VPN - Virtual Private Network:
- AWS Virtual Private Network solutions establish secure connections between your on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN.
- cheap, quick set up
- VPG / VGW - virtual private gateway is a logical, fully redundant distributed edge routing function that sits at the edge of VPC
- Internet routable IP @ customer is required
- 2 channels are configured for each VPN connection for redundancy
- Route propagation - allows a virtual private gateway to automatically propagate routes it receives from the customer to the VPC route tables. This means that you don't need to manually enter VPN routes to your route tables.
VPG / VGW - Virtual Private Gateway:
- https://a.aviatrix.com/learning/glossary/vgw.php
- https://a.aviatrix.com/learning/glossary/vgw.php
- logical, fully redundant distributed edge routing function that sits at the edge of VPC
- capable of terminating VPN connections from your on-prem or customer environments
- VPN concentrator on the AWS side of the Site-to-Site VPN connection
- can create static or dynamic routes
- If you have multiple AWS
Site-to-Site VPN connections, you can provide secure communication between
sites using the AWS VPN CloudHub
- Dynamic Route Propagation -
when VGW gets notified about customer's IPs (via BGP) and forwards this info
onto the route table of the VPC's Router
- Or can do this manually
- VPN Hub can allow direct comms
- Can allow branches to communicate w each other via the Hub : A->C via VPG
- Hourly charges. Pay for data you receive via VPG, not for data you send
- Only each side’s subnets known to VPG can communicate
- Can limit which subnets can communicate from inside to outside etc.
- Can’t access Elastic IP via VPN tunnel; Elastic IP are only for internet access
- By default - 10 IPSec VPN incoming/remote connections available. Can submit request to AWS to increase
No comments:
Post a Comment