Each client page is an object in Amazon S3 which is addressable by a unique DNS CNAME such as https://s3.amazon.com/foo/bar.html. Where s3.amazon.com translates to the IP address of the S3 endpoint and /foo/bar.html is the unique name given to the object in S3.
Showing posts with label DNS. Show all posts
Showing posts with label DNS. Show all posts
Thursday, June 26, 2014
Monday, June 23, 2014
Route 53 weight average and record sets returned
When processing a DNS query, Amazon Route 53 searches for a resource record set that matches the specified name and type. If a group of resource record sets have the same name and type, Amazon Route 53 selects one from that group. The probability of any one resource record set being selected depends on its weight as a proportion of the total weight for all resource record sets in the group:
For example, suppose you create three resource record sets for www.example.com. The three A records have weights of 1, 1, and 3 (sum = 5). On average, Amazon Route 53 selects each of the first two resource record sets one-fifth of the time, and returns the third resource record set three-fifths of the time.
Friday, November 8, 2013
ELB : Some common questions
Q: Is a straight through reverse proxy possible with ELB? For example, a Wordpress instance that lives at my domain.com/blog. Is it possible with ELB similar to apaches mod_proxy passthru functionality?
A: ELB does not support this feature. Suggestions: Create a sub-domain like blogs.crafsy.com and have a separate DNS record + ELB for it.
Q: Is there a way to force traffic to a particular backend app server when fronted with ELB?
A: ELB supports sticky sessions for ensuring that traffic within the same session flows to the same box. For software release purposes, you could have a subdomain like test.craftsy.com and a separate DNS record + ELB.
Q: Can you have a zone apex in Route53 point at multiple ELB's? I assume this is so. (e.g. craftsy.com -> ELB1 (production a), ELB2 (production b)
A: Yes, if you use non-simple routing policy (weighted, latency or failover).
Thursday, July 11, 2013
AWS Networking 101 for Oracle DBAs, Developers and Architects
Oracle DBAs understand TCP/IP and ports as this is how they connect to and manage an Oracle database. However, there is no need to understand other networking constructs such as routing tables, network translation, VPN tunnels, or even a network mask. This blog post will cover networking terminology, AWS networking services and features, and specifics around DNS.
Below are some general network terms and constructions you need to understand when you move to AWS:
1. CIDRs (Classless Inter-Domain Routing) : CIDR is also known as supernetting as it effectively allows multiple subnets to be grouped together for network routing. CIDR specifies an IP address range using a combination of an IP address and its associated network mask. An example is, 192.168.1.0/24. This means that the first three octnets (192, 168, and 1) are fixed and the last octnet is available to use. Therefore, there are 256 IP addresses available to use 192.168.1.0 - 192.168.1.255. CIDRs are used in AWS VPC and security groups.
2. VPN (Virtual Private Network) : Extends a private network across a public network. This allows AWS to be an extension of your corporate network. It also provides security, encryption, and management across your Internet-based connection to AWS.
3. Ipsec : Is a protocol suite for securing IP communications. When you establish a VPN connection to AWS VPC, you create an IPSec tunnel for secure communication over the Internet. More here : http://cloudconclave.blogspot.com/2013/03/getting-started-with-aws-vpc.html
4. Layer 2 and Layer 3 networks : The Internet Protocol (IP) address is a layer 3 address. Layer 3 networks do routing at the IP level. Layer 2 networks operate at the data link layer of the network. Therefore, they use the Media Access Control (MAC) address to determine where to direct the message. AWS is a layer 2 network. The fact AWS is a layer 2 network could impact some of the 3RD party solutions that can run on AWS.
5. Multicast and unicast : Multicast is a true broadcast. The multicast source relies on multicast-enabled routers to forward the packets to all client subnets that have clients listening.Unicast is a one-to one connection between the client and the server. Unicast uses IP delivery methods such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which are session-based protocols. AWS only supports unicast. Some software products (such as Oracle RAC) use multicast so they can not be run on AWS infrastructure.
6. VLAN : A single layer-2 network may be partitioned to create multiple distinct broadcast domains. When using AWS Direct Connect, you can provision virtual interface (VLAN) connections to the AWS cloud, Amazon VPC, or both. You can not extend you data center VLAN into the AWS cloud when using AWS Direct Connect.
7. NAT : Network Address Translation (NAT) is the process of modifying IP address information in IPv4 headers while in transit across a traffic routing device. NAT AWS EC2 instances are used to translate IP addresses in an AWS VPC when instances are in a private subnet and need to communicate with the outside world.
8. SDN : Software-defined networking (SDN) is an approach to computer networking which abstracts the distributed systems, the control plane and the data plane. SDN is similar to what virtual machines have done for compute virtualization. SND is network virtualization.
9. iptables : The Linux iptables are essentially the way an AWS NAT instance does the IP (actually does port routing so AWS NAT is actually a PAT - Port Address Translation).
2. VPN (Virtual Private Network) : Extends a private network across a public network. This allows AWS to be an extension of your corporate network. It also provides security, encryption, and management across your Internet-based connection to AWS.
3. Ipsec : Is a protocol suite for securing IP communications. When you establish a VPN connection to AWS VPC, you create an IPSec tunnel for secure communication over the Internet. More here : http://cloudconclave.blogspot.com/2013/03/getting-started-with-aws-vpc.html
4. Layer 2 and Layer 3 networks : The Internet Protocol (IP) address is a layer 3 address. Layer 3 networks do routing at the IP level. Layer 2 networks operate at the data link layer of the network. Therefore, they use the Media Access Control (MAC) address to determine where to direct the message. AWS is a layer 2 network. The fact AWS is a layer 2 network could impact some of the 3RD party solutions that can run on AWS.
5. Multicast and unicast : Multicast is a true broadcast. The multicast source relies on multicast-enabled routers to forward the packets to all client subnets that have clients listening.Unicast is a one-to one connection between the client and the server. Unicast uses IP delivery methods such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), which are session-based protocols. AWS only supports unicast. Some software products (such as Oracle RAC) use multicast so they can not be run on AWS infrastructure.
6. VLAN : A single layer-2 network may be partitioned to create multiple distinct broadcast domains. When using AWS Direct Connect, you can provision virtual interface (VLAN) connections to the AWS cloud, Amazon VPC, or both. You can not extend you data center VLAN into the AWS cloud when using AWS Direct Connect.
7. NAT : Network Address Translation (NAT) is the process of modifying IP address information in IPv4 headers while in transit across a traffic routing device. NAT AWS EC2 instances are used to translate IP addresses in an AWS VPC when instances are in a private subnet and need to communicate with the outside world.
8. SDN : Software-defined networking (SDN) is an approach to computer networking which abstracts the distributed systems, the control plane and the data plane. SDN is similar to what virtual machines have done for compute virtualization. SND is network virtualization.
9. iptables : The Linux iptables are essentially the way an AWS NAT instance does the IP (actually does port routing so AWS NAT is actually a PAT - Port Address Translation).
10. Overlay networks : An overlay network is a computer network which is built on the top of another network. For example, since the AWS network is a layer 2 network that does not support multi-cast, you cloud place a overlay network on top of the base AWS network that supports multi-cast. Blog post on overlay and SDN : http://cloudconclave.blogspot.com/2013/06/overlay-networks-on-aws.html
11. BGP : Border Gateway BC Protocol (BGP) is the protocol which is used to make core routing decisions on the Internet; it involves a table of IP networks or "prefixes" which designate network reachability among autonomous systems (AS). BGP does dynamic routing and AWS refers to a BGP device as the Customer Gateway when using a VPN connection to AWS VPC.
12. ASA : Cisco ASA is a static routing device. The Cisco ASA device is referred to as the Customer Gateway when using a VPN connection to AWS VPC.
11. BGP : Border Gateway BC Protocol (BGP) is the protocol which is used to make core routing decisions on the Internet; it involves a table of IP networks or "prefixes" which designate network reachability among autonomous systems (AS). BGP does dynamic routing and AWS refers to a BGP device as the Customer Gateway when using a VPN connection to AWS VPC.
12. ASA : Cisco ASA is a static routing device. The Cisco ASA device is referred to as the Customer Gateway when using a VPN connection to AWS VPC.
These are AWS specific services and components:
1. VPC : Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically
isolated section of the Amazon Web Services (AWS) Cloud where you can
launch AWS resources in a virtual network that you define. You have
complete control over your virtual networking environment, including
selection of your own IP address range, creation of subnets, and
configuration of route tables and network gateways.
2. Internet Gateway : The Internet Gateway allows EC2 instances in a VPC communicate with the Internet. When you launch an AWS VPC with a public subnet it comes with an Internet gateway, and instances launched into a public subnet have a public IP address and communicate with the internet using the Internet Gateway.
Instances that you launch into a private subnet do not receive a public IP address, and can't communicate with the Internet. You can enable Internet access for instances that you launch into a private subnet by using a NAT instance.
3. Customer Gateway : A customer gateway is a physical device or software application on your side of the VPN connection. The Customer Gateway is used to create an secure IPsec VPN tunnel to AWS VPC.
4. Virtual Private Gateway A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. The VPG is a service provided by AWS.
5. ENI : An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. ENIs allow an EC2 instance to have more than one IP address. This includes a primary private IP address, one or more secondary private addresses, or an Elastic IP address. You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance. The attributes of a network interface follow the network interface as it is attached or detached from an instance and reattached to another instance. When you move a network interface from one instance to another, network traffic is redirected to the new instance. This is feature is useful for creating a management network, dual homed instances, or security appliances in your VPC.
6. ElasticIP : An Elastic IP address (EIP) is a static public IP address that can be assigned to an EC2 instance or an ENI. A more appropriate name for an EIP may be a Public IP address. With an EIP, you can mask the failure of an instance by rapidly remapping the address to another instance. Your EIP is associated with your AWS account, not a particular instance, and it remains associated with your account until you choose to explicitly release it.
2. Internet Gateway : The Internet Gateway allows EC2 instances in a VPC communicate with the Internet. When you launch an AWS VPC with a public subnet it comes with an Internet gateway, and instances launched into a public subnet have a public IP address and communicate with the internet using the Internet Gateway.
Instances that you launch into a private subnet do not receive a public IP address, and can't communicate with the Internet. You can enable Internet access for instances that you launch into a private subnet by using a NAT instance.
3. Customer Gateway : A customer gateway is a physical device or software application on your side of the VPN connection. The Customer Gateway is used to create an secure IPsec VPN tunnel to AWS VPC.
4. Virtual Private Gateway A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. The VPG is a service provided by AWS.
5. ENI : An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. ENIs allow an EC2 instance to have more than one IP address. This includes a primary private IP address, one or more secondary private addresses, or an Elastic IP address. You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance. The attributes of a network interface follow the network interface as it is attached or detached from an instance and reattached to another instance. When you move a network interface from one instance to another, network traffic is redirected to the new instance. This is feature is useful for creating a management network, dual homed instances, or security appliances in your VPC.
6. ElasticIP : An Elastic IP address (EIP) is a static public IP address that can be assigned to an EC2 instance or an ENI. A more appropriate name for an EIP may be a Public IP address. With an EIP, you can mask the failure of an instance by rapidly remapping the address to another instance. Your EIP is associated with your AWS account, not a particular instance, and it remains associated with your account until you choose to explicitly release it.
There's one pool of EIPs for use with the EC2-Classic platform and
another for use with your VPC. You can't associate an EIP that you allocated for use with a VPC
with an instance in EC2-Classic, and vice-versa.
7. Public and Private Subnet : A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. Use a public subnet for resources that must be connected to the Internet, and a private subnet for resources that won't be connected to the Internet. instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet can't. The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can't.More on public and private subnets can be found here: http://cloudconclave.blogspot.com/2013/05/aws-vpc-public-and-private-subnets.html
7. Public and Private Subnet : A subnet is a range of IP addresses in your VPC. You can launch AWS resources into a subnet that you select. Use a public subnet for resources that must be connected to the Internet, and a private subnet for resources that won't be connected to the Internet. instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet can't. The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can't.More on public and private subnets can be found here: http://cloudconclave.blogspot.com/2013/05/aws-vpc-public-and-private-subnets.html
8. NAT Instances : Instances that you launch into a private subnet in a virtual private cloud (VPC) can't
communicate with the Internet.
You can optionally use a network address translation (NAT) instance in a public subnet in your VPC to enable
instances in the private subnet to initiate outbound traffic to the Internet, but prevent the instances from
receiving inbound traffic initiated by someone on the Internet.
9. Route 53 : Amazon Route 53 is a Domain Name System (DNS) web service. More on Route 53 can be found here: http://cloudconclave.blogspot.com/2013/05/routing-53-as-your-dns-service.html. Route 53 resolves an IP address to a domain name.
10. Direct Connect : Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. Direct Connect has speeds of 1 Gbps or 10 Gbps. When companies are extending their Oracle solutions into the cloud, they often times chose to use Direct Connect as Internet speeds are not fast enough. More on Direct Connect http://cloudconclave.blogspot.com/2013/06/aws-direct-connect-active-active-with.html and http://cloudconclave.blogspot.com/2013/06/aws-vpn-connection-as-direct-connect.html. Direct Connect also refers to a facility that is next to an AWS data center that can be used to host third party hardware and software solutions such as Oracle RAC. More on this here: http://cloudconclave.blogspot.com/2013/06/oracle-rac-on-aws.html
11. CloudFront : CloudFront is an edge location content delivery service. It is mostly used to deliver static content such as web sites, documents, videos, pictures etc. However, it can also be used for dynamic content.
9. Route 53 : Amazon Route 53 is a Domain Name System (DNS) web service. More on Route 53 can be found here: http://cloudconclave.blogspot.com/2013/05/routing-53-as-your-dns-service.html. Route 53 resolves an IP address to a domain name.
10. Direct Connect : Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. Direct Connect has speeds of 1 Gbps or 10 Gbps. When companies are extending their Oracle solutions into the cloud, they often times chose to use Direct Connect as Internet speeds are not fast enough. More on Direct Connect http://cloudconclave.blogspot.com/2013/06/aws-direct-connect-active-active-with.html and http://cloudconclave.blogspot.com/2013/06/aws-vpn-connection-as-direct-connect.html. Direct Connect also refers to a facility that is next to an AWS data center that can be used to host third party hardware and software solutions such as Oracle RAC. More on this here: http://cloudconclave.blogspot.com/2013/06/oracle-rac-on-aws.html
11. CloudFront : CloudFront is an edge location content delivery service. It is mostly used to deliver static content such as web sites, documents, videos, pictures etc. However, it can also be used for dynamic content.
Specific to Route 53 (the AWS DNS Hosting Service):http://cloudconclave.blogspot.com/2013/05/routing-53-as-your-dns-service.html
1. DNS hosting service : A DNS hosting service is a service that runs Domain Name System servers.
1. DNS hosting service : A DNS hosting service is a service that runs Domain Name System servers.
2. A records : An A record (Address Record) points a domain or subdomain to an IP address.
3. Zone apex record : I sometimes called the root domain or naked domain. The apex record would be domainname.com without a www or any another prefix.
4. Cname : A CNAME (Canonical Name) points one domain or subdomain to another
domain name, allowing you to update one A Record each time you make a
change, regardless of how many Host Records need to resolve to that IP
address.
5. Alias records : Route 53 offers ‘Alias’ records (a Route 53-specific virtual record). Alias records are used to map resource record sets in your hosted zone to Elastic Load Balancing load balancers, CloudFront distributions, or S3 buckets that are configured as websites. Alias records work like a CNAME record in that you can map one DNS name (example.com) to another ‘target’ DNS name (elb1234.elb.amazonaws.com). They differ from a CNAME record in that they are not visible to resolvers. Resolvers only see the A record and the resulting IP address of the target record.
Security also plays a key role when configuring a network on AWS. More on security can be found here: http://cloudconclave.blogspot.com/2013/07/aws-security-101-for-oracle-dbas.html
5. Alias records : Route 53 offers ‘Alias’ records (a Route 53-specific virtual record). Alias records are used to map resource record sets in your hosted zone to Elastic Load Balancing load balancers, CloudFront distributions, or S3 buckets that are configured as websites. Alias records work like a CNAME record in that you can map one DNS name (example.com) to another ‘target’ DNS name (elb1234.elb.amazonaws.com). They differ from a CNAME record in that they are not visible to resolvers. Resolvers only see the A record and the resulting IP address of the target record.
Security also plays a key role when configuring a network on AWS. More on security can be found here: http://cloudconclave.blogspot.com/2013/07/aws-security-101-for-oracle-dbas.html
Monday, May 13, 2013
Determining Domain Name System (DNS) name server
When setting up a CDN (like AWS CloudFront), you will want to determine if your web site is really being served from CloudFront you can use the following command:
-dig www.pearson.aws.migrating2cloud.com
-dig www.pearson.aws.migrating2cloud.com
Thursday, May 2, 2013
Route 53 as your DNS service
Navigate to your Route 53 service.
1. Go the Hosted zones page and Click the “Create Hosted Zone” button. Type in any hosted zone name. For example, saponaws.com
1. Go the Hosted zones page and Click the “Create Hosted Zone” button. Type in any hosted zone name. For example, saponaws.com
2. After zone is created you will see a page that includes the four domain name services (aka the delegation set). Select the Delegation set to place
into your domain details for your domain on godaddy (in this case saponaws.com)
3.Go to your domain name registry (in this case
godaddy) and launch (godaddy terminology) your domain name to set your
Nameservers. Use the four name services/delegation
set retrieved in step 2.
4.Go to your web site: saponaws.com. Two issues:
DNS has not been propagated to the servers on the internet and your domain does not point to anything on Route
53. Let’s take care of the second issue.
5. Go to create record set for the hosted domain
saponaws.com. Create the record set and
point it to your elastic ip, elastic load balancer, or S3 bucket. In this case, I will use an elastic IP. This means I have no automatic HA for my web site. If my EC2 instances goes down, I my web site goes down. I should either but my web site on S3 (static web pages only) or use an ELB. I could even point my web site to a private EC2 instance IP. This would be even less resilient than using an elastic IP.
6. Test the web site again. It will not come up until all internet
routing tables have been propagated. This can take a couple hours.
Subscribe to:
Comments (Atom)