Ingress traffic inspection
i have a multi region multi account setup Im planning for a centralized traffic inspoection for both http(s) and non http(s) Along with cloud wan is there any reference architectures
- Tags
- AWS Cloud WAN
- Language
- English
- Newest
- Most votes
- Most comments
Hi,
You will be highly interested in this re:Invent presentation titled "Network architectures for ingress traffic inspection": it contains all possible architectures for what you want to achieve.
Same topic with all patterns for this very recent re:Inforce presentation: https://www.youtube.com/watch?v=LzwFVsMLSIM
Best,
Didier
Hi Vinu
Check this link https://aws.amazon.com/blogs/networking-and-content-delivery/achieve-optimal-routing-with-aws-cloud-wan-for-multi-region-networks/
I'm quite opinionated on this topic and I believe that a centralised ingress model isn't scalable and has significant disadvantages when compared to a distributed ingress model. I appreciate that the "traditional" way of doing things brings traffic through a single firewall (or preferably a cluster of firewalls) but there are challenges there - if one of the applications that is flowing through that firewall cluster is having a good day (i.e. going viral) or having a bad day (under DDoS) then everyone is having a bad day. And that's just the start of things.
For more information: https://aws.amazon.com/podcasts/aws-podcast/675-unravel-internet-ingress-and-egress-a-deep-dive-into-application-access/
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 months ago
