Traffic to and from S3 and EC2 (in a public subnet) doesn’t go over the public Internet in the same region.The traffic goes to the “AWS edge” (Internet Gateway) in that region. It is the “public Internet” in the sense that you need an Internet Gateway, and S3’s endpoints are Internet-facing. However, the traffic does not move beyond the AWS-controlled networks if you stay within the same region. The EC2 Instances (or other AWS services) traffic simply travels via the Internet Gateway to S3. Obviously, for EC2 instance in private subnets they traffic would need to go through a NAT instance.
Showing posts with label traffic. Show all posts
Showing posts with label traffic. Show all posts
Sunday, March 30, 2014
Tuesday, August 13, 2013
ELB load balancing algorithm
ELB does round robin load balancing. However, if you are testing ELB and all of your traffic is going to the same instance, don't be surprised. This is because Amazon ELB behaves little strange when incoming traffic is originated from Single or Specific IP ranges, it does not efficiently do round robin and sticks the request to some EC2's only.
Saturday, August 10, 2013
Traffic costs between EC2 instances, AZs, and VPCs
Often times when running on AWS you will have multiple AZs, accounts and VPCs. This is a simple summary of EC2 data transfer costs:
1. Within the same AZ : Free: It is within the same AZ and over private IP.
2. Between two AZs : Cost. Will incur inter-az charges for both inbound and outbound
1. Within the same AZ : Free: It is within the same AZ and over private IP.
2. Between two AZs : Cost. Will incur inter-az charges for both inbound and outbound
3. Between Accounts in different VPCs : Cost. Inter-az charges are applicable for data transfer charges between instances in the different AZ's (same region) and in different accounts.
4. Between one EC2 classic instance and VPC EC2 instance in a same AZ : Cost
5. Instances to S3 in the same region: Free
6. Instance to S3 in different region: Cost. cross region charges
4. Between one EC2 classic instance and VPC EC2 instance in a same AZ : Cost
5. Instances to S3 in the same region: Free
6. Instance to S3 in different region: Cost. cross region charges
ELB primer : A good place to start
If you are just starting off with ELB or even if you have worked with it for some time, here is a helpful blog post:
http://harish11g.blogspot.com/2012/07/aws-elastic-load-balancing-elb-amazon.html
I like these points in particular:
http://harish11g.blogspot.com/2012/07/aws-elastic-load-balancing-elb-amazon.html
I like these points in particular:
Point 4) Amazon ELB is not designed for sudden load spikes /Flash traffic
Note: Not for traffic that changes ever few seconds or even every few minutes.
Point 8) Amazon ELB cannot do Multi AWS Region Load Balancing
Note: Use Route53
Point 9) Amazon ELB sticks request when traffic is generated from Single IP
Note: I see this a lot in training classes as students are always hitting from same IP address.
Point 12) Amazon ELB can easily support more than 20K+ Concurrent reqs/sec
Note: In most cases, one ELB can support multiple systems.
Monday, August 5, 2013
Blocking traffic from specific countries
There is nothing 'out of the box' from AWS. You can do this with CloudFront’s private content feature, but still need to use a their-party geo-ip database like Maxmind. There is a tutorial here last: http://aws.typepad.com/aws/2012/01/guest-post-geo-blocking-content-with-amazon-cloudfront.html.
Monday, June 3, 2013
AWS Direct Connect active active with failover
A common question is: "Can use one direct connect connection as active active but also as failover?"
- Yes, Active/Active(BGPmultipath).Network traffic is load balanced across both connections. If one connection becomes unavailable, all traffic is routed through the other. This is the default configuration.
Wednesday, May 15, 2013
AWS VPC public and private subnets
What is the difference between a private and public subnet? I asked myself this after I was looking for a field in the ec2-describe-subnets command, AWS console, and ElasticWolf, and could not find anything to indicated whether a subnet was private or public...
Public and private subnets are more or less the same thing. The routing table will decide whether a subnet is public or private. A subnet with a default route to the Internet Gateway, and instances using Elastic IPs, is considered as public. If you remove the Internet Gateway, you now have a private subnet.
This means that instances in a private subnet are invisible to the outside world and don't have access to the outside world (i.e internet). Therefore, instances in private subnets need to make use of a NAT instance. The NAT instance will basically accept all traffic coming from the private instances and send it out to the Internet Gateway. That would theoretically add some latency.
Back to my original question: So, if an IGW is associated with your subnet it is a public subnet.
Public and private subnets are more or less the same thing. The routing table will decide whether a subnet is public or private. A subnet with a default route to the Internet Gateway, and instances using Elastic IPs, is considered as public. If you remove the Internet Gateway, you now have a private subnet.
This means that instances in a private subnet are invisible to the outside world and don't have access to the outside world (i.e internet). Therefore, instances in private subnets need to make use of a NAT instance. The NAT instance will basically accept all traffic coming from the private instances and send it out to the Internet Gateway. That would theoretically add some latency.
Back to my original question: So, if an IGW is associated with your subnet it is a public subnet.
Subscribe to:
Posts (Atom)