Multi-VPC connectivity, AWS network infrastructure.(Part-2)

 Hi! This blog is the continuation of part-1, which is about the multi-VPC networking infrastructure. If you have not checked it out, click on the link below 

Multi-VPC connectivity, AWS network infrastructure.(Part-1) : https://cloudcentralblogs.blogspot.com/2022/05/multi-vpc-connectivity-aws-network.html

So lets get into it, shall we?

VPC to VPC connectivity

AWS PrivateLink

Source of above picture: AWS documentation
  • This service can be used to route traffic between different VPCs and access AWS services on a private network using VPC endpoint, as shown in the above figure.
  • The consumer and the service are not required to be in the same VPC.
  • If the VPC is different, the consumer and service provider VPCs can have overlapping IP address ranges. So this a good option when client and servers in the two VPCs have overlapping IP addresses, as the endpoint configuration in consumer VPC leads to the creation of an ENI in the subnet with a private IP address that serves as an entry point for traffic destined to the service.
  • Only consumer VPCs can initiate the connections to the service provider.
  • Handles API style client-server connectivity.
  • You can access AWS PrivateLink endpoints over VPC Peering, VPN, and AWS Direct Connect.
VPC Sharing

Source of above picture: AWS documentation
  • A particular VPC will be shared with multiple accounts.
  • Acts as a centrally managed VPC.
  • The accounts with which the VPC is shared can modify, delete and create resources.
  • There are certain limitations regarding the creation of AWS services in shared VPC. So it is recommended to gain knowledge on that, through documentation, before implementing the solution.
  • Security of resources in shared VPC can be managed using security groups and subnet NACLs.
  • Participants should have some level of cooperation since they are sharing IP space and resources.
  • Simplified design for better IPv4 utilization.
Private NAT Gateway

Source of above picture: AWS documentation
  • Another solution for connecting workloads with overlapping CIDR (VPCs with same CIDR ranges).
  • Private NAT Gateway uses its private IP to perform network address translation.
  • The service can also be used when on-premises network restricts access to approved IPs.
  • The instances in a overlapping subnet of VPC-A routes traffic to private NAT, which in turn performs NAT and routes traffic to overlapping subnet of VPC-B.
Conclusion

This blog speaks on options of connecting multiple VPCs. In different use cases and networking requirements, one can use the service/option accordingly.
Hope you found it informational.
Thanks for reading and for your time!

Comments

Post a Comment

Popular posts from this blog

Multi-VPC connectivity, AWS network infrastructure.(Part-1)

Image
  Overview Amazon Web Services (AWS) customers often rely on hundreds of accounts and virtual private clouds (VPCs) to segment their workloads and expand their footprint. When a VPC needs to communicate with another VPC present in the same or different region/account, there should be a connection established. As the number of VPCs inc reases in an account or in a region due to the expansion of workload, the communication between those VPCs and the VPCs present in different accounts or regions becomes cumbersome. There could be various use cases and problems to solve other than mentioned above. AWS provides us choices that we can opt, which best suits our network infrastructure requirements. VPC to VPC connectivity VPC Peering AWS VPC peering is a point-to-point connectivity between VPCs. No transitive connections can be leveraged. Maximum of 125 peering connections per VPC. For hybrid connectivity i.e. peering connection between AWS VPC and on-premises network, VPN or Direct conne...
Read more

Multi-Tier Architecture in AWS with Best Practices.

Image
 Hi! This is my very first blog on Amazon Web Services, the team creating an  ocean of services, to whose beach party; innovation, business transformation and sustainability in technology and many more are most welcomed. I am currently working as an AWS Cloud Engineer and I am glad to say that building business workloads on AWS is one of my passion. Fundamentals are very important for any project to be successful. So, I thought I will take a basic yet very important topic and share my knowledge and opinions about it. Grab a coffee and sit back, you are about to take a multi-informational tour. Multi-Tier Architecture in AWS with Best Practices. In multi-tier architecture, there can be, Two layers comprising of Application tier and Database tier. Three layers comprising of Web tier, Application tier and Database tier. Four layers comprising of Web Tier, Application Tier, Proxy Tier and  Database Tier. I will be talking about the components, end-to-end function and how faul...
Read more