Networking & Content Delivery

Category: Gateway Load Balancer

How to integrate Linux instances with AWS Gateway Load Balancer

When I meet with customers and discuss AWS Gateway Load Balancer (GWLB), I often get asked for suggestions regarding integrating it with their existing Linux appliances. GWLB utilizes GENEVE encapsulation with some important custom metadata, which doesn’t natively work with either Linux or Linux’s GENEVE module (which is designed only for Ethernet (Layer 2) packets, […]

Read More

Introduction to Traffic Mirroring to GWLB Endpoints as Target

Network architects need the ability to gain insights into real-time traffic between different resources within their VPCs. Since the announcement of VPC Traffic Mirroring in 2019, the VPC feature has provided this by copying network traffic from elastic networking interfaces (ENIs) on customer’s instances as source, and then sending the traffic to a destination target […]

Read More

Design your firewall deployment for Internet ingress traffic flows

Introduction Exposing Internet-facing applications requires careful consideration of what security controls are needed to protect against external threats and unwanted access. These security controls can vary depending on the type of application, size of the environment, operational constraints, or required inspection depth. For some scenarios, running Network Access Control Lists (NACL) and Security Groups (SG) […]

Read More

Building an Open Source IDS IPS service for Gateway Load Balancer

The Gateway Load Balancer (GWLB) service launched with support from the partner network. These partners provide networking appliances that enable customers to perform varying levels of packet inspection on flows that pass through them, taking action as necessary and as defined within their configuration. For a list of partners that support GWLB, refer to the […]

Read More

Best practices for deploying Gateway Load Balancer

Introduction At re:Invent 2020, we launched Gateway Load Balancer (GWLB), a service that makes it easy and cost-effective to deploy, scale, and manage the availability of third-party virtual appliances. These appliances include firewalls (FW), intrusion detection and prevention systems, and deep packet inspection systems in the cloud. Since the launch, a lot of customers have […]

Read More

Centralized inspection architecture with AWS Gateway Load Balancer and AWS Transit Gateway

In our conversations with customers, we are often asked about the best way to architect centralized inspection architectures. Since the launch of AWS Gateway Load Balancer (GWLB), those discussions increasingly revolve around how to use AWS Transit Gateway, Gateway Load Balancer and Gateway Load Balancer Endpoints (GWLBE) together. In this post, we explain how to […]

Read More
Decoration

Integrate your custom logic or appliance with AWS Gateway Load Balancer

We recently launched AWS Gateway Load Balancer (GWLB), a new service that helps customers deploy, scale, and manage third-party virtual network appliances such as firewalls, intrusion detection and prevention systems, analytics, visibility and others. A new addition to the Elastic Load Balancer family, AWS Gateway Load Balancer (GWLB) combines a transparent network gateway (that is, […]

Read More

Scaling network traffic inspection using AWS Gateway Load Balancer

Updated “Cross-zone load balancing and appliance failures” section on 25th March, 2021 Organizations use next-generation firewalls (NGFW) and intrusion prevention systems (IPS) as part of their defense in depth strategy. In an on-premises network, these often take the form of dedicated hardware or software or virtual “appliances.” As companies move to the cloud, they want […]

Read More

Introducing AWS Gateway Load Balancer: Supported architecture patterns

Customers often ask me how they can maintain consistent policies and practices as they move to the cloud, especially as it relates to using the network appliances. They trust third-party hardware and software appliances to protect and monitor their on-premises traffic, but traditional appliance deployment models are not always well suited to the cloud. Last […]

Read More