Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
CONNECTING TO AWS AND MICROSOFT AZURE
Warrick [email protected]
2© AARNet Pty Ltd |
Amazon Web Services (AWS)
Google Compute
Questions?
Microsoft Azure
AMAZON WEB SERVICES
4
CONNECTIVITY OPTIONS TO AWS
© AARNet Pty Ltd |
5
AMAZON WEB SERVICES
© AARNet Pty Ltd |
AARNet currently peers with Amazon Web Services (AWS) at various peering points within Australia and internationally over the commodity internet.
Currently we have our own Direct Connect services to AWS where we can provide your campus or network access to AWS infrastructure at sub-rated 1G or 10G speeds (via a L2VPN or L3VPN).
We can also connect your campus or network directly to AWS at 1G or 10G via either a optical circuit or a L2VPN over the A4 network.
6
SO WHAT IS DIRECT CONNECT?
© AARNet Pty Ltd |
“Using AWS Direct Connect, data that would have previously been transported over the Internet can now be delivered through a private network connection between AWS and your datacenter or
corporate network.” – Amazon Web Services
7
WHERE ARE THE AWS DIRECT CONNECT LOCATIONS IN AUSTRALIA?
© AARNet Pty Ltd |
Currently there are three hand-off locations:
Equinix SY1 - SY4, Sydney, Australia
Global Switch, Sydney, Australia
NEXTDC M1, Melbourne, Australia
8
DIRECT CONNECT – PUBLIC VS PRIVATE
© AARNet Pty Ltd |
9
DIRECT CONNECT - REDUNDANCY OPTION #1
© AARNet Pty Ltd |
10
DIRECT CONNECT - REDUNDANCY OPTION #2
© AARNet Pty Ltd |
11
WHY HAVE MULTIPLE VPC’S?
© AARNet Pty Ltd |
12
WHY REGION SELECTION MATTERS?
© AARNet Pty Ltd |
13
WHAT ARE AVAILABILITY ZONES?
© AARNet Pty Ltd |
14
KEY TAKEAWAYS
© AARNet Pty Ltd |
• AWS requires you to utilise BGP to advertise/receive routes from your VPC.
• AWS supports BGP with Bi-Directional Forwarding detection for fast failover (liveliness detection minimum interval 300 and multiplier of 3). Please use it!
• If you want to access the public AWS side via Direct Connect, you can however you need to utilise a public IP addressing that you own.
• AWS will always prefer Direct Connect paths over VPN paths.
• IPv6 is available on Direct Connect services now.
• Think about you availability zones within the region when building out your VPC’s.
• Allocate vlans within your Direct Connect according to a scheme that is unique.
• AWS can offer upto 40G Direct Connect services by bundling 4x10G services and utilising LACP today.
• If you need to attribute costs to specific business units, think about creating unique VPC’s per business unit.
• For full redundancy get Direct Connects to different handoff locations.
• SET UP BILLING ALERTS!
MICROSOFT AZURE
16
CONNECTIVITY OPTIONS TO MICROSOFT AZURE
© AARNet Pty Ltd |
17
AARNET’S CONNECTIVITY TO MICROSOFT
© AARNet Pty Ltd |
AARNet currently peers with Microsoft via direct private network interconnect (PNI) in NSW, VIC and WA, as well as various peering points within Australia and internationally over the commodity internet.
18
SO WHAT IS MICROSOFT AZURE EXPRESSROUTE?
© AARNet Pty Ltd |
“ExpressRoute connections don't travel over the public Internet. Because ExpressRoute connections travel over a private connection, they offer more reliability, faster speeds, lower latencies, and higher security than typical Internet connections. In some cases, using ExpressRoute connections to transfer
data between on-premise systems and Microsoft cloud services can yield cost benefits.
– Microsoft
19
WHERE ARE THE EXPRESSROUTE LOCATIONS IN AUSTRALIA?
© AARNet Pty Ltd |
Currently there are two hand-off locations:
Equinix SY2, Sydney, Australia
NEXTDC M1, Melbourne, Australia
20
HOW IS AZURE EXPRESSROUTE DIFFERENT TO AWS DIRECT CONNECT?
© AARNet Pty Ltd |
The biggest difference between Azure ExpressRoute and AWS Direct Connect is that customers can not directly connect to Microsoft via a Optical service.
AARNet has multiple 10Gbps private connections to Microsoft Azure in each location.
AARNet delivers AARNet4 Layer-2 or Layer-3 VPN services using these shared 10Gbps ports, managed by AARNet.
Services are available at 200Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps and 10Gbps.
And finally the Azure ExpressRoute shared 10Gbps ports have an oversubscription ratio of 4:1, based on Microsoft’s current oversubscription policy.
21
EXPRESSROUTE
© AARNet Pty Ltd |
22
EXPRESSROUTE - REDUNDANCY OPTION #1
© AARNet Pty Ltd |
23
EXPRESSROUTE - REDUNDANCY OPTION #2
© AARNet Pty Ltd |
24
WHY HAVE MULTIPLE VIRTUAL NETWORK’S?
© AARNet Pty Ltd |
Note: Microsoft impose a default limit of 10 virtual networks, this can be increased via a request to Microsoft
25
MICROSOFT EXPRESSROUTE ORDERING PROCESS
© AARNet Pty Ltd |
26
KEY TAKEAWAYS
© AARNet Pty Ltd |
• The Azure ExpressRoute shared 10Gbps ports have an oversubscription ratio of 4:1, based on Microsoft’s current oversubscription policy.
• Azure ExpressRoute does not support BGP with BFD. Instead you need to set up your BGP session with very low hold timers to achieve fast failover.
• The moment you create your service within the Azure portal, you will begin to be billed by Microsoft. So please talk to your Customer Relations team member before you go to create your service.
• If you need to attribute costs to specific business units, think about creating unique Virtual Network’s per business unit.
• ExpressRoute supports private asn’s and public asn’s. They reserve 65515-65520 for their own internal use.
• SET UP BILLING ALERTS!
GOOGLE CLOUD - SYDNEY
28
CONNECTIVITY OPTIONS TO GOOGLE CLOUD SYDNEY
© AARNet Pty Ltd |
29
AARNET’S CONNECTIVITY TO GOOGLE
© AARNet Pty Ltd |
AARNet currently peers with Google via direct private network interconnect (PNI) in NSW and VIC, as well as various peering points within Australia and internationally over the commodity internet.
THANK YOU – QUESTIONS?