Skip to content

Sitetositevpn

Basics

  • A site to site VPN is a logical connection between AWS VPC & on premise network , encrypted in transit over IPSEC when runnin over public internet
  • It is possibly to have highly available S2S VPN if designed correctly
  • It can be quickly provisioned i.e. in less than an hour
  • Virtual Private Gateway is created & associated with the VPC. This is the target of route tables
  • Customer Gateway is either a logic configuration done in AWS or a phyiscal device on customer premises to which VPC connects
  • VPN connection connects VPW with CGW
  • The logical CGW has the same IP address configuration as the physical CGW hardware
  • VPG has physical endpoints in each of the AZ. Hence it is highly available
  • VPN connection can be either static or dynamic
  • In case of static VPN, all the networking information like IP range for VPC as well as IP address for on premise network
  • Dynamic VPN uses Border Gateway Protocol(BGP)
  • For dynamic VPN Customer router needs to support BGP
  • Route propogation needs to be enabled on VPC so that any new routes discovered through BGP
  • Single VPN with 2 endpoins can give 1.25 GB/s speed.
  • VPN connections are over public interent hence they can have latency as well as consistency issues
  • VPNs instead of being top of public internet can be configured over direct connect