Versions Compared

Old Version 1

changes.mady.by.user Paul Allen

Saved on

compared with

New Version 2

changes.mady.by.user Paul Allen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

This document provides details about the resources in Cornell AWS accounts that support the 2023 (v2) Direct Connect architecture.

Terminology

We use the following terminology in this document:

  • customer – Cornell AWS account owners/administrators
  • VPC – Virtual Private Cloud
  • DC – Direct Connect
  • TGW – Transit Gateway
  • AZ – Availability Zone

Resources

Secondary VPC CIDR Block

...

The sole purpose of these subnets is to be used to make TGW Attachmentsprovide a location for TGW attachment. One utility subnet exists in each Availability Zone AZ that a DC-connected VPC utilizes (for standard subnets).

Each subnet is /28 (16 addresses) in size , (the smallest size allowed by AWS) and utilizes a CIDR range from the secondary VPC CIDR block.

...

Customer Route Tables that support inter-VPC traffic as well as private Cornell, public Cornell, and internet network traffic. Routes in these tables direct traffic bound for the private Cornell network (10.0.0.0/8) and (optionally) public Cornell subnets use the Transit Gateway Attachment as their destination.

Network

...

ACLs

Utility Subnet ACL

The utility subnets exclusively use a NACL created especially for them. This NACL allows all inbound traffic to and outbound traffic from the utility subnets.

...

Customer ACLs

Standard Customer ACLs are customer route tables NACLs that filter inter-VPC traffic as well as private Cornell, public Cornell, and internet network traffic. An example of such a NACL is the Baseline AWS Network ACL. The specifics of these NACLs are defined by customer needs.

...

Transit Gateway Attachments are the mechanism that connect VPCs to Transit Gateways and the DC infrastructure.

A single TGW Attachment in is made per VPC, and the Attachment is made to all utility subnets in the VPC. Importantly, a TGW attachment must be made to one (and only one) utility subnet in each of the AZs used by the VPC

TGW Attachments are proposed/offered to Cornell AWS acounts by the Cloud Team from the set of TGWs used by CIT to offer Direct Connect services.

References

...