Identifying the requirements for hybrid connectivity

Task Statement 1.5: Design a routing strategy and connectivity architecture between on-premises networks and the AWS Cloud.

📘AWS Certified Advanced Networking – Specialty

1. What Does “Identifying Requirements” Mean?

Before building a hybrid network, you must clearly understand:

  • What needs to be connected
  • How much traffic will flow
  • How secure the connection must be
  • How reliable and fast the connection should be
  • How routing should work between environments

This step ensures you choose the right architecture and AWS services.

2. Key Requirements to Identify

2.1 Network Connectivity Requirements

You need to understand how your on-premises network and AWS should communicate:

  • IP addressing
    • Are there overlapping IP ranges between on-prem and AWS?
    • Overlapping ranges may require NAT or re-addressing.
  • Routing requirements
    • Do you need dynamic routing (BGP) or static routing?
    • Most enterprise designs use Border Gateway Protocol (BGP).
  • Traffic direction
    • Is traffic bidirectional or one-way?
    • Example: application servers in AWS accessing on-prem databases.

2.2 Bandwidth and Performance Requirements

You must determine:

  • How much data will transfer between environments
  • Expected throughput (bandwidth) requirements
  • Latency sensitivity of applications

Key considerations:

  • Real-time applications need low latency
  • Bulk data transfer needs high bandwidth
  • If high performance is required, consider:
    • AWS Direct Connect instead of VPN

2.3 Security Requirements

Security is critical in hybrid connectivity:

  • Encryption
    • Is encryption required for data in transit?
    • VPN uses IPsec encryption
  • Authentication
    • How will systems authenticate each other?
  • Compliance requirements
    • Industry regulations may require:
      • Data encryption
      • Audit logs
      • Restricted access
  • Network segmentation
    • Use separate networks (e.g., VPCs, subnets) for isolation

2.4 Availability and Reliability Requirements

You must design for failures:

  • Redundancy
    • Use multiple VPN tunnels or multiple Direct Connect links
  • High Availability (HA)
    • Avoid single points of failure
    • Use:
      • Multiple Availability Zones
      • Multiple AWS Direct Connect locations
  • Failover mechanisms
    • If one connection fails, traffic should automatically switch

2.5 Scalability Requirements

Your network must handle growth:

  • Can the connection handle increased traffic?
  • Will you need more bandwidth in the future?
  • Can you add more connections easily?

Example considerations:

  • AWS Direct Connect supports scaling via multiple connections
  • VPN can be scaled but may have bandwidth limits

2.6 Routing Requirements

Routing defines how traffic flows between networks.

You must decide:

  • Static routing vs dynamic routing
    • Static: manually configured routes
    • Dynamic: uses BGP to automatically exchange routes
  • Route propagation
    • How routes are shared between:
      • On-prem routers
      • AWS Virtual Private Cloud (VPC)
  • Route control
    • Use route filtering to control traffic flow

2.7 Security and Network Isolation Requirements

  • Separate environments using:
    • VPCs (Virtual Private Clouds)
    • Subnets
  • Use security controls like:
    • Security Groups
    • Network Access Control Lists (NACLs)
  • Control access between:
    • On-prem networks
    • AWS resources

2.8 Latency and Jitter Requirements

  • Latency: time taken for data to travel
  • Jitter: variation in delay

Applications like:

  • Voice
  • Video
  • Real-time monitoring

require:

  • Low latency
  • Low jitter

To meet these:

  • Use Direct Connect
  • Avoid over-reliance on public internet-based VPN

2.9 Cost Requirements

Cost is a major factor:

  • VPN:
    • Lower cost
    • Uses internet
  • Direct Connect:
    • Higher cost
    • More consistent performance

You must evaluate:

  • Cost vs performance trade-offs
  • Data transfer charges
  • Bandwidth pricing

2.10 Compliance and Governance Requirements

Some organizations must follow strict rules:

  • Data residency laws
  • Encryption requirements
  • Logging and auditing

AWS services help with:

  • Monitoring traffic
  • Logging network activity (CloudWatch, VPC Flow Logs)

3. Key AWS Services Involved in Hybrid Connectivity

When identifying requirements, you must map them to AWS services:

3.1 AWS Site-to-Site VPN

  • Secure connection over the internet
  • Uses IPsec encryption
  • Good for:
    • Lower cost
    • Quick setup
    • Moderate performance needs

3.2 AWS Direct Connect

  • Dedicated private connection
  • Provides:
    • Lower latency
    • Higher bandwidth
    • More consistent performance

3.3 AWS Transit Gateway

  • Central hub for connecting:
    • VPCs
    • On-prem networks
  • Simplifies large-scale routing

3.4 AWS Virtual Private Cloud (VPC)

  • Isolated network in AWS
  • Used to host workloads
  • Controls routing and security

4. Important Routing Concepts (Exam Focus)

4.1 Border Gateway Protocol (BGP)

  • Used for dynamic routing
  • Automatically exchanges routes
  • Used in:
    • Direct Connect
    • VPN

Key exam points:

  • Supports failover
  • Uses Autonomous System Numbers (ASN)

4.2 Route Tables

  • Define how traffic moves inside a VPC
  • Control:
    • Which network traffic goes where
    • Whether traffic goes to on-prem or internet

4.3 Route Propagation

  • Automatically adds routes from:
    • VPN
    • Direct Connect
  • Helps reduce manual configuration

5. Steps to Identify Requirements (Exam Approach)

When answering exam questions, follow this structured approach:

Step 1: Understand the workload

  • What application?
  • What is its purpose?

Step 2: Identify traffic patterns

  • On-prem → AWS
  • AWS → On-prem
  • Bidirectional?

Step 3: Determine performance needs

  • Latency-sensitive?
  • High bandwidth?

Step 4: Check security requirements

  • Encryption needed?
  • Compliance requirements?

Step 5: Evaluate reliability needs

  • Need redundancy?
  • Multi-region?

Step 6: Analyze cost constraints

  • Budget limits?

Step 7: Choose routing strategy

  • Static or dynamic (BGP)

6. Common Exam Scenarios

You may be asked:

  • Which service meets:
    • High bandwidth + low latency → Direct Connect
  • Which provides:
    • Encryption over internet → VPN
  • How to:
    • Enable automatic failover → BGP with redundant connections
  • How to:
    • Connect multiple VPCs and on-prem → Transit Gateway

7. Key Exam Tips

  • Always consider security, performance, and reliability together
  • Prefer Direct Connect for critical workloads
  • Use VPN for cost-effective and quick connectivity
  • Use BGP for dynamic routing and failover
  • Identify whether overlapping IP addresses exist
  • Think about scalability and future growth

8. Summary

To identify requirements for hybrid connectivity:

  • Understand application and network needs
  • Evaluate bandwidth, latency, and security
  • Consider routing methods (static vs BGP)
  • Plan for availability and failover
  • Choose the right AWS services (VPN, Direct Connect, Transit Gateway)
  • Ensure compliance and cost efficiency
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by