access with on-premise NAT
CloudHub
Non-AWS Software VPN
VPN to multiplc VPC