Task Statement 2.1: Implement routing and connectivity between on-premises networks and the AWS Cloud.
📘AWS Certified Advanced Networking – Specialty
🔷 1. Understanding Layer 2 and Layer 3 (Foundation)
Networking works in layers. For this exam, you must clearly understand:
✅ Layer 2 (Data Link Layer)
- Works with MAC addresses
- Handles local network communication (same network/subnet)
- Uses switches
- Responsible for:
- Frame delivery
- VLANs
- Switching
✅ Layer 3 (Network Layer)
- Works with IP addresses
- Handles communication between different networks
- Uses routers
- Responsible for:
- Routing
- Path selection
- Logical addressing
🔷 2. Layer 2 Concepts (Important for Exam)
🔹 2.1 VLANs (Virtual Local Area Networks)
📌 What is a VLAN?
A VLAN is a way to logically separate networks even if devices are connected to the same physical switch.
📌 Why VLANs are used:
- Improve security
- Reduce broadcast traffic
- Organize networks (e.g., Dev, Prod, DB)
📌 Key VLAN Concepts
✔ VLAN ID
- Each VLAN has a number (e.g., VLAN 10, VLAN 20)
✔ Access Port
- Belongs to one VLAN only
- Used for servers or end devices
✔ Trunk Port
- Carries multiple VLANs
- Uses tagging (802.1Q)
📌 Example (IT Environment)
- A data center switch has:
- VLAN 10 → Application servers
- VLAN 20 → Database servers
- Traffic between them requires Layer 3 routing
📌 AWS Exam Insight
- AWS VPC does NOT expose VLANs directly
- But AWS internally uses VLAN-like isolation
- You must understand VLANs for:
- Hybrid networking
- Direct Connect
- On-prem integration
🔹 2.2 MAC Address
📌 What is it?
- Unique hardware address of a device
- Used at Layer 2
📌 Format:
- Example:
00:1A:2B:3C:4D:5E
📌 Switch behavior:
- Switch stores MAC addresses in a MAC table
- Forwards frames based on MAC
📌 AWS Insight:
- AWS abstracts MAC handling
- But MAC is important in:
- On-prem networks
- VMware environments
- Hybrid connectivity
🔹 2.3 Switching
📌 What is switching?
- Forwarding traffic within the same network
📌 Types:
- Layer 2 switching (based on MAC)
- Layer 3 switching (based on IP)
📌 Key Behavior:
- Flood unknown traffic
- Learn MAC addresses
- Reduce collisions
📌 AWS Relevance:
- AWS uses software-defined networking (SDN)
- You don’t configure switches, but:
- You must understand behavior for troubleshooting
🔷 3. Layer 3 Concepts (Critical for Exam)
🔹 3.1 IP Addressing
📌 What is an IP address?
A logical address used to identify devices across networks.
📌 Types:
✔ IPv4
- Example:
192.168.1.10 - Most common in AWS exam
✔ IPv6
- Example:
2001:db8::1 - Increasingly important in AWS
📌 Structure:
- Network portion + Host portion
Example:
192.168.1.0/24/24= subnet mask
📌 Private IP Ranges (Important!)
10.0.0.0/8172.16.0.0/12192.168.0.0/16
📌 AWS Usage:
- VPC CIDR blocks must use valid IP ranges
- Avoid overlapping IPs when connecting on-prem
🔹 3.2 Subnetting
📌 What is subnetting?
Dividing a network into smaller networks.
📌 Why important:
- Better IP management
- Improved security
- Network segmentation
📌 AWS Example:
- VPC:
10.0.0.0/16 - Subnets:
10.0.1.0/24(App)10.0.2.0/24(DB)
🔹 3.3 Gateways
📌 What is a gateway?
A device that allows traffic to leave a network
📌 Types in AWS:
✔ Internet Gateway (IGW)
- Connects VPC to internet
✔ Virtual Private Gateway (VGW)
- Used for VPN/Direct Connect
✔ NAT Gateway
- Allows outbound internet access from private subnet
✔ Transit Gateway
- Connects multiple VPCs and on-prem networks
📌 Key Concept:
- Default route →
0.0.0.0/0
🔹 3.4 Routing
📌 What is routing?
Finding the best path for data to travel between networks.
📌 Route Table Example:
| Destination | Target |
|---|---|
| 10.0.0.0/16 | Local |
| 0.0.0.0/0 | IGW |
📌 AWS Routing Behavior:
- Each subnet has a route table
- Routing is controlled, not automatic
📌 Types:
✔ Static Routing
- Manually defined routes
✔ Dynamic Routing
- Uses protocols like BGP
📌 AWS Exam Focus:
- BGP used in VPN and Direct Connect
- Route propagation vs static routes
🔹 3.5 Layer 3 Switching
📌 What is it?
- A switch that can route traffic using IP
📌 Why important:
- Faster than traditional routers
- Used in data centers
📌 AWS Insight:
- AWS internally uses high-performance routing
- You interact via:
- Route tables
- Gateways
🔷 4. Layer 2 vs Layer 3 (Quick Comparison)
| Feature | Layer 2 | Layer 3 |
|---|---|---|
| Address Type | MAC | IP |
| Device | Switch | Router |
| Scope | Local network | Between networks |
| Protocol | Ethernet | IP |
| AWS Visibility | Hidden | Fully configurable |
🔷 5. How Layer 2 & Layer 3 Work Together (Exam Critical)
📌 Traffic Flow:
- Device checks if destination is in same subnet
- If YES → uses Layer 2 (MAC)
- If NO → sends to gateway (Layer 3)
- Router forwards to correct network
📌 AWS + On-Prem Example:
- On-prem server → sends traffic to AWS
- Uses:
- VLAN (Layer 2 local segmentation)
- Router (Layer 3)
- VPN/Direct Connect
- AWS VPC routing
🔷 6. Key AWS Exam Tips (Must Remember)
✅ VLANs are NOT directly configurable in AWS
- But important for:
- Hybrid environments
- Direct Connect (802.1Q tagging)
✅ Always check IP overlap
- Overlapping CIDR = connection failure
✅ Routing is everything in AWS
- If routing is wrong → communication fails
✅ Gateways define connectivity
- IGW → Internet
- VGW → VPN
- TGW → Multi-network
✅ Understand traffic flow deeply
Exam questions often test:
- “Why traffic is not reaching destination?”
🔷 7. Common Exam Scenarios
You may be asked:
🔸 Scenario 1:
- Cannot connect on-prem to VPC
👉 Check: - Route tables
- Gateway configuration
- IP overlap
🔸 Scenario 2:
- Instances in different subnets cannot communicate
👉 Check: - Route tables
- NACLs / Security Groups
🔸 Scenario 3:
- Direct Connect with VLAN issue
👉 Check: - VLAN tagging
- BGP configuration
🔷 Final Summary
To pass this section, you must clearly understand:
✔ Layer 2:
- VLANs
- MAC addressing
- Switching
✔ Layer 3:
- IP addressing
- Subnetting
- Gateways
- Routing
✔ AWS Mapping:
- VPC = Network
- Subnet = Segment
- Route Table = Router logic
- Gateway = Exit/entry point
