Skip to main content

On Prem Networks 



  • Follow an architecture 


  • On Prem was slow/applications needed to be deployed faster 


  • DevOps moved to cloud 



Reinventing Network and Security Architecture for Cloud 



  • VMware was able to virtualize servers, and run applications on a virtual machine, however this was still On Prem 


  • People moved to public cloud but there was an architectural gap 


  • Aviatrix provides the architecture, MCNA, to help deploy applications  



IaaS, PaaS, SaaS 


On Prem (physical/virtual) 



  •  Underlay, hardware, software, day0, day1 and day 2, everything is the user’s responsibility 



Infrastructure as a Service



  • CSP’s manage hardware, software, storage, and networking 


  • Users are responsible for running the virtual machines and patching the O/S 



Platform as a Service 



  • Users only consume as a platform 


  • CSP’s manage everything, you only manage applications and data 



Software as a Service 



  • Users consume the service 


  • All aspects managed by CSP’s 



 


What is Hybrid Cloud? 



  • Cloud connectivity with On-Prem DC 



Public Cloud Basics 



  • Known to be resilient, highly available, multiple regions 


  • Just as data centers have issues, the CSP’s data centers have issues as well 


  • Users however have no control/visibility of these issues 



Data Center 



  • Cloud service providers use data centers to house cloud services and cloud-based resources 



Region 



  • Data centers are grouped in regions and geographic areas to provide regional service availability 



Availability Zone 



  • Distinct locations within the cloud provider’s network that are engineered to be isolated from failures  



 


Public Cloud Network vs. On-Prem DC 



  • Public Cloud Network tries to provide the same services as the On-Prem DC 


  • Provides concept of VPC (virtual private cloud) 


  • The most important part of the VPC is the application/virtual machine 


  • Virtual machines are sitting on different subnets, so they need a routing entity 


  • Some security constructs are provided but are often very primitive 


  • VPC required connectivity to internet (sends traffic to internet) 


  • Users coming in/trying to get access to virtual machines 


  • Private link to connect to data center needed 


  • Limitations 



    • 100 BGP route limit in AWS-TGW 


    • No routing controls 


    • No service insertion 


    • Poor visibility 



good explanation

Very Clear

Well explained!

Great

Alizah Nauman said:

100 BGP route limit in AWS-TGW 

Refer to https://docs.aws.amazon.com/directconnect/latest/UserGuide/limits.html for details of the limits applicable on AWS

Reply


Terms & Conditions