Container networking in the AWS VPC is now much simpler following AWS’s announcement of EC2 IP prefix assignments. Want to get rid of overlays and bridge networking? Let’s examine how the new IP prefix assignment functions and how it can be used to enable containers as first class citizens on the network. Feature Overview Prior […]
Designing cloud infrastructures that include security appliances for traffic inspection is easier following Amazon’s introduction of a feature called VPC Ingress Routing. In this article and accompanying video, I’ll examine the feature and how you can use it to force inbound traffic though security appliances. Companies that operate in highly regulated environments frequently require security […]
Whether you are a developer or network engineer, designing and implementing services in the AWS VPC requires an understanding of IP networking. My objective in this post about classifying IP addresses in the AWS VPC is to teach you one thing you didn’t previously know. Let’s dive in. The first way that IP addresses can […]
The recent announcements on IPv6 support for the Network Load Balancer and Fargate reminded me of AWS’s steady progress towards more widespread coverage for the current version of IP. The EC2 networking team deserves credit for the advances made since IPv6 was first supported on the Classic Load Balancer back in 2011. I believe that […]
Highly regulated industries typically have a requirement for a firewall to inspect all traffic and out of select VPCs. The traffic could be sourced from other VPCs, on-premise or the Internet. In this post, we’ll examine two designs for forcing all inbound traffic from the Internet to traverse a firewall or similar appliance. Prior the […]
Expect to see major announcements around networking and security at re:Invent next week. AWS has already enhanced its Application Load Balancer (ALB) and Network Load Balancer (NLB) ahead of its annual conference (see here for more details). As I did a year ago, I’m compiling a list of network and security features that would help […]
We are always impressed at how AWS hosts its Summit conferences. The AWS Public Sector Summit in Washington, DC was another great experience for us. We had the opportunity to connect with friends and make new acquaintances. It was nice to see Andy Jassy join Teresa Carlson in a fireside chat. My favorite talk was […]
At re:Invent, various Amazon speakers tout the security, availability, and performance of the AWS Global Backbone, a private Internet Protocol (IP) network purpose-built for moving customer data across the world. The talks are pure gold for network engineers as Amazon is very transparent in discussing the design of the backbone. Why should AWS customers care […]
Looking back over the last several years, we’ve seen we’ve seen considerable hype surrounding companies going “all-in” on the public cloud. Large companies such as Capital One and Netflix are industry leaders in this respect and deservingly so. The effort involved is monumental and its effect on IT consumption within those organizations is transformational. For […]
AWS provides the mechanisms to create VPC designs that run the gamut of the complexity spectrum. You can deploy your application in a single VPC with only public subnets. Other applications may be better suited to a collection of VPCs with both public and private subnets. You can use VPCs as building blocks for large-scale […]