Forewords
This
post starts by discussing the Internet connection from the AWS VPC Control
Plane operation perspective. The public AWS documentation only describes the
basic components, such as an Internet Gateway (IGW) and a subnet
specific Implicit Routers. However,
the public AWS documentation does not describe the Control Plane operation
related to distributing the default route from IGWs to IMRs. The AWS VPC Control
Plane part in this post is based on my assumptions, so be critical of what you
read. The second part of this post shortly explains the Control-Plane operation
of the Internet connection used in LISP based network. By comparing the AWS VPC
to LISP based network I just want to point out that even though some might
think that cloud-based networking is much simple than traditional on-premise
networking, it is not. People tend to trust network solutions used in clouds
(AWS, Azure, etc.) and there is no debate about (a) what hardware is used, (b)
how the redundancy works, (c), are
solutions standard-based and so on. Now it is more like, I do not care how it
works as long as it works. Good or bad, I do not know.
AWS VPC Internet Connection
Figure
1-1 illustrates the topology I am using in this post. There is a VPC named
vpc-1a2b3c4d launched in the availability zone eu-north-1c in the AWS Stockholm
region. There are two EC2 Instances started in VPC, EC2-A in Host-1 and EC2-B
in Host-2. EC2-A is attached to subnet 172.16.10.0/24 and EC2-B is attached to
subnet 172.16.11.0/24. Each subnet has its dedicated Implicit Router (ImR)
which is acting as a default gateway for the subnet. At the starting point,
neither subnet has an Internet connection.
Phase 1. Assign IGW to VPC.
An Internet Gateway (IGW) is needed to get Internet access. In
our example, the Internet Gateway is named igw-11aa22bb33cc. After launching
the IGW, it can be used as a next-hop in VPC specific Custom Route Tables.
Phase 2. Mapping the new IGW to VPC.
The public
AWS documentation states that the Mapping Service distributes location
information only to those who actively needed it. This is the reason that I
assume that the new IGW igw-11aa22bb33cc is registered to VPC 1a2b3c4d (from
IGW to Mapping Service).
Phase 3. Mapping publishing Process.
To route
IP packets to subnet 172.31.10.0/24, IGW has to know the instance-to-location
mapping information. Based on the mapping message sent by IGW, the Mappin
Service knows that the igw-11aa22bb33cc is attached to VPC vpc-1a2b3c4d and as
a reaction, it publishes the instance-to-location information to IGW.
Phase 4. Mapping publishing Process.
Also, subnet-specific Implicit Routers (ImR) need the information
about the IGWs attached to VPC. The IGW is added into Custom Route Table by
using its name (instead of IP address) using a drop-down menu. This means that
the information has to be published to ImR. I assume that the publisher is the Mapping Service cause the IGW is registered itself as a member of VPC to it.
Phase 5. Adding the Default Route to Custom Route Table.
As a last, step the default route is added into subnet 172.31.10.0/24
Custom Route Table. When the instance EC2-A sends data towards the destination
located behind the IGW, the original IP packets are sent over the backbone of Availability
Zone to IGW wrapped inside VPC tunnel headers by ImR1. When IGW receives the encapsulated
packet, it removes the VPC headers, translates the source IP address to public
IP address if needed and forwards the packet towards the destination.
Figure 1-1: AWS VPC – Internet Conneciton.
LISP Internet
Connection
Figure
1-2 illustrates the Campus Fabric example. Host EC2-A is connected to switch Edge-1.
Proxy-xTR 192.168.10.4 is configured as a PxTR in Edge-1. When Edge-1 receives the
first IP packet form EC2-A, it checks the LISP Local Mapping Cache and RIB to
find out the next-hop IP address where the received IP packet should be sent. Because
there is no next-hop information in either database, Edge-1 sends a LISP
Map-Request message to Map-Resolver. In our example, the Map-Resolver replies with
Negative Map-Replay. From the Edge-1
perspective, the Negative Map-Reply means that the IP packet towards the
requested destination should be sent to configured PxTR. The next IP packet
from the same flow sent by EC2-A will then be encapsulated with VXLAN tunnel headers
and send to Proxy-xTR.
Figure 1-2: Campus Fabric – Internet Connection.
Conclusion
Even though setting up the Internet
connection for AWS VPC is easy, there is a same kind of complexity than in networks
using a traditional approach if we take a look at the process from the Control
Plane perspective.
it has been a long time since I enter this blog again.
ReplyDeleteWhile I was told by one of my colleague that You published a second book.
No hesitate, I brought the soft version, thought I do not know the content.
Michael
Welcome back Michael. I hope that you find the new book interesting :-)
DeleteRajasthan dairy junior accountant
ReplyDeleteJunior accountant JVVNL exam
Junior Accountant RVUNL
Accounts Officer Vacancy Rajasthan
Nice Information about Internet Networking services . If you are facing Internet Networking issue , kindly visit on TPG Phone Number
ReplyDeletedata engineer exam questions
ReplyDeleteazure admin exam questions
scrum exam questions
data fundamentals exam questions
data analyst exam questions
Aussie Broadband Speed Test
ReplyDeleteYENİ PERDE MODELLERİ
ReplyDeleteMOBİL ONAY
mobil ödeme bozdurma
Nft nasil alinir
Ankara evden eve nakliyat
TRAFİK SİGORTASI
dedektor
web sitesi kurma
Ask Romanlari
smm panel
ReplyDeleteSmm Panel
iş ilanları
instagram takipçi satın al
hirdavatciburada.com
BEYAZESYATEKNİKSERVİSİ.COM.TR
servis
Tiktok jeton hile