Amazon AWS Certified Advanced Networking Specialty – Virtual Private Networks & IPSec Tunnels Part 4

  • By
  • January 17, 2023
0 Comment

10. Improving NAT Gateway Performance with Dual Architecture

Hey everyone and welcome back to the Knowledge Full Video series. So what we do today we’ll speak more about the Nat gateway performance and this is again important topic for which you will find certain questions in your exams. Now, before we actually start, I hope you understand the difference between a Nat instance and a Nat gateway. So this is something that we have had seen quite earlier during the associate level course. So when you talk about Nat instance, it is basically an EC two instance that we launch which has a Netting related functionality. And after we launch that easy to instance from the AMI, we disable the source destination chat. So that is basically the Nat instance. Then AWS came up with a Nat gateway which was more of a managed service from their end. So let me just show you. So if you go to the VPC now you have a Nat gateways wire. So if you click on Nat gateways you can go ahead and you can create your own Nat gateway.

Now one of the benefits of Nat gateway as we have seen that it is completely managed and it is highly available. So we don’t have to worry about that easy to instance going down and our entire internal traffic getting hampered. So when it comes to Nat gateway, there are certain performance aspects that we need to remember as a solutions architect. Now the first is Nat gateway supports the burst up to ten Gbps of bandwidth. Now remember the word burst because it does not provide like 100% consistent ten Gbps of bandwidth. This is the burst bandwidth that it can support, which is maximum of ten Gbps. Now second important point to remember is that thus if all the instances within the private subnet needs to have a traffic less than that of ten Gbps, that is quite good because it supports burst. However, if more than that, then the network will be a bottleneck.

So let’s assume like you have 200 or even 300 EC Two instances within your private subnet, and if all of them together during your peak hour of production usage, if it goes beyond ten Gbps, then your website or then your application will become quite slow because network is a bottleneck, even though your EC two instances are very, very fast. But if the network is a bottleneck, ultimately things will become much more slower. So this is the reason why as a solutions architect, it is expected from us on how we can deal with this scenario.

So in order to have more bandwidth, then the recommended design is to split the instance across multiple subnet and attach different NAD gateways to each of those subnets. So this is one of the recommended approaches to solve this kind of issue. So let’s look into how that would work. So this is a normal NAD gateway based architecture where you have two private subnets and both of those private subnets has a NAD gateway attached in the route table. Now, this NAD gateway supports the burst of up to ten Gbps. So, even if there are like 500 to 1000 instances across these subnets, all of those instances can have a maximum of ten Gbps as a shared network bandwidth. Now, since we have discussed that this specific network bandwidth can be a bottleneck, in order to improve design, what we can do is we can have an approach of multiple NAD gateway. So, during multiple NAD gateway, what we do is we create one net gateway, we attach it to a specific subnet. This is a private subnet one. We create one more net gateway and we attach it to the private subnet two.

Now, whatever instances that we launch, we have to make sure that we basically split those instances across those private subnets. And now in this design, we have a ten Gbps burst for the first Nat gateway. We have ten Gbps burst of second Nat gateway. If you need more, create one more private subnet, attach one more NAD gateway to the third private subnet, and you can have up to 30 Gbps of burst across all the subnets. So this is one thing that we should be remembering. Now, how to do that. So, let’s try it out. We’ll create a nd gateway. And if you see while creating the NAD gateway, it asks us for a subnet. Now, if you see within the KP Labs hyper new VPC, we have three subnets. So let’s do one thing. I’ll attach this Nat gateway to the subnet one. I’ll create a new elastic IP and I’ll click on create a Nat gateway. So this is the Nat gateway.

Now, let’s create one more Nat gateway. This time I’ll attach it to Kplab’s Hyphen two B, which is the second subnet. Create a new IP and attach that NAN gateway again and third time to the third subnet of Kplabs Hyphen U and create a new IP and attach it over here. Perfect. So exactly what we are having over here is that now for each of the subnets, let me just show you. So there are three subnets which are private in this specific VPC. So, for each of the subnets, we are attaching a Nat gateway. So the subnet two A will have a ten Gbps of burst, subnet two B will have its ten Gbps of burst, and subnet two C will have its own ten Gbps of burst. So in total, there will be a 30 Gbps of burst performance across all of these subnets. So this is something that we should be remembering.

Now, in exams you might get questions related to Nat instance and how we can make it more highly available. And again, the scenario becomes the same where you should have multiple Nat instances. So these are EC two instances. First EC two instance will be in the subnet one, which is the availability zone 1. Second. EC two instance will be in availability zone two. Now, if one EC Two instance goes down due to the Availability Zone failure, you always have the second EC Two instance in the second Availability Zone, which can be used to route the traffic across. So this is one important thing that we should be remembering as far as the Nat gateway high availability and overall Nat gateway performance is considered.

11. Understanding Static Routing

Hey everyone and welcome back to the Knowledge Pool video series. So in today’s lecture we are going to speak about static routing. So in order to understand more about static routing, let’s understand it with a simple use case. So I am going to advertise something about my recent trip that I actually made from Coimburg Tour to Bangalore. So basically just few months back I traveled around 400 km from a place called a SCOAN Butter to the Bangalore city. Now, I was traveling through my Scootie so this is my nice little scootie and it was a straight highway. So this was the national highway and my phone battery got over and I had no other choice but to rely on the sign boards that comes on the road after certain kilometers to tell which direction I should be going because there can be multiple directions like I can take a left or I can take a right. Now, depending upon which direction I take, I would end up in a completely different place altogether.

Now, if I want to reach to my location which is Bangalore, I have to make sure that I follow the sign board. So the first important point is that sign board needs to be there at the regular interval so that I can know where I have to go. Now, same thing applies for computers and computer networks. Now, if I want to reach Google. com, then there has to be certain sign boards which my packet or the networking packet must follow in order to reach the Google servers. And this is something that we’ll be looking into right now. So let me just log into my Linux box so let me just open up my terminal and I’ll just make it bigger. So when you do a route m or let’s do pinggoogle. com with one request. So now you see we are able to get a reply back. Now one thing that we have ensured that we are able to reach the Google servers. Now the question is how come the packet knows where to go? And the answer to this is the sign boards in my route table.

So if I do a route n, you see there are a lot of sign boards which are present so this are basically called as the route entries. Now what this basically says that if you want to go to a destination which is zero dot, zero dot, zero zero dot which means everything you go via this path which is 190 to. So this basically instructs the packet to go to this gateway. Now, the very first thing that happens is you determine the Google server so you get the IP address of the Google server. Now the matching happens. So is can it be part of 216-51-9746? And the answer is yes and if yes, then the packet will go to the destination which is mentioned in this specific gateway table. So this is what the sign boards are all about. If we remove these sign boards, then the packet will not be able to go anywhere. In fact, let me just show you. There is a nice little command for route TXT. So this command basically adds the new sign board. So it will add a route to the route table.

So you see, this is the route that is present here. And through this route, my packets are able to reach the Internet. Now, what would happen if I remove this route? Let’s try this out. So I’ll copy this up, I’ll paste it instead of route add, I’ll do a route Dell and I’ll press Enter. Now, if I do a route N again, you see the first entry got removed, which is zero, zero, zero. And now when I try to ping Google. com, you see I’m not able to reach anywhere. And this is the reason why having our route entries are extremely important. So let’s just quickly add the route entry. I’ll do a Route Hyphen ad and now if I do a page, I should get a perfect reply. So this routes that we are adding manually, so these routes are something which are more of a static in nature, and these are called as the static routes. So with this, let’s go back to our PowerPoint presentation and talk about static routing. So, static routing is a form of routing which occurs when the router uses the manually configured route.

So you saw that I had manually added a route with route add command. So those are something called as the static routing. Static routing can also be automated. And this is one thing that we have to remember. Now, in many of the cases, static routes are manually configured by the network administrator by manually adding it to the route table. I still remember in one of my previous organizations, I had configured the server and the server was not able to reach to the Internet. So I had to go to the network team, I had to ask them what is the gateway? Then I had to manually add a route entry for that specific gateway so that my packets would go to that gateway to reach to the Internet. And this is something that you might be familiar with if you are dealing with servers.

Now, these static routes you will find in all the servers, be it the local servers, be the servers in AWS liner, digital ocean, everywhere. So there are certain disadvantages of static routes. First is the static routing are more for smaller networks. Now, when you go to the larger ones, you might have hundreds of routes. And during that time, static route is something that is not a very ideal solution. We’ll be discussing more about that. So let’s look into the disadvantages of static route. One is human error. So in many cases, when you type the route command, you tend to make certain mistakes due to which the things will not work properly and this is one of the disadvantage. Second disadvantage is the fault tolerance. That means that if there is an issue in network between the two, static device traffic will not be rerouted.

Thus the network will remain unusable till that time. Now, one of the good example of this, I would say is the Google Maps. So Google Maps generally it tend to detect if the roads are blocked and it will give us some alternate way through which we can travel. Now, if you just have a plane signboard which is static, even if the road ahead is completely destroyed, the signboard will still be there. And as the commuter, I go in that direction only to realize I’ll not be able to go further. So the fault tolerance is not there when you generally go with static routing. Third is administrative overhead. So static routes generally needs to be configured in all the routers. And if you have a lot of routers within the organization, you have to dedicate a lot of time configuring the route. So these are some of the disadvantages of static routing. Now this definitely in order to overcome this, you have a dynamic routing which is there. And we’ll be discussing more about dynamic routing in the upcoming lectures.

12. Understanding Dynamic Routing

Hey everyone and welcome back to the Knowledge Pool video series. Now in today’s lecture we’ll be speaking more about dynamic routing. So let’s go ahead and understand more about it. Now, in the earlier lectures we were talking about static routing and one of the examples that we had taken of was of the Linux page operating system. So let’s assume that you have a client. Now this it can be a Windows or a Linux machine and you have a WiFi. And this WiFi is connected to the Internet. Now, if we want to browse Google. com from my client, what I generally have to do is I have to connect to my WiFi router and after it is connected, I can go to my browser and I can type Google. com. Now in order to do that, we have to first get the IP address of the wireless router and we have to add a specific route for zero, zero, zero, which means any destination for 192 one, 60, dot one.

So whenever a client wants to go to any IP address, be it Google. com, be it Facebook. com, all the traffic should go to the destination. And the destination is 109, 216801. So whenever your browser makes a request, the route table entry is looked upon. So this is the entry which is looked upon and the packets goes to the wireless router. And then you see the magic and the Google page loads for you. Now let’s look into the scenario from much higher level. So you have a client, this client has a route of 192. All the packets the server or the operating system will send to this specific WiFi router. Now this WiFi router in turn also has a route table associated with it. So this WiFi router will send the packets to the ISPs main router. So there are various ISPs that you might find in your country. So as far as India is concerned, you have big providers like Tata Airtel, so those are the big ISPs. And whenever you configure your router the first time the people, the technician from the Internet service provider will come to your house, he will configure this static routes in your router and then the internet starts to work. So whenever you send a packet to the WiFi router, WiFi router in turn will send it to the main router of your ISP.

Now, this main router of your ISP is responsible for sending the packets across the internet and receiving it back to the client. So you will see there is lot of things which are involved behind the scenes which we might have not really even looked into. So let me just show you on how exactly that would really work. So if you’ll see over here, let me just log in. If you’ll see we have a route entry in my Linux box and let’s just maximize so that it becomes much more clear.

So we have a destination of zero, and the gateway is 192-1680, dot one. So basically this is the IP address of my WiFi router. Now when I go to that IP address, you see 109, 216801. You see this is the dealing router page. And within this you have one more routing table. So here you see there is a gateway and this gateway has 1116, 75, 81. So this is basically the routing table of my WiFi router. So whenever my WiFi router receives a traffic, it would send it to the main router of my ISP. And this is the IP address of the main router.

I hope you understood the basic on how it would really work. So let’s go to the next slide. So now this is my ISP router and in the world there are a lot of routers which are available. So let’s assume we are here in India and we want to send a specific packet in US. So there are various path which the router can use. So the first path is let’s assume this is my router, it can reach her to the first router, then it will reach her to the second router. And from second router the packet can travel to the destination. Or what it can do, it can take some different path altogether. This is my router. The second hop will be this. Third hop is this, fourth hop is this one. So there can be any number of different hops which my router can take in order to reach the destination. So let’s assume that this hop is down. Now, my router will not send data from here, it will send from some different path altogether.

Now after this router is up and running, again, my router can use this hop to send the traffic. Now this specific topology, it changes a lot. And this is the reason why you cannot really have a static routes here. So you cannot really configure static routes in this each and every router. Now again, this is the demo, but in real world there are thousands of such routers and having and typing static routes manually is not a real option. And this is the reason why dynamic routing is introduced. So what happens in dynamic routing is that dynamic routing is also called as adaptive routing and it basically can forward data via different routes based on the current condition of the communication network. This is very important to remember that earlier the path of my packet would be this is the first hop, second hop and third hop. Now if this goes down, then my router can send it to some different hop and from here to the second hop, and from second hop to the third hop.

So this is called as the adaptive routing. And depending upon the current conditions of the communication network, the packet routing changes. Now there are several protocols which are used for dynamic routing. Like Rip. You have OSPF. You have BGB. Now generally Rip and OSPF are generally rip specifically is used for interior gateway protocol. So in the dynamic routing protocols there are two major ones. One is the interior gateway protocol and second is the exterior gateway protocol. Interior gateway protocols are generally used for inter like within the same organization. If there is a big network, this is where the interior gateway protocols are used. But when you talk about exterior gateway protocols, the best example is the Internet, because exterior means it is outside. So since all of these routers are outside of an organization, these are called as exterior routers. And for this we have the exterior gateway protocols which are generally used. And the most famous exterior gateway protocol is BGP. Now, BGP is one of the major protocol which is used for external dynamic routing and thus it is also called as the routing protocol for the internet. Now, we are going into a very high level overview. We don’t really have to understand in great detail how exactly it would work. So having a good overview as far as the high level is concerned is a good thing for us.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img