AWS re:Invent 2017: Networking Many VPCs: Transit and Shared Architectures (NET404)
ฝัง
- เผยแพร่เมื่อ 22 ก.ค. 2024
- This session focuses on best practices for connectivity between many virtual private clouds (VPCs), including the Transit VPC. We review how the Transit VPC works and use cases for centralization, network security, and connectivity. We include best practices for multiple accounts, multiple regions, and designing for scale. In addition, we also review some of the variants and extensions to the Transit VPC, including how to customize your own.
Nick's presentations are a 'must-see' at re:Invent every year.
Really great presentation. There are lots to take from this.
Fully satisfied with the whole video. Nicely presented
The big Lebowski reference around 51 minutes is great.
Very good, The video is very useful information :)
51:32 is a little confusing.... are are u saying that if two endpoint with same IP address across from different VPC can access same resource on shared services VPC via private LINK.. how will the return traffic be handled????
I thought there was a new feature that allows you to choose the CIDR used in VPN connections rather than "roll the dice" on the local link range (169.254.0.0/16 or whatever is used). Is that true?
...and then I watched a few more minutes of the video and he covered it. It's true. Doh!
Why not the Datacenter Gateway acts as a transit gateway or a transit router..?
No need to use full mesh AWS VPN, just use DMVPN with CSR over the VPC peering...with Transit VPC being the Hub....
How do you download Nick's presentation?
www.slideshare.net/AmazonWebServices/networking-many-vpcs-transit-and-shared-architectures-net404-reinvent-2017
In vpn over AWS direct connect (minute 22) your created vpn over private virtual interface , this is not correct, vpn connection can only be setup over public virtual interface
That's not true since the CSRs are terminating the VPN and they reside in the private IP address space. If you were using the VGW then you would have to use a public VIF though.
@@pulsebmee is that also the case for other vpn appliances? such as palo alto vm series or juniper vsrx?
@@alfianabdi35 Yes, there's nothing specific about that configuration to the CSR
Meanwhile in Azure, people just peer vNets. Takes 10 sec. Costs nothing. Allows transitive routing.
is this true?....
@@rerosavm Yes
acloud guru asked me to watch this....long video