AWS VPC peering, VPN connection, and Direct connect
If you think you can run all the infrastructure straight away on a cloud platform, it is a myth. You will come across so many phases where you need to connect between the services which are either running on your premise or inside different vpc in the cloud. We have different methods for succeeding in these tasks: VPC peering, VPN connection, and Direct connect.
Let us now deep dive into each of the services and you decide which suits you best.
AWS VPC peering
AWS VPC peering is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different regions (also known as an inter-region VPC peering connection).
Multiple VPC peering connections is also possible whereas transitive peering relationships are not supported.
The following diagram is an example of one VPC peered to two different VPCs. There are two VPC peering connections: VPC A is peered with both VPC B and VPC C. VPC B and VPC C are not peered, and you cannot use VPC A as a transit point for peering between VPC B and VPC C. If you want to enable routing of traffic between VPC B and VPC C, you must create a unique VPC peering connection between them.
In order to peer multiple VPC’s with each other, a number of connections would be based on the formula [n(n-1)/2]. For example, if you have a total of 5 VPC’s in your network and all needs peering then total connections would be10 as per the formula where ‘n’ is number of VPC’s.
Follow the below video for cross-region VPC peering hands-on. https://www.youtube.com/watch?v=KmCEFGDTb8U
— — — — — — — — — — — — — — — — — — — -
AWS Site to Site VPN connection
AWS VPN connection allows you to securely connect between services in the on-prem network to services inside your VPC on the cloud. These communications happen over a secured IPsec private link. All the data flowing in this network would be encrypted and follows IPsec protocol.
Few key concepts to be noted while setting up site to site VPN connection -
Customer gateway: An AWS resource that provides information to AWS about your customer gateway device.
Virtual private gateway: The VPN concentrator on the Amazon side of the Site-to-Site VPN connection.
Site-to-site VPN connection: This is the connection that makes your on-prem and AWS side resources talk to each other.
Refer to the below video for a hands-on Site-to-site VPN connection setup.
https://www.youtube.com/watch?v=3j1MLlgc5Eg
— — — — — — — — — — — — — — — — — — — — — — -
AWS Direct connect
AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you establish a private connection between AWS and your datacenter, office, or colocation environment. This can increase bandwidth throughput and provide a more consistent network experience than internet-based connections.
AWS Direct Connect is compatible with all AWS services accessible over the Internet and is available in speeds starting at 50 Mbps and scaling up to 100 Gbps.
Benefits of Direct connect - Consistent network performance, Protect data in transit, Lower your bandwidth costs, and flexible connection options.
In the next blog, let us learn about AWS Transit Gateway the best method for VPC and On-prem resource communication.
— — — — — — — — — — — — — — — — — — — — — — — — — -
“An investment in knowledge pays the best interest.”
Your suggestions and feedbacks matter a lot!!! Please do like, share and subscribe to spread the word about Cloud Computing.
Follow my page to keep updated with new AWS Services and releases.
@ yogendrahj.medium.com
LEARN and BE CURIOUS!!!!!
Happy Learning,
Yogendra.
