Connectivity Between VPCs - Comparison of VPC Peering, VGW, DGW, and TGW

-
VGW(Virtual Private Gateway): It's the oldest way, and it was first announced.

DGW(Direct Connect Gateway): It was announced in 2017.

TGW(Transit Gateway): It was released in 2018.




*** VPC peering ***

It provides a 1:1 connection between VPCs and establishes a private connection between VPCs in the same account or in different accounts.

  • Using Private IP
  • It is possible to connect not only within the same region but also within different regions.
  • Does not support peering between VPCs if IP is reduplication
  • Only one peering resource can be set up between two VPCs
  • Does not support multiple peering relationships between VPCs
  • Internet Gateway (IGW) or Virtual Private Gateway (VGW) is not required
  • Provides high availability connectivity
  • Maintain Traffic on a Global AWS Backbone

Use Case: Provides 1:1 connection between VPCs

Use Case: Business Expansion Case Using VPC Peering


AWS Direct Connect & VGW(Virtual Private Gateway)

A VGW is an endpoint that provides a connection with a VPC when it wants to be connected. The ability to connect multiple VPCs in the same account in the same region is introduced using Direct Connect. Prior to the announcement of VGW, direct connect private virtual interfaces (VIFs) for each VPC were required to establish a 1:1 correlation, which did not scale both in terms of cost and management overhead. VGW is a solution that reduces the cost of requiring a new Direct Connect circuit for each VPC, as long as two VPCs are in the same region, in the same account. This configuration can be used with Direct Connect or Site-to-Site VPN.

Use Case: Connecting to an On-Premise Data Center
Use Case: Using AWS Direct Connect and VGW to connect to VPCs in the same region, same account
What is AWS Direct Connect?

  • Offers dedicated private network connectivity of 1Gbps or 10Gbps.
  • Designed for businesses with long-term requirements to maintain consistent high throughput across private network connections
    (Not suitable for one-time operations, such as migrating large data sources to AWS).
  • The predictability of private network connections improves application performance.
  • Lower data transfer costs compared to VPN solutions
  • Use cases include hybrid cloud architecture, continuous large data sets to transfer, security, and compliance.

Direct Connect Gateway - DGW

If VGW supported the connection between VPCs within the same account, DGW provides the function of connecting VPCs between different accounts with the same region. Direct Connect is used to connect between different VPCs, and this Direct Connect is connected to the VGW of the VPC you are trying to connect to. At this time, the CIDR address cannot overlap. In addition, traffic is not routed from VPC-A to Direct Connect gateway and VPC-B. Traffic shall be routed at [VPC-A] → [Direct Connect] → [Data Center Router] → [Direct Connect] → [VPC-B].



Transit Gateway -TGW

Transit Gateway is designed to provide enhanced routing services over AWS' predecessors. The initial release required a Site-to-Site VPN because Transit Gateway did not support Direct Connect. In addition, the throughput of each VPN session is limited to 1.25 Gbps. To scale beyond this, you must add multiple VPN connections to reach the desired aggregate bandwidth, and then leverage ECMP for multipath traffic on all VPN connections. Even with ECMP, a single flow is limited to 1.25 Gbps.

Transit Gateway allows multiple VPCs to be connected between different regions and between different accounts.

Use Case: Multiple VPCs in the same region distributed across different AWS accounts using the same Direct Connect.






Comments

Post a Comment

Popular posts from this blog

[Kubernetes] Node Overcommitted

-
Image
Recap on Requests and Limits Requests Pods are allocated to nodes based solely on the specific CPU and Memory requirements. In other words, a pod is assigned for a node if the available capacity on that node can accommodate the additional CPU and Memory requested by the pod.  Limits Pod Scheduling does not take limits into account, but limits play a crucial role for different purposes. They establish an upper limit on the resources a pod can acquire before facing throttling or running out of memory. This precautionary measure prevents a single pod from monopolizing all resources on a node due to any deficiencies.  it is crucial to understand that reaching the CPU limit does not result in pod eviction; instead, it leads to throttling, potentially causing application failure. However, surpassing the Memory limit results in an out-of-memory (OOM) condition, necessitating pod eviction.  [example of overcommit] Now, if the node is anywhere close to reservation capacity then naturally the su
Read more

[AWS] What is the Cloud Formation?

-
Image
  What is AWS CloudFormation? AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you. AWS CloudFormation Basics: In CloudFormation, you work with Templates and Stacks. Template:  JSON or YAML formatted text file which is a blueprint of your AWS resources. Stack:  In CloudFormation, you manage resources as a single unit called a Stack. All the resources in a stack are defined by the stack’s Template. Hence the AWS CloudFormation workflow can be summarized as the below image  reference: docs.aws.amazon.com. example of cloud formation configuration which is I made it by myself.
Read more

How to Install jenkins using Helm chart on instance

-
How to install Jenkins using Helm Chart on instance Prerequisites To follow along with this post you need to use a Kubernetes cluster and Helm chart. All major cloud provides offer hosted Kubernetes clusters: 1. AWS: EKS 2. Azure: AKS 3. Google Cloud: GKE you must also have the Helm Client installed. The Helm documentation provides install instructions. [Helm documentation: https://helm.sh/docs/intro/install/ ] we also have a way to deploy Jenkins on your local machine, but we will not explain it on this post.  Adding the Jenkins Chart repository $ helm repo add jenkins https://charts.jenkins.io $ helm repo update $ helm repo list Deploying a simple Jenkins instance To deploy a jenkins instance with the default settings, run this command: $ helm upgrade --install jenkins(jenkins_name) jenkins/jenkins  its the easiest way to deploy jenkins with default values. but I will introduce how to deploy Jenkins to LoadBalancer type. I will share the Helm-Jenkins yaml file: ----------------------
Read more