Components Of AWS Networking Over The Cloud Edge
AWS Networking Components
The overarching component to networking within the AWS framework is what is called a VPC or Virtual Private Cloud. This is basically a virtual network much like the one you would create in your own datacenter or on-prem environment. Within a VPC you can create an IP address range, subnets, populate route tables, configure network gateways, and security settings.
By cloud edge I am referring to the AWS gateway into the customer network. AWS is very big on using Virtual Private Networks or VPN’s to connect networks outside of AWS into the the customer VPC. In this article I will explore what it looks like within the VPC when an AWS Direct Connect has been established. I have gone over the Direct Connect in a previous article, AWS Direct Connect Networking.
With a Direct Connect in place the configuration within the VPC is pretty straight-forward. As I mentioned above, AWS uses VPN’s for most internetwork connectivity and there is a section in the VPC area of the AWS portal.
There are three options under the ‘VPN Connections’ section. They are:
- Customer Gateways
- Virtual Private Gateways
- VPN Connections
The one we are concerned with for this article is the Virtual Private Gateways section, also called a VGW. This part is really is because the VGW has to be created within the VPC before the virtual connection across the Direct Connect can be established and this is discussed in the AWS Direct Connect Networking article. But it is in the VPC Dashboard so I thought it worth mentioning as a component of the cloud edge connectivity.
Configuration within the VPC Dashboard
The next piece is under the Route Tables configuration within the VPC Dashboard. A route table is created when the VPC is initially deployed but additional route tables may be created. Make sure and select the correct route table and at the bottom there will be five tabs, Summary, Routes, Subnet Association, Route Propagation, and Tags. Summary is a quick view of everything, and tags is where an alias or friendly name can be created for the different resources you have.
I had mentioned multiple route tables and the ‘Subnet Associations’ tab is where you can tell the VPC in which route table each subnet should go. Next is Route Propagation and enabling this allows a virtual private gateway to automatically propagate routes to the route tables so that you don’t need to manually enter VPN or BGP routes to your route tables. It is as easy as clicking on the tab, clicking edit, and checking the propagate box next to the VGW from which you wish for routes to be in the VPC routing table. Lastly is the the Routes tab. Under this tab you will see directly connected routes, propagated routes and you can configure static routes here as well. This much like a traditional routing table.
Keep in mind that everything in the VPC including the components above can be configured from a command line utility and automated using scripts. Outside of the Security section, the above configurations, done via CLI or the GUI, will allow for data to flow to and from the cloud edge and your network outside of the AWS infrastructure.
Have questions about the components of AWS networking in regards to networking over the cloud edge? Since Faction was one of the first beta customers, we can help! Reach out to us.