another day, another billion flows - amazon web...
TRANSCRIPT
![Page 1: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/1.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Steve SeymourPrincipal Specialist Solutions Architect, AWS
Another Day, Another Billion Flows
@sseymour
![Page 2: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/2.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?
![Page 3: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/3.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?192.168.0.0/16
![Page 4: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/4.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?192.168.0.0/16
![Page 5: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/5.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?192.168.0.0/16
![Page 6: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/6.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?192.168.0.0/16
![Page 7: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/7.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?192.168.0.0/16
![Page 8: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/8.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?192.168.0.0/16
![Page 9: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/9.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?192.168.0.0/16
![Page 10: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/10.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?192.168.0.0/16
10.1.0.0/16->
Direct Connect
10.2.0.0/16->
VPN
0.0.0.0/0->
Internet Gateway
![Page 11: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/11.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What i s VPC?2001:db8:1234:5::/56
2001:db8:1234:5678/64->
Direct Connect
::/0->
Internet Gateway
![Page 12: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/12.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Every VPC comes with …
• Full programmatic control via APIs, templates, change history and audit capabilities, flow log support
• Built-in DHCP and DNS service, including private DNS
• Built-in firewall
• 9001 byte MTU
![Page 13: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/13.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC is des igned for many VPCs
• Every VPC is free
• Useful for dev, beta, pre-prod, test and repro networks
•Multi-VPC architectures
• Immutable infrastructure patterns
![Page 14: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/14.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How does all of this work?
![Page 15: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/15.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Physical Host
VPC on the wire
Physical Host
![Page 16: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/16.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Physical Host
VPC on the wire
Physical Host
![Page 17: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/17.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Physical Host
VPC on the wire
Physical Host
Your IP packet
VPC Encapsulation
IP on the physical network
![Page 18: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/18.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Physical Host
VPC on the wire
BlackfootEdge device
Your IP packet
VPC Encapsulation
IP on the physical network
BlackfootEdge device
![Page 19: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/19.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC on the wire
BlackfootEdge device
Internet traffic
Direct Connect
S3 / DynamoDBEndpoints
VPNVPC
![Page 20: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/20.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Encapsulat ing the packet• Outer-most IP destination identifies the target physical host
• Encapsulation marks each packet with the VPC and the Elastic Network Interface
• How does the sender know these? The mapping service …
![Page 21: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/21.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Physical Host
The mapping serv ice
Physical Host Mapping service
![Page 22: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/22.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The mapping serv ice• A distributed web service that handles mappings between
customers VPC routes and IPs and physical destinations on the wire.
• To support microsecond-scale latencies, mappings are cached where they are used, and pro-actively invalidated when they change.
![Page 23: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/23.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
But what about flows?
![Page 24: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/24.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Network ing and Flows • Security Groups include stateful connection tracking
• Flow logs give per-ENI aggregated audit data
• Network Load Balancer can load balance flows natively and transparently in the VPC network
• NAT Gateway brings per-flow stateful NAT to VPC
![Page 25: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/25.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Physical Host
How f low track ing works
![Page 26: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/26.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How f low track ing works
Protocol Source IP Destination IP Source Port Destination Port
TCP 192.0.2.1 52.84.25.90 33763 443
TCP 192.0.2.1 52.84.25.90 27441 443
UDP 192.0.2.10 205.251.197.26 15732 53
ICMP 192.0.2.1 52.84.25.90 - -
![Page 27: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/27.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How f low track ing works
Protocol
Source IP Destination IP Source Port Destination Port SEQ ACK
TCP 192.0.2.1 52.84.25.90 33763 443 6532 34224
TCP 192.0.2.1 52.84.25.90 27441 443 18931 45312
![Page 28: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/28.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How f low track ing works
Protocol Source IP Destination IP Source Port Destination Port Datagram ID
UDP 192.0.2.10 205.251.197.26 15732 53 5178
![Page 29: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/29.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How f low track ing works
Protocol Source IP Destination IP Bonus embedded header
ICMP 192.0.2.10 205.251.197.26 [ Same as previous slides ]
![Page 30: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/30.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VPC Network ing and Flows • Security Groups include stateful connection tracking
• Flow logs give per-ENI aggregated audit data
• Network Load Balancer can load balance flows natively and transparently in the VPC network
• NAT Gateway brings per-flow stateful NAT to VPC
![Page 31: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/31.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
NAT Gateway and Network Load Balancer
NATGW NLB
![Page 32: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/32.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Physical Host
HyperPlane
HyperPlaneNodeYour IP packet
VPC Encapsulation
IP on the physical network
HyperPlaneNode
![Page 33: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/33.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlane nodes make transactional decisions and share state in tens of
microseconds.
![Page 34: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/34.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
For NAT: HyperPlane guarantees that connections to the same destination IP /
destination port pair have a unique source port
![Page 35: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/35.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
For NLB: HyperPlane selects the target instance or container that should handle a
connection
![Page 36: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/36.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
For security best practice, HyperPlane doesn’t need to know about VPC mappings,
only flows
![Page 37: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/37.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane and Shuff le Sharding
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
![Page 38: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/38.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane and Shuff le Sharding
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
![Page 39: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/39.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane and Shuff le Sharding
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
HyperPlaneNode
![Page 40: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/40.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane and Shuff le Sharding
Potential Overlap Percentage chance0 18%1 54%2 26%3 2%
![Page 41: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/41.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane and Shuff le Sharding
Potential Overlap Percentage chance0 77%1 21%2 1.8%3 0.06%4 0.00065 0.00000013
![Page 42: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/42.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
HyperPlane and Shuff le Sharding
Potential Overlap Percentage chance0 77%1 21%2 1.8%3 0%4 0%5 0%
![Page 43: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/43.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
More on HyperPlane• Based on the S3 Load Balancer
• Used by Elastic Filesystem since launch
• Every HyperPlane resource has 5Gbit/sec of capacity by default, and scales in increments of 5Gbit/sec … to Terabits
• Sub-millisecond latency, hundreds of millions of connections, millions of connections per second
![Page 44: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/44.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Pr ivateLink
NLB
”Provider” VPC”Client” VPC
![Page 45: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/45.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Pr ivateLink• Enables more compartmentalized VPCs; one per service, one per
team
• Enables service providers and partners to offer private services into customer’s private networks, including on-premises via Direct Connect
• Integration with the AWS Marketplace!
![Page 46: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/46.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key takeaways
• VPC is a software defined network that uses encapsulation to securely isolate customers
• VPCs can be controlled programmatically
• VPCs can be seamlessly integrated into existing networks via Direct Connect, VPN and Internet access
![Page 47: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/47.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Key takeaways
• The VPC Network includes native support for tracking flows
•NATGW and NLB can be used to manage enormous connection loads, at scale, with high availability.
![Page 48: Another Day, Another Billion Flows - Amazon Web Servicesaws-de-media.s3.amazonaws.com/images/AWS_Summit... · © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved](https://reader031.vdocuments.us/reader031/viewer/2022041022/5ed2e7bc4e7ab45be80cecda/html5/thumbnails/48.jpg)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!
Steve SeymourPrincipal Specialist Solutions Architect, AWS
@sseymour