RSS

Amazon Networking Services, Part Two

29 Jun

Episode 76

In the previous episode, we started dive into Amazon networking services group with VPC. I’ve mentioned networking services in the AWS introduction episode, as one of three most basic, along with storage and compute.

rocks-bridges-fantasy-artwork-1920x1080.jpg

Aside from VPC, networking category consists of three more services: Route 53, a DNS provider named after port number not the American Highway. CloudFront, for throwing pictures of cats at our users even faster. Finally, Direct Connect, to upload those pictures to the cloud while offline (and of course: faster).

Route 53

Route 53 is a Domain Name System (DNS), a naming service used since the beginning of the Internet. It facilitates translation of human-friendly names into IP addresses understood by routers, computers and other connected devices that supports TCP/IP stack. When we type an address in the browser, it’s checked whether it’s stored locally and if not, if it’s available in DNS cache. If it’s not, there is a query to top level domain DNS server to look for the address. The server will either return it or redirect to another server deeper in the hierarchy. At some point, the server will have a zone file for particular domain with required information. Zone files contain several type of records:

  • SOA – Start of Authority. A basic information about the domain: server name, administrator, version and various timeouts and TTL settings.
  • A – Maps to an IPv4 address.
  • AAAA – Maps to an IPv6 address.
  • CNAME – Canonical Name. An alias to another domain name.
  • MX – Mail Exchange. Defines mail servers for the domain.
  • NS – Name Server. Delegates DNS request to another name server.
  • PTR – Pointer. A reverse of A record, maps IP address to domain name.
  • SPF – Sender Policy Framework. Used by mail servers to combat spam.
  • TXT – Text. Arbitrary information about the domain.
  • Alias – A Route 53 specific extension that points to AWS resource like load balancer or S3 bucket, instead of an IP address.

Route 53 supports several routing policies:

  • Simple – a round robin, often used with single resource.
  • Weighted – allows to route a given percentage of traffic to certain destination.
  • Latency-based – tries to find the fastest resource from configured set, depending on latency from client.
  • Geolocation – allows to direct clients from particular continents or countries to different resources.
  • Failover – routes from primary to standby resource based on results of configured health checks.

Route 53 also works as domain registrar if you need your own place in the internet.

883475.jpg

CloudFront

CloudFront, launched in 2008, is a Content Delivery Network (CDN), also known as Content Distribution Network. It’s is a dense network of geographically distributed proxy servers. Clients are served content from the nearest server, thus latency might be much lower when compared with setup with single central server or small number of central servers. Those proxies are called Edge Locations in AWS terminology, there are over eighty of them currently. The network of Edge Locations is called the Distribution. The source of content, called Origin, might be an S3 bucket, an EC2 instance, an Elastic Load Balancer or an entity outside of AWS infrastructure. Data can be accessed via HTTP and HTTPS, or the Real-Time Messaging Protocol (RTMP), especially suitable for streaming audio and video.

CloudFront can be used both to read from and to write to, which can be used to accelerate upload to S3 buckets for additional charge. When origin resources are deleted, it takes some time until CloudFront catches up with the change, but in urgent situations we can use invalidation API, which is charged additionally. We can also use Cross Origin Resource Sharing, custom SSL certificates, apply automatic data compression or whitelist / blacklist countries where the service will be available for clients, among other features.

Direct Connect

If our Internet connection is poor and we have to upload a lot of data into the cloud, we can opt for a courier from Amazon with hard-drive loaded suitcase, a hard-drive loaded truck, or in less extreme cases – the Direct Connect service. Amazon has currently a networking presence in 58 associated third party data centers around the world, and basically if we have access to any of those, we can connect to AWS infrastructure bypassing the internet entirely.  Access can be through lease line or direct presence in the data center.

After requesting the Direct Connect, we need to wait up to three business days, and after approval, we get a Letter Of Authorization – Connection Facility Assignment (LOA-CFA) that should be presented to data center service provider to provision the physical network connection on our behalf. Then, one or more virtual network interfaces in our AWS cloud can be associated with it, and we can use it transparently. Direct Connect can use multiple network ports, so the result bandwidth can be a multiplication of 1 Gbit/s or 10 Gbit/s.

What’s Next?

That’s it about AWS networking for now. In the next episode we will expand upon another group of services, that we barely scratched in Amazon Web Services Jungle episode, namely Security, Identity and Compliance. Stay tuned!

28ff851bbf3966f48cb92c75c1000445.jpg

Image sources:

 
1 Comment

Posted by on June 29, 2017 in AWS, Cloud, Technology

 

Tags: , , , ,

One response to “Amazon Networking Services, Part Two

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: