Amazon AWS Certified Advanced Networking Specialty – Benchmarking & Optimizing Network Performance
1. Understanding Network Interfaces
Hey everyone and welcome back to the KP Labs course. So in today’s lecture we will be discussing about the network interfaces in a very high level overview. So let’s assume that you have two computers over here and both of these computers wants to exchange or wants to communicate with each other. Now by default, right, you cannot directly communicate. You need to connect both of these computers with some kind of an interface. So it can be wired based interface, it can be wireless based interface. So this is one of the screenshots, I’m sure many of you might have been familiar with this kind of approach where we used to connect to laptops with the ethernet cable for various options including playing the multiplayer games. So once you connect with some kind of a medium, then the communication can be made possible. So this specific port, so you might have already seen this port, this is generally there in most of the laptops except Max. So this is called as the ethernet port.
So you connect this ethernet cable on this ethernet port of one laptop and same you do on the other laptop and then you can actually configure both of them to communicate with each other. So I also have one more laptop and within this laptop you see there is an ethernet port I’m this is the ethernet port. So anyways, I’m sure that you all are familiar with the ethernet port. So behind the scenes what exactly this is, this is basically the network interface car. So inside the motherboard. So earlier this used to come as an add on where we used to attach this in the PCI bus of the motherboard. However, nowadays it comes pre built within the motherboard. So this is how it looks like and you attach this to the motherboard and then you can connect land via this.
So this is what the network interface card is all about and this is what actually enables the communication. So, a very high level overview about the network interface card. Now, one thing that I wanted to show you, so generally if you do if config, you will see that this is the Et zero interface which corresponds to the network interface card which is connected to the server. And each network interface card has a dedicated hardware address which is associated. So all many of the configuration settings you can configure from the command line associated with the network interface card. So anyways, we’ll be looking into the right relevance sections more on how you can configure this according to the needs.
2. Elastic Network Interfaces
Hey everyone and welcome back to the Kplabs course. So in today’s lecture we’ll be discussing about an elastic network interface. So in this generation of virtualization so a single host can have like ten virtual machines and when we speak about a network interface card which is a hardware entity, we cannot really have a ten network interface card just for one server which is having ten virtual machines. So lot of things has been virtualized and even the network interface card has been virtualized. So when I talk about virtualized I mean that it is converted into the software. The functionality of the network interface card has been converted into the software based arena. So Elastic network interface is one such virtual interface which is being provided by the AWS. So in simply AWS, elastic network interface is a virtual interface that can be attached to an instance in a virtual private cloud.
So when you talk about the network interface card so let’s assume that I have a network interface card which is attached to this laptop. So you see the ethernet port. Now I want to remove that virtual interface card and connect to my another laptop. So that will be a real big pain. I have to open up the entire laptop, I have to look into the motherboard and I have to desolder a lot of things. So that is a big paint. However, when it comes to virtual network interface card you just have to click one button and you have to attach it to a second server. This is how easy it is to put it. So this virtual network interface cards can be swapped between two instances. So you have the server one and you have the server two. Now, what you can do is this is the portability feature which is definitely part of virtualization technology. So you can actually put this network interface card from server one to server two in just one or two clicks. This is how easy it is. So in AWS it is called as the elastic network interface. So this is not something which is quite new in AWS. In fact all the virtualization providers they provide some kind of way of an elastic network interface.
So let me give you one of the examples. So I have my virtual machine over here and if you’ll see I have two network adapters so these are two nick cuts, I can easily remove one of them. So you see I can remove and even I can add a new network adapter. So if I see I can easily add a new network adapter, I can configure the settings bridge, net or very similar. So you just have to click and software based network interface can be attached or detached. Now, similar concept applies to AWS. So within AWS you have the EC two instance and within the EC two instance under the network interface you have the direct link to the network interface card which is associated. So if I’ll just click over here and I’ll select the interface which is EA Nine.
So EA Nine stands for elastic network interface. It will take me to the Elastic Network Interface console and this is the actual virtual interface which is associated. Now, you see this network interface card I have the ability to detach and attach as well. So I’ll give you one of the examples. So this is one of the servers and there are two network interface card which is associated. So I can have multiple nick cards to a single server. So let me just click on one of the interface card. I can easily go ahead and click on Detach and that will be detached over here.
So let’s go to the server. So if I do ifconfig ETH One up and do ifconfig you see that I have two network interface card which are present over here and each of these network interface card has its own separate IP addresses and its own separate hardware address as well. So now let me show you on how you can detach it. So this specific network interface card is associated with the ETH One interface. So I’ll click on Detach, let’s do anything. I’ll bring the interface down perfect. I’ll bring the interface down and click on Detach. I’ll select Force Detachment and it is going ahead and detaching this specific network interface card from the EC Two instance. So if you just want to verify if it is actually detached, you can do if config A and it will show you that you don’t really have a ETH One interface here. Perfect. So let’s look into how you can create a new network interface card and attach it to the EC Two instance. So before we do that, let me just delete the network interface card that I have.
Now, if you go to the EC Two instance this is the server and there is one primary network interface which is 880. Now, we want to attach one more network interface over here. So in order to do that, what you’ll have to do, you have to go to the Network Interface dashboard, click on Create a network Interface. I’ll just name it as KP. Labs. Hyphen eni. Now, it has to be created in the same subnet where your EC Two instances. So one quite important point to remember. So I’ll just verify the availability zone which is one C and the subnet is 83 C. Perfect. So I’ll just select the 83 C subnet associated with one C. You also have to define the security groups and click on yes Create. So let’s go down and this is the Kplabs ANI interface which is created. Now, in order to attach it, click on this. I’ll just name it here so that it can be easier for us to sort out. Perfect. I select this, I click on Attach. Now you have to select the instance. Now, since there is only one instance which is running on the Availability Zone one C. It is only showing you that instance because this network interface card has also been created in the Availability Zone one C, I’ll click here, I’ll click on Attachment.
Perfect. So now it takes a few seconds for the attachment to complete. So now let me just refresh and now within the network interface, you see I have ETH Zero, I have ETH One and within the private IP addresses also, you see I have two private IP addresses now. One associated with the ETH and second associated with the ETH One. So within the Linux server if I now do if confconfig now you see I have two network interfaces. One is the ETH zero and second is the ETH two. So this is what the Elastic Network Interface is all about and you can easily remove them, you can attach it to some different server if needed by now, along with this you can also attach Elastic IP addresses to each of this network interface card. This is pretty much possible and the same way which we normally do. So, important points to remember that we can attach a network interface card to an instance which can either be running or a stop or when the instance is getting launched.
So this is the flexibility that we have. Now, this is a quite important point that we can detach the secondary interface card when the instance is running or stopped. However, you can’t detach the primary ETH Zero interface card in the same way. So this is one important point to remember. And the last is you can attach a network interface in one subnet to an instance in another subnet in the same EPC. So it should be can’t actually. So this is the same thing. So if you have the network interface card in Availability Zone, let’s assume one A then if your instance is running in one C that will not work. The network interface card and the EC two instance has to be in the same Availability Zone then only you will be able to attach them. So these are some of the important pointers that you should be remembering as well as the Elastic Network Interface is concerned. So this is it about this lecture. I hope this has been informative for you and I look forward to seeing you in the next lecture.
3. Enhanced Networking
Hey everyone and welcome back to the Knowledge Pool video series and in today’s lecture we are going to speak about enhanced networking. Now, this is a very important feature specifically for a lot of organizations whose main bottleneck is network. Now I have been into one of the organization where I was working in, where we had a very fast server, we had a good CPU, we had had a good Ram, we had a good hard disk drive, which was an SSD, but still the overall performance of application was bit slow. And then we realized our bottleneck was network because the application used to transfer a lot of packets in and out for communication.
Since network was slow, the overall application processing was affected. Now, this kind of a scenario you will find in many of the organization and this is the reason precisely why AWS introduced the feature of enhanced networking. So let’s go ahead and understand enhanced networking from the absolute basics of Niccard. Now, Niccard basically stands for Network Interface card and is basically a hardware component that allows the computer to connect to a network.
Now this is a very important point because during the old times I’m sure many of you remember whenever we used to buy a computer we had to additionally buy this network interface card which we used to manually plug it in in the motherboard. Now, behind this card you see there is an ethernet port. So this is where you connect the RJ 45 connector so that land cable you see the one end of the land cable connects to the network interface card. Now, generally because of the necessity nowadays and also the low cost, it generally comes prebuilt with most of the motherboards from past many years. Now, there is one concern about the network interface card is that if this card stops working then your entire networking functionality gets affected. So specifically when it comes to servers they don’t just rely on one network interface card, they rely on two network interface cards for the high availability. So even if the one Nic card fails you still have the second Nic card to support the networking functionality and configuring this multiple Nic cards in high availability is a really fun thing to do.
So we’ll be discussing about this hopefully in our Linux course which we’ll be bringing up in some time. So this is about the servers and multiple Linc cards. Now, when you talk about the network interface card as far as the EC two instance are concerned I hope you remember EC two instance, they come up with a network interface card. Now these cards if you see there is a network interface so if I just click over here and I go into the interface ID, this is the interface that is associated. Now, I can create the interface card whenever I want and I can attach it to any instance.
So basically you can even attach multiple interface to the EC two instance for maybe high availability or to do some fun things. So anyway, so let’s come back to the topic where generally what happens in EC two instance is that if there is a EC two instance, let’s consider this as an EC two instance and this is the virtualization layer. So basically Amazon uses the Zen as the virtualization layer. And let’s assume that there are two interface card which are attached. One is the ETH Zero and ETH One. Now this interface card, whatever traffic that comes into the EC two instance and whatever traffic that comes out of EC two instance, it has to go through the virtualization layer which is Zen. So this is where a lot of processing related to networking happens.
And from here the packet can go outward towards the other EC to instance or other network. Now, every network interface card has a specific bandwidth. It is not that I have one network interface card and it will provide me unlimited bandwidth just like a car. Every car has a high speed limit, it cannot be unlimited and same goes with the network interface card. Now, specifically when you are using the network interface card along with the virtualization layer, there is some amount of bandwidth restriction that happens, a lot of bandwidth gets affected. Specifically if you are using it with the virtualization layer.
Now, you see within here all the network packets has to go through the virtualization layer and from there it goes out and this sometimes creates performance degradation. And when you talk about enhanced networking, enhanced networking is like a good networking performance. And this is the reason why when you talk about enhanced networking, the architecture is a bit different. So when you talk about enhanced networking, you will see now what happened was instead of the interface interacting with the virtualization layer, now there is a new interface called as intel 8259.
Now this is a great network interface card. So if you do intel 8259, so this is a ten gigabit you see this is a ten gigabit ethernet controller. So this is a network interface card which supports up to ten gigabit of connection. So this is what AWS uses for the enhanced networking. So you have your intel network interface card and now the interface are directly connected to the Nic card which are present over here and not a virtualization layer.
So this provides a lot of benefits. Now the second one, you see intel eight to 599 virtual interface supports the speeds up to ten Gaps and the instances which supports enhanced networking with the intel eight to five nine and they will support the maximum speed of ten Gbps. Now, one more important thing to remember over here is that enhanced networking uses the single root I O virtualization technique to provide a high performance networking capability on supported instance type. So enhanced networking is not supported by all the instance type, but only the selected instance types. Now, when you talk about this Intel Nic card, you see you still have a restriction of ten Gbps. And in many of the corporate applications they need a more better performance. However, with intel eight to 599, the performance is limited only up to ten Gbps. And this is the reason why AWS came up with a new technology, hardware called as the Elastic Network Adapter. So the same way where you have an Elastic Network Adapter and the EC two instances network interface are directly connected over here, bypassing the virtualization layer. Now, one of the good benefits about the Ena is that the Ena is a new PCI network device which is designed specifically for the EC two instances.
Now, Ena supports the network speeds up to 25 Gbps for the supported instance type. So this does not mean that Ana has the maximum speed limit of 25 Gbps. It actually the device interface supports up to 400 Gbps of networking capabilities. So in the future, this limit of 25 Gbps will be increased. But one important thing that we should know that this DNA is extremely fast. So these are the two technologies which AWS uses for the enhanced networking. Now, when we talk about the supported instance types, so, depending upon the instance type, the enhanced networking can be enabled using one of the following mechanisms. Now, we already discussed there are two ways in which the enhanced networking can be used. One is through the intel. A to finite line virtual interface. And second is through the elastic network adapter.
Now, each one of these supports a specific inter or specific EC to instance type that you can just have a glimpse into. So it is not like mandatory, for exam, that you need to know which instance type supports which network interface card. But you should have an overview understanding that there are two types of enhanced networking capabilities that AWS offers. So let’s look into the EC two instance type. So, within the EC two instance type, if you go a bit down, there is an enhanced networking option. And the T Two series, they do not really support enhanced networking. It starts from the M Four series. So M Four Supports enhanced networking. And if you go a bit down for other instances, the enhanced networking is supported. Now, there are a few important things to remember over here is that if you see over here, M Four uses the enhanced networking of Intel Eight to 599.
And when you go for more better instances like P Two, P Three, R four, they support the elastic network adapter. Now, all the M Four supports the enhanced networking with Intel Virtual Interface, except the M Four dot 16 x large. Now, one last thing that we’ll be covering in this lecture is the driver support. Like whenever you buy a gaming laptop and you have a good graphic card, but if you do not have the graphic card driver then essentially things will not make sense. And in the same way if you are using enhanced networking, you have to make sure that you have us proper drivers or proper modules which are installed within your EC two instance that will make use of these enhanced networking. And this is something that we are going to look into. So I have one EC two instance running. So let me just go back. Now I have enhanced networking. So this is the name that I have given.
This EC two instance is based on the instance type of M four large. So this instance supports the enhanced networking capability. So I’ll just log into this EC two instance. Let me just go to Sudo. Sud. If you look there are the interface. So this is our primary interface which is ETH Zero. Now, since M four large supports enhanced networking, let’s just quickly verify if there are appropriate modules which are installed within this operating system that can take advantage. Now if you run ETH tool and now there is one very important thing that you need to verify is the driver.
So this driver is Ixgbevf. So this is the driver for the intel network interface of network enhanced networking. So you have to make sure that this specific driver is present if you are using the enhanced networking. So when you talk about the nab based enhanced networking, then the driver name will be ena. However, for intel base the driver name will be ixgbe VF.
So this is basically the module name. Now, one more important thing that you might want to remember is that you can even check if the EC two through the EC to command. If you just run this command, let me specify the region and when it comes to this specifically net support, the value should be simple. So this would mean that the enhanced networking is supported. Sometimes the value is null. So that is something where you have to really check, otherwise you will not get a proper performance. So there are two things that you need to check. Whether you have an appropriate driver and through the AWS easy to describe instance, make sure that you get the value of simple for this specific net support.
4. Management Network Architecture with ENI
Hey everyone and welcome back to the KP Labs course. So in today’s lecture we’ll be discussing about the management network. Now. In fact, one of the students had requested to create a video specific for management network because it happens that in many of the organizations specific to ones who have CISSP guys so many times, you might have maybe any. Encountered. They are like, hey, let’s create a management network for all of our servers. And if you are a DevOps or an SRE, you should be knowing what management network is all about in the first place. So this is the reason why we are discussing about the management network.
Now, the concept of management network is very simple. So let’s discuss. So we already know that an easy to instance can have a multiple network interface card which can be associated with them. Now in general scenario, in a general scenario for most of the organization you have a single network interface card connected to your server which is on the Et Zero. And that network interface card is generally used for both public traffic as well as private traffic. So this is something that we have been working till now. So what management network tells is that it says that one interface card should be dedicated for the public traffic and there should be a secondary interface card which should be used by the employees and the management. So this is what management network is. So if you look into the diagram, you have a web server over here and there are two interfaces over here, one is the ETH One and you have the ETH Zero.
So for the ETH One you have the Elastic IP and you see the public traffic is connected to the ETH One. So all the traffic from the internet comes to this specific interface which has the Elastic IP associated. You also have one more interface called ETH Zero which is connected to the VPN. So all the management traffic or all the employees who wants to connect to the server via SSH, they go via the ETH Zero interface. So this is how it can be defined. Now, if I quickly do an if config, you see that I have two interfaces on this server. Now for the ETF Zero interface I can dedicate this interface for the public.
So I can attach elastic IP to this interface and I can put this elastic IP in the DNS. So anyone who visits the DNS name will come through this interface to my web server. I also have a second interface, ETH Two and I can associate this interface for all the VPN related traffic. So one thing that I wanted to show whatever security groups that you create, these security groups are not associated with the EC to instance, they are actually associated with the network interface.
Very important to understand. So when you go and you click on create a network interface, you see it there is also a security group column which actually tells which security group has to be associated with the network interface. For this specific interface, the public interface, you can associate security group where only port 80 or port 443 is allowed. However, for the 880 interface, which is used for management traffic, you can allow more ports like port number 22 or whatever support is required. So this is what the management network is all about. A very simple concept and it is important for us to remember.
5. Quality of Service
Hi everyone and welcome back. In today’s video we will be speaking about quality of service. Now, a quality of service is also referred as QoS and it basically it is the capability of a network to provide better service to selected network traffic over a technology. Now, in order to understand this definition, let’s take an example. So in this example we have that there are three people in a room who are sharing an Internet connection. So this is one of the common use case where you might have a group of friends who are sharing an Internet connection or if you’re living in a home, you might be sharing an Internet connection with a family member.
Now, the speed of the Internet is ten Mbps. Now what happens is person A is doing live gaming and hence he is utilizing most of the bandwidth of the Internet connection. So person A is actually doing a live gaming online. And gaming typically tends to take a lot of Internet connection and at the same point of time. So at the same point where person A is doing live gaming, there’s a person B who got a Skype interview. Now you know what happens and I’m sure you might have already gone through this kind of a scenario and the person A might face a little lag and person B might also face a little lag. However, the lag for the person B can prove to be quite costly and this is the reason why certain times it is necessary to prioritize the traffic. So with QoS, so in this type of scenario with QoS it is possible to prioritize the network traffic where Skype traffic can get the first priority and the traffic will have a secondary priority. So this can be done with the help of QoS.
So if you have a QoS implemented, then the person B will have a seamless Internet connectivity. However, the person A he will have a secondary priority over the remaining traffic or the remaining bandwidth of the Internet connection. Now, let me give you an example on how exactly this might look like. So currently I have a new me router. So this is quite nice router, which is also cheap. Now, within this router, currently, if you see my Internet bandwidth is 37 Mbps and download speed is 40 like 50 Mbps is download. Now within this I have a QoS allocation quality of service. Now within this I have several modes. Like I have a game first mode, I have a web page first mode. I have a video first mode. So depending upon the mode that I select, I can prioritize the traffic. So if I am gaming and I don’t really want a lag, I can select game first mode where my gaming traffic will get the highest priority. So along with that, you can do a lot of interesting things.
Like if I click on Edit over here, I can actually even set the upload speed, the download speed of various devices which are connected to my router. So all of these are basically part of the quality of service. You can even allocate the guest WiFi bandwidth.
So this is typically done in the corporate networks. However, QoS is something which is coming even in the home routers, in the affordable home routers nowadays. Now, one important part to remember specifically when it comes to QoS and AWS quality of service is not directly supported in AWS. So let’s take an example where you have hundreds of easy to instances. Now within them you want to prioritize the Http traffic at the first priority, can you do that? And the answer is no, there is no direct way in which you can prioritize specific traffic or specific protocol traffic over others. Now, one also important part to remember is that in AWS there are chances that neighboring virtual machines can impact your network and CPU performance.
So generally AWS, most of the EC two instances like T two micro, T two medium, they are in the shared hardware. So it can happen that the neighbors VM can affect your network and CPU performance. So there are certain ways in which you can mitigate this. So basically this scenario affects your quality of service as far as the networking bandwidth or a CPU bandwidth is concerned. Now, there are certain ways in which you can mitigate this. Definitely the first is you can run instances on your own dedicated hardware to avoid being affected by the noisy neighbor. So this is one part that you need to remember and in exam there might be a scenario where they will ask you like there is a whether it is supported in AWS or not. If yes, if you are having a neighboring VMs who are impacting your performance, how will you ensure that you have a good QoS for your production environment?
So in such type of use cases, ideally you should run instances on your own dedicated hardware so that you don’t really have a shared commodity hardware where the performance can be impacted by the neighbors. Now, along with this, there is one interesting feature which AWS has recently launched, which basically provides customer direct access to the hardware. This is quite interesting. Let me quickly show you this. So if you see here with a new type of instances, I three metal instances, AWS basically allows operating system to run directly on the underlying hardware.
This is a great news. It’s like a data center. You directly run on top of a hardware and there is no virtualization layer as per se. You have a lot of flexibility when you do this type of approach. So this is quite great. You can have a full access to the CPU, counters to the CPU related features which might not be accessed directly if you are running on top of virtualization. So if you’ll see over here you can take advantage of low level hardware features such as performance counter and Intel VT. All right, which is not directly supported. Fully supported in the virtualized environment. So this is one very interesting feature which AWS has launched. So this is it about QoS.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »