AWS re:Invent 2023
Advanced Vpc Designs and New Capabilities Net306

Title

AWS re:Invent 2023 - Advanced VPC designs and new capabilities (NET306)

Summary

  • Presenters: Matt Lewis (Senior Principal in EC2) and Alex (Principal Solution Architect).
  • Session Level: 300 (Intermediate; balance between foundational and deep technical content).
  • Main Topics:
    • Evolution of Amazon VPC and its components.
    • New capabilities and services in networking introduced in the past year.
    • Advanced VPC architecture strategies.
    • IP address management and the importance of Amazon VPC IPAM.
    • VPC sharing vs. individual VPCs and their scaling.
    • Connectivity options: Internet Gateway, NAT Gateway, VPC Peering, Transit Gateway, Cloud WAN, Direct Connect, and PrivateLink.
    • Application networking with Elastic Load Balancing and Amazon VPC Lattice.
    • Security aspects: EC2 Instance Connect, AWS Network Firewall, Gateway Load Balancer, Verified Access, and generative AI's impact on networking.
    • Preview of network troubleshooting with Amazon Q.

Insights

  • VPC Evolution: VPC has evolved from a simple networking construct to a complex system with various components like subnets, gateways, and route tables, supporting both IPv4 and IPv6.
  • IP Address Management: Amazon VPC IPAM is crucial for managing public and private IPv4 exhaustion, cost optimization, and global expansion. The new free tier and integration with accounts outside of an organization are significant updates.
  • VPC Scaling: The decision between VPC sharing and creating multiple individual VPCs depends on the use case. The introduction of multi-VPC attached Elastic Network Interfaces simplifies connectivity without peering or transit gateways.
  • Connectivity Enhancements: New features like increased NAT Gateway IP addresses and NAT Gateway availability in Local Zones improve internet connectivity options. Using IPv6 allows for innovative architectures like using IGWs as transit gateways.
  • Hybrid Connectivity: Direct Connect has expanded to over 130 locations, and new quota increases for virtual interfaces and advertised routes enhance hybrid connectivity. Cloud WAN offers global connectivity and intent-based network configuration.
  • Application Networking: Elastic Load Balancing and Amazon VPC Lattice are key for application delivery and zero-trust service-to-service communication. New features like IPv6 instance type targets and mutual TLS support for ALB are notable.
  • Security: AWS Network Firewall and Gateway Load Balancer provide scalable traffic inspection. Verified Access offers VPN-less application access, enhancing security. The integration of generative AI in networking is leading to high-bandwidth instance types and advanced data center networking protocols like SRD and ENA Express.
  • Network Troubleshooting: The preview of network troubleshooting with Amazon Q, integrated with VPC Reachability Analyzer, indicates AWS's focus on simplifying network diagnostics and management.
Advanced Serverless Workflow Patterns and Best Practices Api401Advancing Equity the Intersection of Government Enterprise and Tech Wps101