Being well versed in networking will help us understand how our current infrastructure is set up, and how our application work. In this blog we are going to explore AWS Networking tool called VPC (virtual private cloud). VPC allows us to build data centers of our dreams hosted in AWS. We will also lookup on Route 53 an AWS tool for DNS and traffic flow management.
AWS Network Foundations
VPC (Virtual Private Cloud)
We know that AWS provides infrastructure services on a global scale. And AWS subdivides the world into regions. Each region contain at least two Availability zones. Each Availability zone is made up of multiple complete independent data centers.
what is a Virtual Private Cloud ?
- VPC is a logically isolated virtual network segment of the AWS Cloud, tied to our AWS account.
- Each VPC is contained within a single AWS region.
- When we create a VPC we specify its IP address range.
- We also get to decide whether or not the server we deploy within a VPC are publicly accessible and whether or not those servers can communicate with each other.
- We can connect a VPC to local, private data centers.
VPC Components
1. Subnets :- Since VPC is a logical network, it can be divided into subnets of various sizes. Subnets can be private or public, i.e. they can contain private or public resources.
2. Route table :- we can manipulate how traffic flows into and out of subnets by using route tables.
3. Internet Gateway :- If we need access to the internet from within a VPC, we need to use an internet gateway.
4. egress-only gateway :- If we are making use of IPV6 and want to get to the internet, but want to prohibit inbound connections we need to use an egress-only gateway.
5. VPC endpoint :- If we want to enable private access to other AWS services without traversing the internet, VPC endpoints are available for variety of different services.
6. NAT gateways:- To let resources in a private subnet connect to the internet AWS offers network address translation or NAT gateways. This is essentially NAT as a service.
7. Virtual private gateway :- If we have external resources we wish to connect privately to resources within AWS we will need a virtual private gateway.
8. Transit gateway :- If we are looking to simplify network management across multiple VPCs and potentially local data centers AWS offers a transit gateway.
9. Peering connection :- If we need to establish connectivity between VPCs, it is possible to establish a peering connection.
10. DHCP option set :- It allows us to create our own DHCP options. For instance, if we want to specify our own DNS servers instead of using the AWS provided DNS, we can create an option set and assign it to a VPC. A VPC can only have one DHCP option set
Route 53
Route 53 is an AWS tool for providing Domain name system (DNS) services
Route 53 Features
1. Domain Name System (DNS) :- Route 53 provides name address resolution. It ,aps a user friendly name like google.com to an Ip address like 216.58.216.208
2. DNS failover :- Configured properly, Route 53 can detect a website outage and redirect people to a different location where the website is working.
3. Global traffic management :- Route 53 allows us to create traffic policies that optimize users experience.
Different Routing policies
1. Failover Routing :- suppose our website operates out of the U.S. west region with a warm stand by in the U.S. east region. Operating normally, Route 53 is sending people to U.S. west. When Route 53 detects an application failure, traffic is directed to our warm standby in U.S. east.
2. Weighted Round-Robin Routing :- Suppose we operate a website out of both U.S. west and U.S. east with one record set per region. After observing traffic pattern we notice that a bit more of the traffic hitting our site originates on the west coast of the United States. To optimize our user experience we can add capacity in U.S. west, and then implement 3/2 route policy. AWS will route traffic based on the weight assigned to a record set divided by the sum of all weights for all record sets. In our case U.S. west receive 3/5 request. while U.S. east would receive the remaining 2/5.
3. Latency-Based Routing :- Suppose our website serves a global audience and we decided to operate our website in U.S. west an EU central regions, respectively located in the U.S. state of Oregon and Frankfurt, Germany. when we configured latency based routing each DNS query Route 53 responds to will take the originating IP into account. It will compare the latency to regions hosting your application and direct traffic to the one with lowest latency.
4. Geolocation Routing :- Geolocation Routing allows us to route traffic based on correlating IP address to physical locations. suppose we operate our website in U.S. west and EU central and configure geo DNS in Route 53. Based on originating IP, users will be routed to the appropriate region. for example, A user whose IP address maps to France will be sent to EU central. while a user originating from texus will be sent to U.S. west. with geo DNS we need to configure a default record resource set else Route 53 will return a no answer response if it is unable to map an IP address to a physical location
Route 53 AWS-Specific Capabilities
As an AWS service , Route 53 has some neat features that are AWS specific.
1. Private DNS for AWS VPC :- we can configure Route 53 as private DNS within an AWS virtual private cloud.
2. CloudFront zone apex :- If we use CloudFront, AWS global content delivery network to deliver web content we can specify CloudFront as the zone apex within Route 53. A zone apex is a root domain for example:- gautam.com
3. S3 zone apex :- AWS web enabled object storage offering. It is possible to host a static website entirely on S3 and use route 53 for DNS.
4. ELB zone apex :- We can also map our zone apex to an elastic load balancer as Route 53 handles the health checks for each instance behind an ELB. If you have multiple availability zones and loose instances in one of those availability zones, Route 53 will detect the anomaly and route traffic away from the failure to a different endpoint.
Thank You for Reading ๐๐