AWS Transit Gateway

-

 AWS Transit Gateway





Transit Gateway - 

  • Transitive peering between thousands of VPCs and on-premise data centers using hub and spoke (star) topology 
  • Works with Direct Connect Gateway, VPN connection and VPC 
  • Bound to region 
  • Transitive peering between VPCs in same region and account 
  • Route tables to control communication within the transitive network 
  • Supports IP multicast (not supported by any other AWS service)





Increasing BW of Site-To-Site Connection -  
  • ECMP (equal-cost-multi-path) routing is a routing strategy to allow to forward a packet over multiple best path 
  • To increase the bandwidth of the connection between transit gateway and corporate data centre, create multiple site-to-site VPN, each with 2 tunnels (2 x 1.25 = 2.5Gbps per VPN Connection)
  • Only one VPN connection to a VPC having to tunnels out of which only 1 is used (1.25Gbps)






Share DX Between Multiple Accounts - 
  • Share Transit Gateway across account using Resource Access Manager (RAM) connection between VPCs in the same region but different accounts


A. Create a VPC peering connection between the on-premises and the AWS Environment.

B. Create an AWS Direct connection between the on-premises and the AWS Environment.

C. Create a VPN connection between the on-premises and the AWS Environment.

D. Create a Virtual private gateway connection between the on-premises and the AWS Environment.

Answer

C. Create a VPN connection between the on-premises and the AWS Environment.

For more information on Virtual private connection, please visit the following URL: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.htmlOption A is invalid because A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. It is not used for connection between on-premise environment and AWS.Option D is invalid because A virtual private gateway is the Amazon VPC side of a VPN connection. For the communication to take place between the on-premise servers to AWS EC2 instances with in the VPC, we need to set up the customer gateway at the on-premise location.Note:The question says that “There is a need to ensure that communication across both environments is possibleover the Internet.” AWS Direct Connect does not involve the Internet.A VPC VPN Connection utilizes IPSec to establish encrypted network connectivity between your intranet and Amazon VPC over the Internet. VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.AWS Direct Connect does not involve the Internet;instead, it uses dedicated, private network connections between your intranet and Amazon VPC.



Comments

Post a Comment

Popular posts from this blog

AWS Instance Store

-
Image
 AWS Instance Store  AWS Instance Store -  Hardware storage directly attached to EC2 instance amd cannot be detached and attached to another instance  Highest IOPS for any available storage Ephemiral Storage (Loses data when instance is terminated, stopped or hibernated) Good to buffer/cache/scratch data/temporary content  AMI created from an instance does not its instance store volume preserved  You can specify the instance store volumes to an instance when you launch the instance. You can't attach instance store volumes to an instance after you’ve launched it. Raid -  Raid 0  Improve performance of a storage volume by distributing reads and write in a stripes across attached volumes  If you add a storage volume you get the straight addition of throughput and iops For high performance applications Raid 1   Improve data availability by mirroring in multiple volumes For critical applications
Read more

AWS Identity and Access Management

-
Image
  IAM Introduction to IAM -  AWS identity and management is a web service that helps you to securely control access to AWS resources You use IAM to control who is authenticated and authorized to use resources IAM allows you to create and manage AWS users and groups , and use permissions to allow or deny their access to AWS resources IAM is a fundamental part of AWS security, as it allows you to implement the principle of least privilege , ensuring that users and applications have only the permissions they need to perform their tasks IAM also provides features such as multi-factor authentication (MFA) , password policies, and access keys to enhance the security of your AWS environment Features of IAM -  IAM User  -   IAM allows you to create and manage users in your AWS account Each IAM user has a unique name and security credentials, which are used to authenticate and authorize their access to AWS resources IAM users have security credentials that are us...
Read more

Elastic Block Storage (EBS)

-
Image
 Elastic Block Storage (EBS) Elastic Block Storage (EBS) -  AWS Elastic Block Storage is a web service that provides block level storage volumes for use with amazon EC2 instances Amazon EBS volumes are highly available and reliable storage volumes that can be attached to any running instance and used like hard drive Amazon EBS allows you to create storage volumes and attach them to EC2 instances   It is used for various databses (both relational and non relational) as well as a wide range of application such as software testing and development  EBS provides a high performance option for many use cases it is directly attached to the instance Features of EBS  -  Amazon Elastic Block Storage  Region and availability zones are multiple physical location for your resources such as instances and EBS volumes Using security groups, you can specify the protocols, ports and source IP ranges that can reach your instances Elastic IP addresses are static IPv4 ...
Read more