VPN
Last updated
Last updated
Introduction
Connection for on-premise to VPC. Not for VPC to VPC.
Site to Site VPN (AWS managed VPN)
On-premise
Setup a software / hardware VPN appliance to on-premise network
The on-premise VPN should be accessible with a public IP
AWS side
Setup a Virtual Private Gateway (VGW), not IGW. And attach to the VPC (1 VPC can only attach utmost 1 VGW)
Setup Customer Gateway to point the on-premise VPN appliance
2 VPN connections (tunnels) are created for redundancy, encrypted with IPSec for one Site to Site VPN
Can have another Site to Site VPN with a different Customer Gateway to connect to the same VGW for HA
Can optionally accelerate it with Global Accelerator (for worldwide networks)
Route Propagation in Site-to-site VPN
Routing Options:
Static Routing:
Create static route in corporate data center for 10.0.0.1/24 through the CGW
Create static route in AWS for 10.3.0.0/20 through VGW
Dynamic Routing (BGP):
Like GPS navigator, the best route is determined by different factors, such as traffic congestion, roads temporarily closed for maintenance, etc. The path is calculated dynamically depending on the situation of the network nodes.
Uses BGP (Border Gateway Protocol) to share routes automatically (eBGP for internet)
No need to update Routing Tables
Just need to specify the ASN (Autonomous System Number) of the CGW and VGW
It's optional for VPN. (But required for Direct Connect)
Site to Site VPN and Internet access
AWS VPN CloudHub
Usage:
Can connect up to 10 Customer Gateways for each Virtual Private Gateway (VGW)
Low cost hub-and-spoke model for connectivity between locations
Can be a failover connection between locations.
AWS Client VPN
Connect from your computer with OpenVPN to your private network in AWS and on-premise
Non-AWS Software VPN
Can setup your own software VPN, but have to manage everything including bandwidth, redendancy, etc.
VPN to multiple VPC
For VPN-based customers, AWS recommends creating a separate VPN connection for each customer VPC.
Direct Connect is recommended
