AWS Networking Fundamentals: A Practical Guide to Understand How to Build a Virtual Datacenter into the AWS Cloud

by Toni Pasanen

The first chapter explains how you can start your virtual Datacenter, Virtual Private Cloud (VPC). You will learn what AWS Regions and Availability Zones (AZ) are and how you create subnets within AZ. The second chapter introduces a Mapping-Service, the Control-Plane of AWS. It also discusses Data-Plane operation and VPC encapsulation. The third chapter explains how you create a public subnet, from where EC2 instances have a bi-directional Internet connection through the Internet Gateway (IGW). The fourth chapter introduces the concept of a private subnet. It also explains how to allow egress-only Internet connection from the private subnet through a NAT Gateway (NGW). The fifth chapter shows how to build a VPN connection from an on-prem Datacenter to your VPC using a VPC-specific Virtual Private Gateway (VGW). The sixth chapter introduces a Transit Gateway (TGW) service that allows regional inter-VPC traffic and a multi-VPC VPN connection from a remote site. The seventh chapter discusses how to implement VPC segmentation using TGW route tables. Chapter eight introduces how to enable inter-region VPC traffic flows using Transit GW peering. The ninth chapter introduces a unidirectional VPC peering solution. Chapter 10 explains how to build an application-specific, bi-directional inter-VPC PrivateLink using Network Load Balancer. The last five chapters focus on the AWS Direct Connect (DX) connection. Chapter 11 explains how you order a cross-connect connection between the AWS device and the customer device located in AWS Direct Connect Location. This chapter also introduces how to create AWS Direct Connect Gateway (DXGW) and how you build BGP peering between DXGW and customer devices. Chapter 12 introduces AWS Hosted Direct Connect connection. It explains how AWS Direct Connect Partners offers a cross-connection from the AWS Direct Connect Partner using their infrastructure. Because some AWS DCPs used BGP EVPN/VXLAN Fabric for their Hosted Direct Connect service, this chapter also introduces the BGP EVPN based MAC address learning process and explains how the VXLAN Data-Plane traffic forwarding works. Chapter 13 introduces how we can affect to egress path selection process on AWS Direct Connect Gateway (DXGW) using BGP route aggregation, BGP AS-Path Prepending, and BGP Communities. Chapter 14 introduces a Direct Connect SiteLink service that enables site-to-site traffic over DX connections terminated into the same DXGW. It also explains how to migrate an existing Corporate inter-site WAN connection to AWS BackBone. The last chapter introduces how to use an AWS Direct Connect connection (DX) and a Public Virtual Interface (P-VIF) for accessing AWS Public Service.

Kindle Edition

Published January 1, 2022

Reviews

[Maria Ines · Rating 4 out of 5]

I really like the way this book is written - it ties all the concepts (VPC, subnets, route tables, gateways, etc) together. It also has nice architecture drawings, though I do wish the paperback was printed in color because the drawings need color!

What I don't like about this book is that it's riddled with errors/typos. The first sentence of the first chapter already has a grammar error. And there are a lot of figure captions that are wrong. It's not a big deal, but I care about these details.

The other thing I don't like is that it assumes some knowledge. A refresher on CIDR or what an Elastic IP address is would have been nice (i.e. they are meant to survive start/stop cycles on EC2)

Toni, if you are reading this, please hire an editor! Or send me a message :)