Hybrid Environments

VPN

Enables the ability to extend a network from one geographic location to another geographic location
Traffic traverses the Internet
Essentially "extending" the on-premise network to the cloud, or the cloud to on-premise
For AWS, this allows us to communicate with all resources (like an EC2 instance) internally without the need for public IP addresses and an internet gateway.
It also provides an additional level of security by ensuring that traffic sent using the VPN is encrypted
VPN connection has two parallel routes (IPsec tunnels) for redundancy
Only one Virtual Private Gateway can be attached to a VPC (just like only one IGW can be attached to a VPC)
A VPC can have one VPG and an IGW at the same time

A physical or software application at the on-premise location that acts as the "connector" to the VPN connection
The customer gateway component is where you configure the public IP (internet routable static IP) address of the physical device or software application at the on-premise location.
Static Routing - you define routes
Dynamic Routing - routes automatically propagate, automatic failover
- Border Gateway Protocol (BGP)
- Autonomous System Number (ASN)

A virtual private gateway acts as the "connector" on the VPC (AWS) side of the VPN connection
The VPG is connected to the VPC
Target for Route Tables
Cloud Hub - multiple customer networks
Note: Both a VPG and a Customer Gateway are required for a VPN

AWS has no concept of physically setting up and managing routers
That being said, route tables are part of a "router" assigned to your machine
When a VPN is set up, the route table (for the subnet you wish to extend) must include routes for the on-premise network that are used by the VPN, and point them to the VPG. Choose route propagation for BGP to automatically add the routes.

Last updated 6 years ago

Was this helpful?