Contents

  1. Acknowledgments
  2. About the Authors
  3. Foreword
  4. Introduction
    1. What Does this Book Cover?
    2. Interactive Online Learning Environment and Test Bank
    3. Exam Objectives
    4. Objective Map
  5. Assessment Test
  6. Answers to Assessment Test
  7. Chapter 1 Introduction to Advanced Networking
    1. AWS Global Infrastructure
    2. Amazon Virtual Private Cloud
    3. AWS Networking Services
    4. Summary
    5. Resources to Review
    6. Exam Essentials
    7. Exercise
    8. Review Questions
  8. Chapter 2 Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals
    1. Introduction to Amazon Virtual Private Cloud (Amazon VPC)
    2. Subnets
    3. Route Tables
    4. IP Addressing
    5. Security Groups
    6. Network Access Control Lists (ACLs)
    7. Internet Gateways
    8. Network Address Translation (NAT) Instances and NAT Gateways
    9. Egress-Only Internet Gateways (EIGWs)
    10. Virtual Private Gateways (VGWs), Customer Gateways, and Virtual Private Networks (VPNs)
    11. VPC Endpoints
    12. VPC Peering
    13. Placement Groups
    14. Elastic Network Interfaces
    15. Dynamic Host Configuration Protocol (DHCP) Option Sets
    16. Amazon Domain Name Service (DNS) Server
    17. VPC Flow Logs
    18. Summary
    19. Resources to Review
    20. Exam Essentials
    21. Exercises
    22. Review Questions
  9. Chapter 3 Advanced Amazon Virtual Private Cloud (Amazon VPC)
    1. VPC Endpoints
    2. VPC Endpoint Overview
    3. Gateway VPC Endpoints
    4. Interface VPC Endpoints
    5. Transitive Routing
    6. IP Addressing Features
    7. Summary
    8. Exam Essentials
    9. Resources to Review
    10. Exercises
    11. Review Questions
  10. Chapter 4 Virtual Private Networks
    1. Introduction to Virtual Private Networks
    2. Site-to-Site VPN
    3. Client-to-Site VPN
    4. Design Patterns
    5. Summary
    6. Resources to Review
    7. Exercises
    8. Review Questions
  11. Chapter 5 AWS Direct Connect
    1. What Is AWS Direct Connect?
    2. Physical Connectivity
    3. Logical Connectivity
    4. Resilient Connectivity
    5. Billing
    6. Summary
    7. Exam Essentials
    8. Resources to Review
    9. Exercises
    10. Review Questions
  12. Chapter 6 Domain Name System and Load Balancing
    1. Introduction to Domain Name System and Load Balancing
    2. Domain Name System
    3. Amazon EC2 DNS Service
    4. Amazon Route 53
    5. Elastic Load Balancing
    6. Summary
    7. Exam Essentials
    8. Resources to Review
    9. Exercises
    10. Review Questions
  13. Chapter 7 Amazon CloudFront
    1. Introduction to Amazon CloudFront
    2. Content Delivery Network Overview
    3. The AWS CDN: Amazon CloudFront
    4. Summary
    5. Exam Essentials
    6. Resources to Review
    7. Exercises
    8. Review Questions
  14. Chapter 8 Network Security
    1. Governance
    2. Data Flow Security
    3. AWS Security Services
    4. Detection and Response
    5. Summary
    6. Resources to Review
    7. Exam Essentials
    8. Exercises
    9. Review Questions
  15. Chapter 9 Network Performance
    1. Network Performance Basics
    2. Amazon Elastic Compute Cloud (Amazon EC2) Instance Networking Features
    3. Optimizing Performance
    4. Example Applications
    5. Performance Testing
    6. Summary
    7. Resources to Review
    8. Exam Essentials
    9. Exercises
    10. Review Questions
  16. Chapter 10 Automation
    1. Introduction to Network Automation
    2. Infrastructure as Code
    3. Network Monitoring Tools
    4. Summary
    5. Exam Essentials
    6. Resources to Review
    7. Exercises
    8. Review Questions
  17. Chapter 11 Service Requirements
    1. Introduction to Service Requirements
    2. The Elastic Network Interface
    3. AWS Cloud Services and Their Network Requirements
    4. Amazon EMR
    5. Amazon Relational Database Service (Amazon RDS)
    6. AWS Database Migration Service (AWS DMS)
    7. Amazon Redshift
    8. AWS Glue
    9. AWS Elastic Beanstalk
    10. Summary
    11. Exam Essentials
    12. Resources to Review
    13. Exercises
    14. Review Questions
  18. Chapter 12 Hybrid Architectures
    1. Introduction to Hybrid Architectures
    2. Application Architectures
    3. Access VPC Endpoints and Customer-Hosted Endpoints over AWS Direct Connect
    4. Use of Transitive Routing in Hybrid IT
    5. Summary
    6. Exam Essentials
    7. Resources to Review
    8. Exercises
    9. Review Questions
  19. Chapter 13 Network Troubleshooting
    1. Introduction to Network Troubleshooting
    2. Methodology for Troubleshooting
    3. Network Troubleshooting Tools
    4. Troubleshooting Common Scenarios
    5. Summary
    6. Exam Essentials
    7. Resources to Review
    8. Exercises
    9. Review Questions
  20. Chapter 14 Billing
    1. Billing Overview
    2. Summary
    3. Exam Essentials
    4. Resources to Review
    5. Exercises
    6. Review Questions
  21. Chapter 15 Risk and Compliance
    1. It All Begins with Threat Modeling
    2. Ownership Model and the Role of Network Management
    3. Controlling Access to AWS
    4. Encryption Options
    5. Network Activity Monitoring
    6. Malicious Activity Detection
    7. Penetration Testing and Vulnerability Assessment
    8. Summary
    9. Exam Essentials
    10. Resources to Review
    11. Exercises
    12. Review Questions
  22. Chapter 16 Scenarios and Reference Architectures
    1. Introduction to Scenarios and Reference Architectures
    2. Hybrid Networking Scenario
    3. Multi-Location Resiliency
    4. Summary
    5. Resources to Review
    6. Exam Essentials
    7. Exercises
    8. Review Questions
  23. Appendix Answers to Review Questions
    1. Chapter 1: Introduction to Advanced Networking
    2. Chapter 2: Amazon Virtual Private Cloud (Amazon VPC) and Networking Fundamentals
    3. Chapter 3: Advanced Amazon Virtual Private Cloud (Amazon VPC)
    4. Chapter 4: Virtual Private Networks
    5. Chapter 5: AWS Direct Connect
    6. Chapter 6: Domain Name System and Load Balancing
    7. Chapter 7: Amazon CloudFront
    8. Chapter 8: Network Security
    9. Chapter 9: Network Performance
    10. Chapter 10: Automation
    11. Chapter 11: Service Requirements
    12. Chapter 12: Hybrid Architectures
    13. Chapter 13: Network Troubleshooting
    14. Chapter 14: Billing
    15. Chapter 15: Risk and Compliance
    16. Chapter 16: Scenarios and Reference Architectures
  24. Advert
  25. EULA

List of Tables

  1. Chapter 2
    1. TABLE 2.1
    2. TABLE 2.2
    3. TABLE 2.3
    4. TABLE 2.4
    5. TABLE 2.5
    6. TABLE 2.6
    7. TABLE 2.7
  2. Chapter 3
    1. TABLE 3.1
  3. Chapter 6
    1. TABLE 6.1
    2. TABLE 6.2
  4. Chapter 9
    1. TABLE 9.1
    2. TABLE 9.2
    3. TABLE 9.3
  5. Chapter 13
    1. TABLE 13.1

List of Illustrations

  1. Chapter 1
    1. FIGURE 1.1 AWS global infrastructure
    2. FIGURE 1.2 Overview of the AWS service locations
  2. Chapter 2
    1. FIGURE 2.1 VPC, subnets, and a route table
    2. FIGURE 2.2 Subnet identifier
    3. FIGURE 2.3 Public, private, and VPC-only subnets
    4. FIGURE 2.4 48-bit MAC to 64-bit modified EUI-64
    5. FIGURE 2.5 VPC, subnet, route table, and Internet gateway
    6. FIGURE 2.6 Egress-Only Internet gateway
    7. FIGURE 2.7 VPC with a VPN connection to a customer network
    8. FIGURE 2.8 Route table for a VPC endpoint
    9. FIGURE 2.9 VPC peering connections do not support transitive routing
  3. Chapter 3
    1. FIGURE 3.1 Amazon S3 endpoint
    2. FIGURE 3.2 A proxy fleet is configured to access an Amazon S3 endpoint over AWS VPN.
    3. FIGURE 3.3 An Amazon Kinesis endpoint interface is created using AWS PrivateLink.
    4. FIGURE 3.4 An endpoint service is created from the service provider VPC to the service consumer VPC. An interface endpoint is created in the service consumer VPC.
    5. FIGURE 3.5 A shared service uses a Network Load Balancer and AWS PrivateLink to provide endpoint services into spoke VPCs.
    6. FIGURE 3.6 An example of adding a CIDR range to an existing VPC. New subnets can use the new CIDR addresses.
  4. Chapter 4
    1. FIGURE 4.1 VPN termination at VGW
    2. FIGURE 4.2 VGW HA endpoints
    3. FIGURE 4.3 Avoiding asymmetric routing by using BGP parameters
    4. FIGURE 4.4 AWS VPN CloudHub functionality
    5. FIGURE 4.5 Graphical representation of VPN metrics in the Amazon CloudWatch dashboard
    6. FIGURE 4.6 VPN termination in an Amazon EC2 instance
    7. FIGURE 4.7 High availability when terminating VPN on an Amazon EC2 instance
    8. FIGURE 4.8 High availability when terminating VPN on an Amazon EC2 instance—automated failover
    9. FIGURE 4.9 AWS Marketplace
    10. FIGURE 4.10 Vertical scaling with load balancing—single Availability Zone
    11. FIGURE 4.11 Vertical scaling with load balancing—multiple Availability Zones
    12. FIGURE 4.12 Horizontal Scaling based on VPC Subnets
    13. FIGURE 4.13 Horizontal Scaling based on destination prefix
    14. FIGURE 4.14 Customer gateway
    15. FIGURE 4.15 Customer gateway high availability
    16. FIGURE 4.16 Client-to-site VPN
    17. FIGURE 4.17 Transitive routing
    18. FIGURE 4.18 Enabling transitive routing in AWS
  5. Chapter 5
    1. FIGURE 5.1 Physical components of AWS Direct Connect
    2. FIGURE 5.2 Direct Connect Gateway
    3. FIGURE 5.3 Single connection with VPN backup
    4. FIGURE 5.4 Dual connections: single location—VPN backup
    5. FIGURE 5.5 Single connections: dual locations—VPN Backup
    6. FIGURE 5.6 VPN over Direct Connect public VIF
    7. FIGURE 5.7 Transit VPC with detached VGW
  6. Chapter 6
    1. FIGURE 6.1 FQDN components
    2. FIGURE 6.2 NAT at the VPC Internet gateway
    3. FIGURE 6.3 Amazon EC2 DNS instance acting as resolver and forwarder
    4. FIGURE 6.4 Amazon EC2 DNS instances with segregated resolver and forwarder
    5. FIGURE 6.5 Amazon Route 53 traffic flow—an example traffic policy
    6. FIGURE 6.6 Amazon Route 53 health checking
    7. FIGURE 6.7 Classic Load Balancer
    8. FIGURE 6.8 Application Load Balancer
    9. FIGURE 6.9 Network Load Balancer
    10. FIGURE 6.10 ELB sandwich
  7. Chapter 7
    1. FIGURE 7.1 Configuring your Amazon CloudFront distribution
    2. FIGURE 7.2 Amazon CloudFront content delivery
    3. FIGURE 7.3 Amazon CloudFront content delivery
    4. FIGURE 7.4 Streaming distributions, web, and RTMP
  8. Chapter 8
    1. FIGURE 8.1 Templates and stacks
    2. FIGURE 8.2 AWS Service Catalog workflow
    3. FIGURE 8.3 Shuffle sharding
    4. FIGURE 8.4 Web ACLs, rules, and conditions
    5. FIGURE 8.5 VPN over Public VIF
    6. FIGURE 8.6 VPN over Private Virtual Interface
    7. FIGURE 8.7 Shared responsibility model
    8. FIGURE 8.8 SSH login attempts overview
    9. FIGURE 8.9 Network traffic analysis overview
    10. FIGURE 8.10 IP reputation overview
  9. Chapter 10
    1. FIGURE 10.1 Minimal VPC with a single public subnet
    2. FIGURE 10.2 The stack state in the AWS Management Console when the stack has been rolled back
    3. FIGURE 10.3 The stack events showing the route failed to create because it could not reference the Internet gateway
    4. FIGURE 10.4 Parameters for the single public subnet template with the Availability Zone drop-down menu
    5. FIGURE 10.5 Creating a change set for an existing stack
    6. FIGURE 10.6 Examining the changes that would result by narrowing the CIDR range
    7. FIGURE 10.7 A VPC with a private subnet connected to an on-premises network via a VPN.
    8. FIGURE 10.8 AWS CodePipeline continuous deployment example
    9. FIGURE 10.9 Amazon CloudWatch graph showing standard VPN metrics
    10. FIGURE 10.10 Amazon CloudWatch custom metrics showing packet loss to three different hosts
    11. FIGURE 10.11 Amazon CloudWatch dashboard for a VPN connection
    12. FIGURE 10.12 Creating an alarm for a custom packet loss metric
    13. FIGURE 10.13 The format of the received alarm over SMS (left) and email (right)
  10. Chapter 12
    1. FIGURE 12.1 Hybrid web application using AWS Load Balancing
    2. FIGURE 12.2 Hybrid web application using DNS and AWS load balancing
    3. FIGURE 12.3 Hybrid Active Directory setup
    4. FIGURE 12.4 Quality of Service implementation
    5. FIGURE 12.5 AWS CodeDeploy endpoint access over public VIF
    6. FIGURE 12.6 Using AWS Direct Connect and VPN for Amazon WorkSpaces connectivity
    7. FIGURE 12.7 Accessing Amazon S3 over AWS Direct Connect private VIF
    8. FIGURE 12.8 VPN to VGW over AWS Direct Connect public VIF
    9. FIGURE 12.9 VPN to Amazon EC2 instance over AWS Direct Connect private VIF
    10. FIGURE 12.10 Isolating routing domains using VRF
    11. FIGURE 12.11 VPN to Amazon EC2 over AWS Direct Connect public VIF
    12. FIGURE 12.12 Transit VPC architecture
    13. FIGURE 12.13 VPC peering vs. transit VPC for spoke-to-spoke communication
    14. FIGURE 12.14 Transit VPC vs. AWS Direct Connect Gateway for hybrid traffic
    15. FIGURE 12.15 Transit VPC vs. AWS Direct Connect Gateway for hybrid traffic
    16. FIGURE 12.16 Detached VGW vs. on-premises initiated VPN
    17. FIGURE 12.17 Global transit VPC
    18. FIGURE 12.18 Global transit VPC with regional transit hub
  11. Chapter 14
    1. FIGURE 14.1 Scenario 1
    2. FIGURE 14.2 Scenario 2
    3. FIGURE 14.3 Scenario 3
    4. FIGURE 14.4 Scenario 4
    5. FIGURE 14.5 Scenario 5
    6. FIGURE 14.6 Scenario 6
  12. Chapter 15
    1. FIGURE 15.1 Policy evaluation decision flow
    2. FIGURE 15.2 Rotated plot of Amazon VPC flow logs: time/destination port/activity
  13. Chapter 16
    1. FIGURE 16.1 Current application network design
    2. FIGURE 16.2 Web and application server network design
    3. FIGURE 16.3 Regional availability
    4. FIGURE 16.4 Multi-regional resiliency
    5. FIGURE 16.5 Multi-region disaster planning

Guide

  1. Cover
  2. Table of Contents
  3. Introduction

Pages

  1. vii
  2. ix
  3. x
  4. xi
  5. xxxiii
  6. xxxiv
  7. xxxv
  8. xxxvii
  9. xxxviii
  10. xxxix
  11. xl
  12. xli
  13. xlii
  14. xliii
  15. xliv
  16. xlv
  17. xlvi
  18. xlvii
  19. xlviii
  20. xlix
  21. l
  22. li
  23. 1
  24. 2
  25. 3
  26. 4
  27. 5
  28. 6
  29. 7
  30. 8
  31. 9
  32. 10
  33. 11
  34. 12
  35. 13
  36. 14
  37. 15
  38. 16
  39. 17
  40. 18
  41. 19
  42. 20
  43. 21
  44. 23
  45. 24
  46. 25
  47. 26
  48. 27
  49. 28
  50. 29
  51. 30
  52. 31
  53. 33
  54. 34
  55. 35
  56. 36
  57. 37
  58. 38
  59. 39
  60. 40
  61. 41
  62. 42
  63. 43
  64. 44
  65. 46
  66. 47
  67. 48
  68. 49
  69. 50
  70. 51
  71. 52
  72. 53
  73. 54
  74. 55
  75. 56
  76. 57
  77. 58
  78. 59
  79. 60
  80. 61
  81. 62
  82. 63
  83. 64
  84. 65
  85. 66
  86. 67
  87. 68
  88. 69
  89. 70
  90. 71
  91. 72
  92. 73
  93. 74
  94. 75
  95. 76
  96. 77
  97. 78
  98. 79
  99. 80
  100. 81
  101. 82
  102. 83
  103. 84
  104. 85
  105. 86
  106. 87
  107. 88
  108. 89
  109. 90
  110. 91
  111. 92
  112. 93
  113. 94
  114. 95
  115. 96
  116. 97
  117. 98
  118. 99
  119. 100
  120. 101
  121. 102
  122. 103
  123. 104
  124. 105
  125. 106
  126. 107
  127. 108
  128. 109
  129. 111
  130. 112
  131. 113
  132. 114
  133. 115
  134. 116
  135. 117
  136. 118
  137. 119
  138. 120
  139. 121
  140. 122
  141. 123
  142. 124
  143. 125
  144. 126
  145. 127
  146. 129
  147. 130
  148. 131
  149. 132
  150. 133
  151. 134
  152. 135
  153. 136
  154. 137
  155. 138
  156. 139
  157. 140
  158. 141
  159. 142
  160. 144
  161. 145
  162. 146
  163. 147
  164. 148
  165. 149
  166. 150
  167. 151
  168. 152
  169. 153
  170. 154
  171. 155
  172. 156
  173. 157
  174. 158
  175. 159
  176. 160
  177. 161
  178. 162
  179. 163
  180. 164
  181. 165
  182. 166
  183. 167
  184. 168
  185. 169
  186. 170
  187. 171
  188. 172
  189. 173
  190. 174
  191. 175
  192. 176
  193. 177
  194. 178
  195. 179
  196. 180
  197. 181
  198. 182
  199. 184
  200. 185
  201. 186
  202. 187
  203. 188
  204. 189
  205. 190
  206. 191
  207. 192
  208. 193
  209. 194
  210. 195
  211. 196
  212. 197
  213. 198
  214. 199
  215. 200
  216. 201
  217. 202
  218. 203
  219. 204
  220. 205
  221. 206
  222. 207
  223. 208
  224. 209
  225. 210
  226. 211
  227. 212
  228. 213
  229. 215
  230. 216
  231. 217
  232. 218
  233. 219
  234. 220
  235. 221
  236. 222
  237. 223
  238. 224
  239. 225
  240. 226
  241. 227
  242. 228
  243. 229
  244. 230
  245. 231
  246. 233
  247. 234
  248. 235
  249. 236
  250. 237
  251. 238
  252. 239
  253. 240
  254. 241
  255. 242
  256. 243
  257. 244
  258. 245
  259. 246
  260. 247
  261. 248
  262. 249
  263. 250
  264. 251
  265. 252
  266. 253
  267. 254
  268. 255
  269. 256
  270. 257
  271. 258
  272. 259
  273. 260
  274. 261
  275. 262
  276. 263
  277. 264
  278. 265
  279. 266
  280. 267
  281. 268
  282. 269
  283. 270
  284. 271
  285. 273
  286. 274
  287. 275
  288. 276
  289. 277
  290. 278
  291. 279
  292. 280
  293. 281
  294. 282
  295. 283
  296. 284
  297. 285
  298. 286
  299. 287
  300. 288
  301. 289
  302. 290
  303. 291
  304. 292
  305. 293
  306. 294
  307. 295
  308. 296
  309. 297
  310. 298
  311. 299
  312. 300
  313. 301
  314. 302
  315. 303
  316. 304
  317. 305
  318. 306
  319. 307
  320. 308
  321. 309
  322. 310
  323. 311
  324. 312
  325. 313
  326. 314
  327. 315
  328. 316
  329. 317
  330. 318
  331. 319
  332. 320
  333. 321
  334. 322
  335. 323
  336. 324
  337. 325
  338. 326
  339. 327
  340. 328
  341. 330
  342. 331
  343. 332
  344. 333
  345. 334
  346. 335
  347. 336
  348. 337
  349. 338
  350. 339
  351. 340
  352. 341
  353. 342
  354. 343
  355. 345
  356. 346
  357. 347
  358. 348
  359. 349
  360. 350
  361. 351
  362. 352
  363. 353
  364. 354
  365. 355
  366. 356
  367. 357
  368. 358
  369. 359
  370. 360
  371. 361
  372. 362
  373. 363
  374. 364
  375. 365
  376. 366
  377. 367
  378. 368
  379. 369
  380. 370
  381. 371
  382. 372
  383. 373
  384. 374
  385. 375
  386. 376
  387. 377
  388. 378
  389. 379
  390. 380
  391. 381
  392. 382
  393. 384
  394. 385
  395. 386
  396. 387
  397. 388
  398. 389
  399. 390
  400. 391
  401. 392
  402. 393
  403. 394
  404. 395
  405. 396
  406. 397
  407. 398
  408. 399
  409. 400
  410. 401
  411. 402
  412. 403
  413. 404
  414. 405
  415. 406
  416. 407
  417. 408
  418. 409
  419. 410
  420. 411
  421. 412
  422. 413
  423. 414
  424. 415
  425. 416
  426. 417
  427. 419
  428. 420
  429. 421
  430. 422
  431. 423
  432. 424
  433. 425
  434. 427
  435. 429
  436. 430
  437. 431
  438. 432
  439. 433
  440. 435
  441. 436
  442. 437
  443. 438
  444. 439
  445. 440
  446. 441
  447. 442
  448. 443
  449. 444
  450. 445
  451. 446
  452. 447
  453. 448
  454. 449
  455. 450
  456. 451
  457. 452
  458. 453
  459. 454
  460. 455
  461. 456
  462. 457
  463. 458
  464. 459
  465. 460
  466. 461
  467. 462
  468. 463
  469. 464
  470. 465
  471. 467
  472. 468
  473. 469
  474. 471
  475. 472
  476. 473
  477. 475
  478. 476
  479. 477
  480. 478
  481. 479
  482. 480
  483. 481
  484. 482
  485. 483
  486. 485
  487. 486
  488. 487
  489. 488
  490. 489
  491. 490
  492. 491
  493. 492
  494. 493
  495. 494
  496. 495
  497. 496
  498. 497
  499. 498
  500. 499
  501. 500