Network architecture in Amazon Web Services (AWS) environment is critical to ensure secured, optimized, and resilient systems. Understanding the AWS’s VLAN logical constructs as well as network routing, topology, and peering can greatly enhance the performance and security of cloud-based applications.
2. AWS Transit Gateway
AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway dramatically simplifying their network architecture. It acts as a hub that controls the way traffic is routed among all the connected networks.
2.1 Advantages of AWS Transit Gateway
- Simplified network architecture: Connect thousands of VPCs and on-premises networks through a single gateway.
- Centralized control: Manage routing rules from a centralized place enabling better scalability.
- Consistent Monitoring: Track ingress, egress, and transit traffic through flow logs.
- High Performance: Offers high bandwidth and low-latency connections within your network.
3. AWS VPC Peering
VPC Peering is a networking connection between two VPCs that enables you to route traffic between them privately. The VPCs can be in different regions (also known as inter-region VPC peering) and can belong to different AWS accounts. AWS uses the existing infrastructure of a VPC to create a VPC peering connection, it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware.
3.1 Advantages of AWS VPC Peering
- High-speed, low-latency connectivity: There are no bottlenecks or bandwidth constraints.
- More Secure: It does not traverse the public internet and reducing threats like DDoS attacks.
4. Comparison between AWS Transit Gateway and VPC Peering
It’s crucial to understand the differences between AWS Transit Gateway and VPC Peering to select the most suitable method for your network connectivity.
| Feature | AWS Transit Gateway | VPC Peering |
|---|---|---|
| Inter-region support | Yes | Yes |
| Cross-account support | Yes | Yes |
| Private connectivity | Yes | Yes |
| Central management | Yes | No (individual connections) |
| Scalability | High (thousands of VPCs) | Limited |
5. Conclusion
Depending on your business requirements, either AWS Transit Gateway or VPC peering can facilitate your networking needs in terms of security, efficiency, and cost. With deep knowledge of AWS’ best practices about networking, routing, topology, and peering, you will be well prepared for the AWS Certified Solutions Architect – Associate (SAA-C03) exam.
Practice Test
True/False: AWS Transit Gateway allows peering between VPCs only within a single region.
- True
- False
Answer: False.
Explanation: AWS Transit Gateway not only allows for peering between VPCs within a single region but also across different regions.
Which AWS service is primarily used for managing inter-VPC routing?
- A. Direct Connect
- B. AWS Global Accelerator
- C. AWS Transit Gateway
- D. Amazon Route 53
Answer: C. AWS Transit Gateway
Explanation: AWS Transit Gateway is primarily used for managing inter-VPC routing. It simplifies the network architecture and operations by allowing connectivity to be established between VPCs and on-premises networks from a single gateway.
True/False: VPC peering connections are automatically established in AWS.
- True
- False
Answer: False.
Explanation: VPC peering connections are not automatically created. They must be manually set up by the user. It involves creating a peering connection, sending a request to another VPC owner, and then the owner must accept this peering request.
What are some network topologies that the AWS Transit Gateway supports? (Select Two)
- A. Mesh
- B. Star
- C. Point-to-Point
- D. Blockchain
Answer: A. Mesh, B. Star
Explanation: AWS Transit Gateway supports both Mesh and Star network topologies. Mesh topology is where each network (VPC or VPN) is connected to every other network. Star topology is where each network is connected to a hub (the transit gateway) and all communication between networks goes through the hub.
AWS VPC Peering provides _______________ connectivity between VPCs.
- A. Intra-Region
- B. Internet
- C. Cross-Region
- D. Both A & C
Answer: D. Both A & C.
Explanation: AWS VPC Peering provides both intra-region and cross-region connectivity between VPCs, allowing them to communicate as if they are within the same network.
AWS Direct Connect bypasses the internet and improves ____________.
- A. Network Cost
- B. Network Performance
- C. Network Reliability
- D. All of the above
Answer: D. All of the above
Explanation: AWS Direct Connect bypasses the internet for a more reliable, cost-effective, and higher-performance network connection to AWS services.
VPC Peering in AWS is based on what model?
- A. Pull
- B. Push
- C. Non-transitive
- D. Thumbnails
Answer: C. Non-transitive
Explanation: VPC Peering in AWS is based on a non-transitive model. This means that if VPC A has a peering relationship with VPC B and VPC B has a peering relationship with VPC C, VPC A is not implicitly granted access to VPC C.
True/False: You can establish peering between your VPC and a VPC in another AWS account.
- True
- False
Answer: True
Explanation: Yes, you can establish VPC peering between your VPC and a VPC in another AWS account within a single region or across different regions.
Which of the following services simplifies the integration of on-premises networks with Amazon VPCs?
- A. VPC Peering
- B. AWS Direct Connect
- C. Amazon Route 53
- D. AWS Transit Gateway
Answer: B. AWS Direct Connect
Explanation: AWS Direct Connect simplifies the integration of on-premises networks with Amazon VPCs by providing a more reliable, secure, and scalable network connection.
VPCs can span multiple Availability Zones. True/False?
- True
- False
Answer: True.
Explanation: Yes, a single VPC can span multiple Availability Zones, providing a secure and flexible networking environment for your AWS resources.
Which AWS service allows you to centralize monitoring of network traffic?
- A. CloudTrail
- B. VPC Flow Logs
- C. VPC Peering
- D. AWS Transit Gateway
Answer: B. VPC Flow Logs
Explanation: VPC Flow Logs allows you to capture information about IP traffic going in and out of network interfaces in your VPC, helping you to centralize the monitoring of network traffic.
What is the maximum transmission unit (MTU) for traffic going through a VPC peering connection?
- A. 1500 bytes
- B. 9724 bytes
- C. 8500 bytes
- D. 9001 bytes
Answer: A. 1500 bytes
Explanation: The MTU of a network connection is the maximum size, in bytes, of any single packet of data that can be sent over the connection. The maximum MTU for traffic over a VPC Peering connection is 1500 bytes.
Interview Questions
What is Amazon VPC Peering?
Amazon VPC Peering is a networking connection between two VPCs that enables you to route traffic between them via private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network.
What is AWS Transit Gateway?
AWS Transit Gateway is a service that enables customers to connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway.
Can you peer VPCs across different AWS regions?
Yes, inter-region VPC peering allows peering between VPCs across different AWS regions.
What is the purpose of a routing table in AWS?
In AWS, a routing table contains a set of rules, called routes, that are used to determine where network traffic is directed. Each subnet in your VPC must be associated with a routing table.
Can a VPC be peered with another VPC even if they have overlapping CIDR blocks?
No, VPCs with overlapping CIDR blocks cannot be peered.
What are common AWS peering configurations?
Common AWS peering configurations include peering between VPCs in the same AWS account, between different AWS accounts, and between VPCs in different AWS regions.
What port is used to access the AWS Management Console?
HTTPS on port 443 is used to access the AWS Management Console.
True or False? AWS Transit Gateway scales elastically based on the volume of network traffic.
True. AWS Transit Gateway is designed to scale elastically based on the volume of network traffic.
Is multicast routing supported by AWS Transit Gateway?
As of the current AWS documentation, multicast routing is not supported by AWS Transit Gateway.
What is Path Maximum Transmission Unit Discovery (PMTUD) in VPC peering?
PMTUD is a technique used to determine the maximum transmission unit size that can be used for IP datagrams on a network path.
What is a common use case for AWS Transit Gateway?
A common use case for AWS Transit Gateway is for centralizing and managing connectivity across a customer’s AWS landscape, simplifying network architecture, and reducing operational overhead.
Can a routing table in a VPC have multiple target gateways for the same destination CIDR block?
No, a routing table can’t have multiple routes that have the same destination CIDR block and different targets.
What are some of the benefits of VPC peering?
Some benefits of VPC peering include transferring data across your peered VPCs using Amazon’s private network, improving security and privacy, increased speed, reduced data transfer costs, and ease of setup.
How does network traffic flow between peered VPCs?
Traffic between peered VPCs flows across Amazon’s private network, not the public internet, and does not require gateway, VPN, or separate network connection.
What are the restrictions when creating a new VPC peering connection?
The primary restrictions are that the VPCs cannot have overlapping CIDR blocks, cannot be peered with a VPC in a different region, and you cannot create a VPC peering connection between VPCs in different AWS accounts.
extutorials.com