VPN Flashcards
VPN ESSENTIALS
- VPN enables te ability to extend a subnet from one geographic location to another geographic location on two separate networks.
- extending the subnets allows the network at location “A’ to communicate internally with all resources at location “B”.
- also provides an additional level of security by ensuring that traffic sent using the VPN is encrypted.
- VPN connection has 2 parallel routes(IPsec tunnels) which is for redundancy.
- only one Virtual Private Gateway can be attached to a VPC.
- a VPC can have both a VPG and an IGW attached at the same time.
Virtual Private Gateway:
connector on the VPC side of the VPN connection.
VPG is connected to the VPC;
both VPG and customer gateway are required to establish a VPN connection.
Customer gateway
a physical device or software application at the on-premise location that act as the “connector” to the VPN connection.
-in your AWS account, the customer gateway component is where you configure the public IP(internet routable static IP) address of the physical device or software application at the on-premise location.
VPN COnneciton
actual link between the virtual private gateway and the customer gateway.
is setup and managed in AWS
each connection uses 2 IPsec tunnels for redundancy.
Router
AWS has dispensed with the concept of having users physically setup and manage a “router”.
route tables are actually part of a “router” assigned to your VPC.
when setting up a VPN, the route table must include routes for the on-premise network that are used by the VPN. and pint them to the VPG.
Direct connect essentials
service that provides a dedicated network connection between your network and one of the AWS Direct Connect locations.
this is done through an authorized Direct connect provider(ie Verizon or other ISPs).
does not require hosting any router/hardware at the direct connect partner location, only requires a direct connect location and a participating backbone providerl
an AWS direct connect location provides access to the AWS region it is associated with.
it does not provide access ot other AWS region.
Direct COnnect Benefits
Reduce network cost;
- reduct bandwidth commitment to corporate ISP over public internet.
- data transferred over direct connect is billed at a lower rate by Amazon.
Increase network consistency;
– reduce latency.
Dedicated private network connection to on-premise:
- connect the direct connect connection to a VGW in your VPC for a dedicated private connection from on-premise to VPC.
- use multiple VIF to connect to multiple VPCs.
Cross-network connection
physical connection between your network and the direct connect authorized partner., which then handles the routes and connections to AWS networks.
Private Virtual Interface
allows you to interface with an AWS VPC.
– with automatic route discovery using BGP.
– requires a public or private ASN number
can only communicate with internal IP addresses inside of EC2;
cannot access public IP addresses, as Direct Connect is NOT an internet provider.
This is a dedicated private connection which works like a VPN.
FOr best practice, use 2 direct connect connections for active-active or active-failover availability.
You can also use VPN as a backup to direct connect connections.
you can create multiple private virtual interfaces to multiple VPC’s at the same time.
public Virtual interface
allows you use a direct connection to connect to a public endpoints like (DynamoDB and S3)
requires public CIDR block range
even though we are accessing public endpoints, the connection maintains consistent traffic consistency as it is sent over your dedicated network.
Storage gateway Essentials
integrates your data with AWS ENCRYPTION, identity management, monitoring.
VPC peering
is used to extend your private network from one VPC, or one subnet, or specifically one instance to another VPC.
This for sharing internal resources, via private IP addresses.
can inter-region VPC peering
possible across accounts.
2 VPC must have separate CIDR block ranges.
Transitive connections are not allowed.
You have been asked to set up architecture that extends the AWS VPC to your company’s on-premises data center. What do you need to set up to accomplish this?
You will need to set up and configure a virtual private network. A VPN is what allows you to extend subnets inside your VPC to your on-premises data center.
If AWS asks you to configure the connection between your on-premises data center and a Direct Connect Authorized Provider, what would you be configuring?
The cross-network connection is the connection between your on-premise data center and the Direct Connect Authorized Provider.
