Category: Amazon VPC

In this blog post, we present an augmented approach of managing AWS Cloud WAN segments in a secure, scalable, and on-demand way. When your organization increases the number of AWS accounts and AWS Regions in use, operational and security complexities related with admitting new user-created virtual private clouds (Amazon VPCs) to the network also increase—from […]

In May 2024, Amazon Web Services (AWS) launched a new feature for internet-facing Application Load Balancers. This enhancement allows you to provision an internet-facing Application Load Balancer without needing public IPv4 addresses, enabling clients to connect using only IPv6 addresses. To connect, clients resolve the AAAA DNS records assigned to the Application Load Balancer. The […]

Update: June 28, 2024 – Corrections were made to Figure 5 and the subsequent packet walkthrough.  AWS Cloud WAN is a managed wide-area networking (WAN) service that you can use to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Cloud (Amazon VPC) […]

In this blog post, we explore a scenario in which Goldman Sachs, wanted to transfer ownership of several of its key network components between teams in a controlled and seamless manner. Specifically, we take a deep dive on migrating traffic between Direct Connect gateways while maintaining end-to-end connectivity. As a multinational investment bank and financial […]

Connection tracking (conntrack) is a networking concept where a networking device, like a firewall, router, or NAT device, needs to track and maintain information about the state of IP traffic going through it. The AWS Nitro System that underlies AWS networking does connection tracking for some types of network traffic to implement the stateful nature […]

Introduction Amazon Virtual Private Cloud (VPC) is the foundational networking construct used by customers to deploy workloads on AWS. To examine VPC traffic and gain insights into communication patterns, customers collect and analyze VPC Flow Logs, leveraging the capabilities and features AWS has continuously added since 2015. You can get started with Flow Logs by […]

Many AWS customers use consolidated billing, and often need to allocate costs across their internal business units or accounts. This can be challenging when dealing with services that are shared by all accounts. For general chargebacks, some customers use cost allocation tags for this purpose. However, at the time of writing this post, there is […]

Amazon VPC IP Address Manager (IPAM) is a VPC feature that allows you to plan, track, and monitor IP addresses for your AWS workloads. Until now, VPC IPAM allowed you to allocate CIDR blocks and monitor them at the VPC level. With a recent feature enhancement in VPC IPAM, you can now manage CIDR allocations […]

Amazon Web Services (AWS) customers can use the AWS global infrastructure to deploy workloads to multiple AWS Regions. They can create global networks that span multiple AWS Regions to connect these workloads to each other and to on-premises networks. A common design pattern is to use a central networking AWS account to own shared network resources, such as AWS Transit […]

Traffic Mirroring is an Amazon Virtual Private Cloud (VPC) feature you can use to copy network traffic from an elastic network interface of an Amazon Elastic Compute Cloud (EC2) instance and send it to a target storage service for analysis. You can use it for content inspection, threat monitoring, network performance monitoring, and troubleshooting. Through […]