let say I wanted to connect my IBM cloud to an aws vpc so that you could talk to machines on both ends via private IPs. I know you'd have to deal with routing and what not, but how would one do that? Would you have to use a virtual private gateway or something?
Use a software VPN appliance to join the two networks.
This will involve running VPN software, such as Openswan, in publicly-accessible subnets of both networks.
Alternatively, you could use an Amazon VPC virtual gateway on one end and a software appliance on the other end.
See the Software VPN section of this whitepaper for some examples: Amazon VPC Connectivity Options
Related
I have a need to connect instances in GCP to an on-premise network through a NAT gateway but apparently this isn't supported by Cloud NAT. Would be happy to hear some suggestions on how this requirement can be implemented.
To give a bit more context:
There will be a cloud interconnect set up however there is a requirement to not have to negotiate IP ranges between on-prem and GCP hence the requirement for the NAT.
Essentially, I need something that achieves the same effect as AWS' private NAT gateway (see https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html)
Cloud NAT service is not intended to allow communication between on-premises network and GCP resources, it just handles the inbound and outbound Address Translations in GCP, as stated in the following document [1].
What you are looking for, is to implement Cloud VPN, which is in fact a GCP service designed to allow communication between on-premises networks and GCP resources, here you can find a complete documentation on how it works and the different modes that can be implemented [2].
Now, for the part about the NAT gateway; if your device cannot create IPsec VPNs, then you would need to add a device acting as a VPN gateway in between first. In that case, you would end up with an architecture like this:
[1] https://cloud.google.com/nat/docs/overview
[2] https://cloud.google.com/network-connectivity/docs/vpn/concepts/overview
I looked for in the documentation in the official AWS page to find out what are the differences between Amazon Connect, Amazon Direct Connection, AWS Managed VPN and Amazon Connect . Each time I get the question with this 4 options i am not sure which one should i use. Could anyone give me advice how to easily distinguish how to recognise correct use of this services ?
Amazon Connect
This is very different to either of the other services, it is a service that operates as a Cloud based call centre replacing on-premise software solutions that would have done this in the past.
Amazon Managed VPN
A VPN (otherwise known a virtual private network) allows a connection to be established over the internet to your AWS VPC(s). AWS has 2 versions of this, a site-to-site VPN and a client VPN.
The site-to-site VPN offers a fixed VPN connection between your AWS VPC and an on-premise location. This will require a static IP to maintain the connection, with all traffic routed over the public internet via IPSec and IKE.
The client VPN is similar to the site-to-site but will allow the client connection from anywhere. Using OpenVPN software you establish the connection with AWS which is maintained for as long as the connection is alive. This again uses the internet for all communication.
Direct Connect
With Direct Connect you can maintain a dedicated connection between AWS and your on-premise. This means you will no longer be using the public internet to connect which improves the performance between your on-premise and AWS. It supports both connections to VPC and connections to the public services of AWS (those not in a VPC such as S3 and DynamoDB).
There are a range of network speeds to choose from upto 10GB, to establish this it has specific hardware requirements and will require the hardware to be hosted at a authorized site. Alternatively you can use a hosted connection from a partner who will provide this hardware for you.
I have done a clean sweep of AWS docs but couldn't find answer to my scenario. I'm looking for a solution wherein I will have private connectivity(no data flows through Internet but within AWS network) between my two VPCs and VPC to On-premise connectivity. I'm aware of AWS PrivateLink and Direct Connect but they have some limitations e.g. a RDS Instance cannot be exposed as an Endpoint service to be consumed and things like that.
Is there any way I can achieve the above ?
AWS Transit Gateway allows you to setup direct networking between VPCs and your on premises environment. It supports both VPN and Direct Connect for the on premises leg of the connection.
https://aws.amazon.com/transit-gateway/
I have some question about setup VPN tunnel between Cloud VPN and on-premises internal network.
In GCP side, I have a flex app engine application running on my custom VPC and would like to connect to the device that sitting on-premises internal network.
To my understanding, the Cloud VPN with VPN tunnel should work. but I have no idea what kind of hardware I need to build the on-premises VPN gateway, so it can communicate with the app engine through the Cloud VPN.
The on-premises internal network is access public internet through its own router provided from the ISP.
Any hardware recommendations or ways to make sure it works with Cloud VPN? or any experiences with a similar case.
Thanks in advance!
You can accomplish an App Engine app reaching into an on-premise network by establishing a VPN.
The simplest solution is to create a VPN network between the on-premise network and the projects' VPC network where the app engine flex is located.
Now, answering your question about the HW, that you can use for VPN establishment, let me share public Google documentation about some vendors, that you can use for VPN to GCP:
With Classic VPN, your on-premises hosts communicate through one or more IPsec VPN tunnels to Compute Engine Virtual Machine (VM) instances in your project's VPC networks.
Interop-guides[https://cloud.google.com/vpn/docs/how-to/interop-guides]
classic-topologies for[https://cloud.google.com/vpn/docs/concepts/classic-topologies]
Best Regards.
Can someone help me understand the basic difference between AWS direct connect and VPC peering.
AWS VPC Peering is connection between two AWS VPC networks (even between accounts) . Easy as that. https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html
AWS Direct Connect is used to connect on-premise datacenter through dedicated line (you can imagine it as private internet). As far I understod AWS has separate connections to number of partner providers around their datacenters.
https://aws.amazon.com/directconnect/partners/