Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

S3 Performance Improvement with Transit Gateway Peered architecture

0

I am working on an architecture attached here. 2 instances in 2 cross region TGW peered VPCs, S3 interface endpoint to access s3 bucket i am not able to achieve higher throughput while uploading the objects from either instance to s3 bucket. i changed the instance types from t2.micro, c5.12xlarge, c5.24xlarge,c5n.18xlarge, changed the object sizes from 16 MB to 2GB with multiple processes from 96 to 256. i measured the network connectivity performance between 2 instances in 2 cross region TGW peered VPC using iperf3 tool. i could achieve performance of** 98Gbps i.e. 12.25 GBps** throughput using c5n.18xlarge instance type. so the transit gateway is scaling is what i think. according to the docuemntation, this (https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-limits-endpoints.html) doc points out that "By default, each VPC endpoint can support a bandwidth of up to 10 Gbps per Availability Zone, and automatically scales up to 100 Gbps." i also increased the number of instances from 1 to 6 to see if horizontal scaling could incraese the performance. there i observed the increase in throughput upto 5 GBps but there was extreme increase in latency and decrease in per-instance throughput. then i tested the performance for 1GB object size + 128 processes from both instances, from VPC A to s3 via TGW peering - c5n.18xlarge instance type: throughput = 2.18 GB/s average latency = 45.84s from VPC B to s3 via direct s3 interface endpoint: c5n.18xlarge instance type: throughput=2.29 GB/s average latency = 43 ms which is not near to 12.5 GBps as per doc.

i could not observe any increase in throughput or decrease in latency between these 2 paths. so is the bottleneck happening at the s3 interface endpoint then? why is the throughput not increasing above 2.5 GBps per instance while accessing the s3 via interface endpoint?

Topics
StorageNetworking & Content Delivery
Tags
Amazon VPCAWS Transit GatewayStorageNetworking & Content DeliveryAmazon Simple Storage Service
Language
English
AWS
EXPERT
asked a year ago304 views
2 Answers
2

I strongly suggest you replace the Interface endpoint with Gateway endpoint because it eliminates costs of Interface endpoints for transfers to/from a VPC and S3. Interface endpoints have 2 associated costs: 1/ hourly attachment charges plus 2/ data transfer costs. There is no cost for Gateway endpoints.

When you create a Gateway endpoint, a route is added to the route-table in the VPC routing connections but avoiding egress via NAT GW, avoiding those data processing charges.

As per the Internetwork traffic privacy section of the S3 User Guide: You can use two types of VPC endpoints to access Amazon S3: gateway endpoints and interface endpoints (by using AWS PrivateLink). A gateway endpoint is a gateway that you specify in your route table to access Amazon S3 from your VPC over the AWS network. Interface endpoints extend the functionality of gateway endpoints by using private IP addresses to route requests to Amazon S3 from within your VPC, on premises, or from a VPC in another AWS Region by using VPC peering or AWS Transit Gateway.

To take advantage of the lowest cost network path when using Enable private DNS only for inbound endpoints, a gateway endpoint must be present in your VPC. The presence of a gateway endpoint helps ensure that in-VPC traffic always routes over the AWS private network when the Enable private DNS only for inbound endpoints option is selected. You must maintain this gateway endpoint while you have the Enable private DNS only for inbound endpoints option selected. If you want to delete your gateway endpoint you must first clear Enable private DNS only for inbound endpoints.

AWS
answered a year ago
  • Leo K EXPERT
    a year ago

    Gateway endpoints can only be accessed from CIDRs local to the VPC where the gateway endpoint is created. I believe they're using interface endpoints intentionally in this case to give the endpoint network interfaces inside the VPC in London with IP addresses that can be reached via the cross-region TGW peering connection. It might be possible to achieve this with a gateway endpoint by setting up a private NAT gateway in London and routing the traffic towards the gateway endpoint for S3 in Paris coming from London via the NAT gateway, but the costs for NAT gateways are even higher than those for VPC interface endpoints, defeating the purpose of switching to NAT GW.

0

Based on your scenario, there are several factors limiting your S3 throughput performance that aren't related to your Transit Gateway peering setup.

The key bottleneck appears to be related to S3 transfer flow rate limits rather than your network infrastructure. Each connection to Amazon S3 has a maximum transfer rate of 5Gbps, regardless of your instance bandwidth. To achieve higher throughput, you need to optimize your approach to S3 transfers specifically.

For high-throughput transfers between EC2 and S3, consider these optimization strategies:

  1. Use byte-range requests: When downloading large objects, make concurrent requests for byte ranges at the granularity of 8-16 MB.

  2. Optimize concurrent connections: As a general rule, make one concurrent request for each 85-90 MB/s of desired network throughput. For a 10 Gbps NIC, about 15 concurrent requests over separate connections is recommended. For faster NICs like your c5n.18xlarge (which has 100 Gbps capability), you would need to scale up concurrent requests accordingly.

  3. Use optimized transfer tools: Consider using tools that support parallel transfers like the AWS CLI with AWS Common Runtime (CRT) enabled or third-party applications such as s5cmd.

  4. Consider S3 Transfer Acceleration: If you're transferring data across regions, S3 Transfer Acceleration can help minimize latency by using CloudFront's globally distributed edge locations.

The fact that you're seeing similar performance (~2.2-2.3 GB/s) whether going through TGW peering or directly via interface endpoint suggests that the bottleneck is not in your network path but in how your application is interacting with S3. Your iperf3 test confirms that the network infrastructure can handle much higher throughput (98 Gbps).

When you increased to multiple instances, you saw aggregate throughput increase to 5 GB/s but with increased latency, which suggests you're approaching S3 service limits or experiencing resource contention.

To maximize S3 throughput, focus on optimizing your application's approach to S3 transfers rather than the network path.
Sources
Maximizing Amazon S3 transfer throughput to Amazon EC2 instances | AWS re:Post
Horizontal Scaling and Request Parallelization for High Throughput - Best Practices Design Patterns: Optimizing Amazon S3 Performance
Performance guidelines for Amazon S3 - Amazon Simple Storage Service

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content