Networking & Content Delivery

Category: Networking & Content Delivery

Phased AWS Transit Gateway to AWS Cloud WAN Migration with Terraform and Network MCP Server

Phased AWS Transit Gateway to AWS Cloud WAN Migration with Terraform and Network MCP Server

Migrate from AWS Transit Gateway to AWS Cloud WAN across multiple Regions using a six-phase Terraform approach with AWS Network MCP Server validation

Intelligent VPN observability: Decoding AWS Site-to-Site VPN logs

When an AWS Site-to-Site VPN connection degrades, you sift through hundreds of log entries, correlate Border Gateway Protocol (BGP) state transitions with Internet Key Exchange (IKE) phase changes and decide whether the cause is a prefix quota violation, an autonomous system (AS) path loop, or a hold timer expiry. That repetitive manual work prolongs recovery. […]

AWS Cloud WAN Routing Policy: Real-World Global Network Scenarios – Part 2

In Part 1, we introduced AWS Cloud WAN routing policies and showed how you can use fine-grained controls to influence route propagation and path selection across a global network. Each routing policy is built with three core components: 1) match conditions, that evaluate route prefixes or BGP attributes; 2) actions, that determine how matching routes […]

Extending NLB health checks for RADIUS using an Amazon ECS witness

Extending NLB health checks for RADIUS using an Amazon ECS witness

Network Load Balancer health checks confirm that a RADIUS server is reachable, not that it can authenticate a user, so a server with a failed identity store keeps receiving traffic. This post walks through an open-source reference solution that closes the gap with a single Amazon ECS witness that runs application-layer RADIUS probes and reconciles NLB target group membership directly.

VPC resource gateways: Implementation patterns and use cases

VPC resource gateways: Implementation patterns and use cases

When you need to connect applications across Amazon Virtual Private Clouds (Amazon VPCs) to services that don’t fit the traditional AWS PrivateLink provider-consumer model, you face complex networking challenges that VPC peering and AWS Transit Gateway alone can’t easily solve. This is especially true for overlapping IP spaces. You can now connect to services that […]

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 2

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 2

For organizations operating multi-tenant environments, regulated environments, or multiple business units, maintaining strict network segmentation between SD-WAN and AWS is essential for meeting security, compliance, and operational requirements. This is Part 2 of the two-part series on extending SD-WAN segmentation into AWS Cloud WAN. In Part 1, the Generic Routing Encapsulation (GRE) based Connect attachment […]

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 1

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 1

For organizations operating multi-tenant environments, regulated environments, or multiple business units, maintaining strict network segmentation between SD-WAN and AWS is essential for meeting security, compliance, and operational requirements. Deploying SD-WAN virtual appliances and extending your segmentation through AWS Cloud WAN helps unify these segmented environments under a single, scalable global network. That said, segmentation is […]

Best practices for securing your IPv6 infrastructure on AWS using VPC Block Public Access

Best practices for securing your IPv6 infrastructure on AWS using VPC Block Public Access

Organizations often struggle with how to secure IPv6 network and application infrastructure on AWS based on what type of IPv6 addresses they are using. In this post, I cover the best practices and considerations for securing private IPv6 resources while maintaining the flexibility to adjust connectivity models as your infrastructure evolves. I also cover how […]

Securing zero trust access with AWS Verified Access and AWS Network Firewall

Organizations securing access to internal applications face a common challenge: traditional VPNs grant broad network access once connected, leaving applications accessible beyond their intended scope and lacking granular traffic inspection. AWS Verified Access (AVA) and AWS Network Firewall (Network Firewall) provide a zero trust solution that addresses these challenges by combining identity-based access control with […]

Deploying internal DNS zones for internet-facing load balancers

Since the launch of Elastic Load Balancing (ELB) in 2009, Amazon Web Service (AWS) customers of all sizes, regardless of the size or the complexity of their technical requirements, have utilized ELB as a fundamental service. The service continues to evolve with more deployment options like Network Load Balancers, Application Load Balancers, and Gateway Load […]