Connect VPCs to make Network of Networks in AWS

This Blog has been moved from Medium to blogs.tensult.com. All the latest content will be available there. Subscribe to our newsletter to stay updated.

The network is everything in this world. For any data communication, there should be a network that contains Router, Servers, Switch, Computers, Racks, Cable, etc.. For setting up these kinds of network infrastructure on on-premises datacenter it takes a lot of effort and investment. And again there is a need to handle the cost of maintenance and services, protection from fire surges, solutions for disaster recovery, and having security patches, etc... Overall it may take a few months to have this type of setup.

Amazon provides services in the form of Amazon Web Services (AWS) to make it easy for all these setups. You can set-up all the IT infrastructure as per your requirements within a few minutes. There is no upfront investment cost and in addition to that, you can pay only as per the usage. To know more about AWS Services please visit: aws.amazon.com

Amazon Web Service provides an Amazon VPC service to create a virtual network. Using Amazon VPC you can create multiple virtual networks as needed. For more information on Amazon VPC click here.

In AWS, Instances within the VPC can communicate with each other but it can’t communicate with another instance in a different VPC. By default, Amazon has disabled the communication between the private VPCs. To enable the VPC sharing on the private network in AWS, we need to have Amazon VPC Peering or VPN technology.

VPC Peering

Amazon VPC Peering connection enables one to one connection between VPCs. You can create multiple VPC peering connection with each VPCs. Also, you can create VPC Peering between your own VPC with the VPC in the same region or a different region or with other VPCs in a different AWS account in a different region (Figure — 1). To know more about VPC Peering click here.

Figure — 1(Full Mesh)

By using Shared Service VPC, you can configure the shared services in the VPC like an Authentication server, Patch server, Mail server, DNS, DB, etc.. and you can connect with your on On-premises datacenter or with the Corporate office through VPN connection (Figure — 2). To know more about the Shared Services VPC click here.

Figure — 2(Shared Service VPC)

The main drawback of the VPC peering connection is that it doesn’t support transitive. In other words, all the VPCs have to be directly connected using VPC peering. Only then they will communicate with each other.

VPN

Virtual Private Network is a technology that is used to send the traffic through less secure networks such as the internet. The traffic will be sent and received with a secure and encrypted form. VPN are mainly used to connect networks with other remote networks in a secure manner (Figure — 3). Instead of using VPC Peering you can use VPN connection from the Spoke VPCs to Hub VPC. To know about more VPN click here.

Figure — 3 (VPN Connection)

To make a network as a transitive network you can use the Transit VPC concept. Here you use a VPC called Transit VPC which contains the host-based VPN appliance on Amazon EC2 instance (Figure — 4).

Figure — 4 (Transit VPC)

Spoke VPCs create a VPN connection by using Virtual Private Gateway and Customer Gateway to connect with Transit VPC. AWS is providing direct connect and internet services to create a VPN connection. You can use Static or BGP routing protocols to form neighboring. To know more about Transit VPC click here.