Amayon Vpc From Different Regions

For AWS newbie vpc peering works only from vpc in the same region, you can connect different vpc belong to different accounts but ONLY IF they are in the same region.

I have read many articles from different website and I can split this page with 3 kind of solutions.

A. Articles with solutions with Single point of faiure

A.1 CloudAcademy

A2. FortyCloud

B. Articles with single single point of failures but with some ideas to implement HA

B1. From Amazon blog

There are 2 interesting articles with single point of failure and some ideas not so much clear to how extend HA

  1. Connecting Multiple VPCs with EC2 Instances (SSL) https://aws.amazon.com/articles/0639686206802544 the configuration using openssl and linux ami
  2. Connecting Multiple VPCs with EC2 Instances (IPSec) https://aws.amazon.com/articles/5472675506466066 there is the same solution of the previous point but using the ipsec protocol

C. Good articles with possible HA implementations

C.1 FortyCloud

the same company sponsor their solution to buy http://fortycloud.com/solution-overview/
At the moment they have 1 product Cloud Network Firewall on the marketplace https://aws.amazon.com/marketplace/seller-profile/ref=dtl_pcp_sold_by?ie=UTF8&id=2b9c97d3-34b1-457d-9057-bf14be37be40 with 3 different types Business Edition, Enterprise Ediction and BYOL
From this datasheet http://fortycloud.com/wp-content/uploads/2016/01/FC_AWS_Datasheet.pdf if we ignore the markeing bullshit seems to have interesting:

  • webconsole
  • api engine
  • active directory and radius integration
  • HA , it is written "with its single and dual gateway ha setups forty cloud provides fast and automatic recovery"
  • connect multiple regions there is some number limits
  • connect users

not all the features are available in all the licenses

C.2 Rackspace AWS consulting

There is a very good architecture analysis in 3 pages

  1. http://blog.rackspace.com/how-to-build-fault-tolerant-cross-region-aws-virtual-private-cloud-communication-part-1-setup
  2. http://blog.rackspace.com/build-fault-tolerant-cross-region-aws-virtual-private-cloud-communication-part-2-monitoring
  3. http://blog.rackspace.com/part-3-how-to-build-fault-tolerant-cross-region-aws-virtual-private-cloud-communication

It describe the 3 possible architectures

  1. based on installation of ec2 instances , you can see in the section A and B of the article
  2. based on AWS VPN service and your corporate router.
  3. based on vpn service in one region and a ec2 vpn machines on the other region

to use the rackspace solution provided you can use this guide for the routing part

  • Software Astaro and AWS VPN service (see D1 section below)

https://aws.amazon.com/articles/1909971399457482

C.3 Cisco Solution

C.4 PSense Netgate

it seems to have HA

D implementation

D1. Astaro testing

I successfully implemented the Astaro solution following the article https://aws.amazon.com/articles/1909971399457482
There are only two small changes to keep in mind to avoid to waste time

OLDCONFIG.jpg
generic.jpg
  • when you add a firewall rules you need to enable later has look this image, otherwise will not work
astaro%20firewall.jpg
Salvo diversa indicazione, il contenuto di questa pagina è sotto licenza Creative Commons Attribution-ShareAlike 3.0 License