You need the following components to connect your Outpost rack to your on-premises network: Show
Topics
Physical connectivityAn Outpost rack has two physical network devices that attach to your local network. An Outpost requires a minimum of two physical links between these Outpost network devices and your local network devices. An Outpost supports the following uplink speeds and quantities for each Outpost network device.
The uplink speed and quantity are symmetrical on each Outpost network device. If you use 100 Gbps as the uplink speed, you must configure the link with forward error correction (FEC CL91). Outpost racks can support single-mode fiber (SMF) with Lucent Connector (LC), multimode fiber (MMF), or MMF OM4 with LC. AWS provides the optics that are compatible with the fiber that you provide at the rack position. In the following diagram, the physical demarcation is the fiber patch panel in each Outpost. You provide the fiber cables that are required to connect the Outpost to the patch panel. Link aggregationAWS Outposts uses the Link Aggregation Control Protocol (LACP) to establish two link aggregation group (LAG) connections, one from each Outpost network device to each local network device. The links from each Outpost network device are aggregated into an Ethernet LAG to represent a single network connection. These LAGs use LACP with standard fast timers. To enable an Outpost installation at your site, you must configure your side of the LAG connections on your network devices. From a logical perspective, ignore the Outpost patch panels as the demarcation point and use the Outpost networking devices. For deployments that have multiple racks, an Outpost must have four LAGs between the aggregation layer of the Outpost network devices and your local network devices. The following diagram shows four physical connections between each Outpost network device and its connected local network device. We use Ethernet LAGs to aggregate the physical links connecting the Outpost network devices and the customer local network devices. Virtual LANsEach LAG between an Outpost network device and a local network device must be configured as an IEEE 802.1q Ethernet trunk. This enables the use of multiple VLANs for network segregation between data paths. Each Outpost has the following data paths between the on-premises network and its network:
You can configure the service link VLAN and local gateway VLAN only between the Outpost and your customer local network devices. An Outpost is designed to separate the service link and local gateway data paths into two isolated networks. This enables you to choose which of your networks can communicate with services running on the Outpost. It also enables you to make the service link an isolated network from the local gateway network by using multiple route table on your customer local network device, commonly known as Virtual Routing and Forwarding instances (VRF). The demarcation line exists at the port of the Outpost network devices. AWS manages any infrastructure on the AWS side of the connection, and you manage any infrastructure on your side of the line. To integrate your Outpost with your on-premises network during the installation and on-going operation, you must allocate the VLANs used between the Outpost network devices and the customer local network devices. You need to provide this information to AWS before the installation. For more information, see Network readiness checklist. Network layer connectivityEach Outpost network device requires an IP address on each VLAN so they can communicate with the customer local network devices to establish a BGP session. We recommend that you use a dedicated subnet, with a /30 or /31 CIDR, to represent this logical point-to-point connectivity. We recommend that you do not bridge the VLANs between your customer local network devices. You need to establish two paths:
The following diagram shows the connections from each Outpost network device to the customer local network device for the service link path and the local gateway path. There are four VLANs for this example:
The following table shows example values for the subnets that connect the Outpost network device 1 with the customer local network device 1.
The following table shows example values for the subnets that connect the Outpost network device 2 with the customer local network device 2.
Service link BGP connectivityThe Outpost establishes an external BGP peering session between each Outpost network device and the customer local network device for service link connectivity over the service link VLAN. The BGP peering session is established between the /30 or /31 IP addresses provided for the point-to-point VLAN. Each BGP peering session uses a private Autonomous System Number (ASN) on the Outpost network device and an ASN that you choose for your customer local network devices. AWS provides the attributes as part of the installation process. Consider the scenario where you have an Outpost with two Outpost network devices connected by a service link VLAN to two customer local network devices. You configure the following infrastructure, and customer local network device BGP ASN attributes for each service link:
The Outpost establishes an external BGP peering session over the service link VLAN using the following process:
Service link infrastructure subnet advertisement and IP rangeYou provide a /26 CIDR range during the pre-installation process for the service link infrastructure subnet. The Outpost infrastructure uses this range to establish connectivity to the Region through the service link. The service link subnet is the Outpost source, which initiates the connectivity. Outpost network devices advertise the /26 CIDR range as two /27 CIDR blocks to support link and device failures. You must provide a service link BGP ASN and an infrastructure subnet CIDR (/26) for the Outpost. For each Outpost network device, provide the BGP peering IP address on the VLAN of the local network device and the BGP ASN of the local network device. If you have a multiple rack deployment, you must have one /26 subnet per rack. Local gateway BGP connectivityThe Outpost establishes an external BGP peering from each Outpost network device to a local network device for connectivity to the local gateway. It uses a private Autonomous System Number (ASN) that you assign in order to establish the external BGP sessions. Each Outpost network device has a single external BGP peering to a local network device using its local gateway VLAN. The Outpost establishes an external BGP peering session over the local gateway VLAN between each Outpost network device and its connected customer local network device. The peering session is established between the /30 or /31 IPs that you provided when you set up network connectivity and uses point-to-point connectivity between the Outpost network devices and customer local network devices. For more information, see Network layer connectivity. Each BGP session uses the private ASN on the Outpost network device side, and an ASN that you choose on the customer local network device side. AWS provides the attributes as part of the pre-installation process. Consider the scenario where you have an Outpost with two Outpost network devices connected by a service link VLAN to two customer local network devices. You configure the following local gateway and customer local network device BGP ASN attributes for each service link:
Local gateway customer-owned IP subnet advertisementBy default, the local gateway uses the private IP addresses of instances in your VPC to facilitate communication with your on-premise network. However, you can provide a customer-owned IP address pool (CoIP). If you choose CoIP, AWS creates the pool from information you provide during the installation process. You can create Elastic IP addresses from this pool, and then assign the addresses to resources on your Outpost, such as EC2 instances. The local gateway translates the Elastic IP address to an address in the customer-owned pool. The local gateway advertises the translated address to your on-premises network, and any other network that communicates with the Outpost. The addresses are advertised on both local gateway BGP sessions to the local network devices. If you are not using CoIP, then BGP advertises the private IP addresses of any subnets on your Outpost that have a route in the route table that targets the local gateway. Consider the scenario where you have an Outpost with two Outpost network devices connected by a service link VLAN to two customer local network devices. The following is configured:
Can one DHCP server service multiple IPv4 subnets?The DHCP Server Multiple Subnet feature enables multiple disjoint subnets to be configured under the same DHCP address pool. This functionality enables the DHCP server to manage additional IP addresses by adding the addresses to the existing DHCP address pool (instead of using a separate address pool).
What type of IPv6 address configuration uses DHCPv6?DHCPv6. This is a combination of IPv6 Stateless Address Autoconfiguration (RFC 4862) and Dynamic Host Control Protocol for IPv6 (RFC 3315). It is a counterpart to IPv6 Stateless Address Autoconfiguration, and can be used with or without IPv6 Stateless Address Autoconfiguration to obtain configuration parameters.
Which of the following kinds of information are part of a DHCP server configuration choose two answers?The DHCP server can give a client all the information it needs to function, including IP address, boot server, and network configuration information.
Which of the following techniques can you use to provide high availability for a DHCP scope?DHCP failover provides redundancy and load balancing for DHCP services, enabling administrators to deploy a highly resilient DHCP service. With DHCP failover, Internet Protocol version 4 (IPv4) scopes with associated leases, reservations, options, and settings, are shared by two Windows DHCP servers.
|