The course is part of this learning path
Join cloud experts Neel Kumar and Mike McLaughin from Aviatrix for a technical chalk talk on how you can solve some of the common issues that can occur when running cloud networking at scale. This group of chalk talks and technical demonstrations provides a practical reference for how to solve complex cloud networking challenges. First, we outline the common architectures and issues faced when scaling cloud architectures, then we workshop a transitive architecture use case defining best practices and design patterns. We discuss multi-cloud implementation, provider limits, hub and spoke architecture patterns, VPN and connectivity. Next, we set up a transitive controller in the AWS console with two instructional demos.
Learning Objectives
- Recognize and explain the common issues that occur when running complex cloud networks
- Describe and implement transitive architecture designs using a hub and spoke model
- Implement and maintain VPC connectivity at scale
Intended Audience
This course will suit anyone running or planning to run cloud services at scale.
Prerequisites
an understanding of Cloud networking and the AWS Virtual Private Cloud will help you gain the most from this Chalk Talk.
We recommend completing the AWS Networking & Content Delivery learning path in order to gain practical knowledge and hands-on experience if you are not familiar with cloud networking and the virtual private cloud.
Content Overview
First, we outline the common architectures and issues faced when scaling cloud architectures, then we workshop a transitive architecture and design pattern. Next, we set up a transitive hub in the AWS console with a hands-on demo, and discuss the following:
- Cloud Networking - The Common Journey
- The Common Patterns with VPC Design
- Designing a Transitive VPC Architecture
- Managing Network Security at Scale
- DEMO - Setting up a Transitive Controller
- DEMO - Setting up a Transitive Hub
Aviatrix.com
Aviatrix is an Advanced AWS technology partner highly regarded in the cloud community for helping AWS customers solve advanced networking challenges.
I strongly recommend reading more about Aviatrix on their website at www.aviatrix.com.
Aviatrix have a number of AWS quick start architectures at the links below.
https://aws.amazon.com/quickstart/architecture/aviatrix-global-transit-hub/
https://aws.amazon.com/quickstart/architecture/aviatrix-user-vpn/
Feedback
If you have any questions or suggestions for this course, please contact Cloud Academy at support@cloudacademy.com.
If you have any questions for Neel or Mike, you can contact them directly at info@aviatrix.com
- Hi, this is Mike. I'm a solution architect with Aviatrix, and today I'm gonna show you how to use Aviatrix to solve a common cloud networking challenge, connecting your corporate data center, with many VPCs often in multiple cloud providers in various accounts and regions spread across the globe. We use the controller we set up in our previous video to build out a solution. AWS promotes using a global transit architecture to solve this problem, and recommends Aviatrix for implementing the solution. With the global transit architecture, we can share a single direct connection with many VPCs, reducing the friction of on-premise teams while providing the agility cloud teams have come to expect. Our final architecture will look like this. We'll build out each component and connection using a wizard provided in the Aviatrix controller. Let's start by logging into our controller and going to the transit network wizard. You can read about these steps in more detail from our documentation. Let's take a look at step one. Our first step is provision Aviatrix gateway and its HA counterpart, and place it in the transit EPC. To start off, you'll need to provide a name for this gateway and select the appropriate AWS account, region, VPC, and subnet. We are gonna deploy this gateway. Finally, select the size of the gateway. The gateway size can be changed at any time, so we often recommend starting with something small, like a t2.micro, and adjusting as your needs require. Next, enable HA by selecting the transit gateway we just created and a subnet in a different availability zone and clicking enable. When that's complete, let's connect our transit gateway to the VGW where your direct connect connection terminates. The transit gateway will exchange routes using VGP with your data center and the cloud using this tunnel. Once the routes are exchanged, the controller will propagate the routes to the connected VPCs and AWIs or any other connected cloud environments. We'll provide a name in ASN, then select the account and region where your VGW resides. Once ready, click okay to make the connection. Now we're ready to prepare our spoke VPCs for connectivity to the data center. Let's start with our first spoke, the production VPC. First we'll deploy an Aviatrix gateway in this VPC. Give it a name and then select the account, region, VPC, and subnet from the drop-downs. And then click okay once you're ready to deploy it. Once the gateway is deployed, we can enable HA for this spoke. If there's a problem, the controller will detect it, fill over automatically, and alert you, so you never have to worry about downtime on this gateway or any other tunnels that are connected. Now we'll complete the same steps for the other two VPCs. We'll start with the staging, followed by development. These steps can be repeated for each VPC you have that needs connectivity to the data center. Whenever a VPC needs connectivity, you can either come back here and repeat these steps or automate them using Terraform, CloudFormation, Python Go SDKs, or even use the REST APIs directly. With a centralized controller, Aviatrix contains everything you need in one place. There are no external scripts to manage and maintain, and no confusion over who to call for support when there's a problem. Centralized management also means a central place to go for logging, monitoring, alerting, so you always know the health of your gateways. You can also forward these logs to other systems with built-in integration, with Sumo Logic Datadog, for example. Aviatrix is built from the ground up using cloud native approaches, with cloud teams in mind, so it's simple to use and simple to manage. With a gateway in each spoke and HA-enabled, we're ready for these instances to be connected to our data center via the transit VPC. In order for this connectivity to be established, we'll attach our VPCs to the transit one-by-one. This can be done whenever you're ready to establish connectivity, either earlier with the steps of creating the gateway or now or at a later date, whenever you prefer. Remember, there is no VTP in the cloud. It's all software-defined. If a problem occurs, a cloud operations team member can easily handle the troubleshooting without worrying about learning a new protocol. There's a convenient table that shows you the current display of spokes in HA. And that's it. In just a few short minutes, you've set up AWS's recommended global transit architecture in your environment. This architecture makes it easy to add new VPCs that require connectivity to the data center without requiring changes to your on-premise firewall or router. Routes are automatically propagated between the cloud and your on-premise environment. Give Aviatrix a try today at aviatrix.com/trial. Thanks for watching.
Lectures:
Andrew is fanatical about helping business teams gain the maximum ROI possible from adopting, using, and optimizing Public Cloud Services. Having built 70+ Cloud Academy courses, Andrew has helped over 50,000 students master cloud computing by sharing the skills and experiences he gained during 20+ years leading digital teams in code and consulting. Before joining Cloud Academy, Andrew worked for AWS and for AWS technology partners Ooyala and Adobe.