DEV Community: Swati Tiwari

Behind the Scene of AWS IP Packet Delivery

Swati Tiwari — Fri, 01 Jul 2022 19:44:26 +0000

AWS hosts millions of customers in multiple regions and availability zones. Mostly Customers have overlapping private IP CIDR blocks, so the question is how AWS is preventing the IP Conflict moreover how is it actually distinguishing and preventing each customer's logical network infrastructure while they are perhaps sharing the same Physical host or different.

The Key answer to this is VPC mechanics and mapping Service. AWS VPC lets you provision a logically isolated section of the AWS Cloud. That Logically isolated section is called a virtual network that you define, and you have full control of it which includes selecting IP range, creation of subnet and so on. Each customer has their own logically isolated network ie VPC. Each VPC infrastructure is made up of the following:

Physical Host on which Customer launch their EC2 instance
Amazon DNS Server
DHCP Server
Instance Metadata

When an EC2 instance is launched, physical server on which it will be hosted gets determined by many factors like availability zone, EC2 instance type, EC2 instance tenancy and EC2 instance placement group.

Tenant isolation is a core function of VPC which helps in keeping these instances invisible to the other instances launched by different AWS accounts. And VPC uses a Mapping Service to understand which resources are part of it. Mapping service maintains information about VPC resources like MAC addresses, VPC IP addresses and the physical host IP address on which it lies.

Look at the following example to understand how the IP packet delivery process happens between two instances A and B, hosted on Physical hosts X and Y respectively, refer to the diagram to understand each step:

1- Instance A, which is hosted on physical host X, will send an ARP to know Instance B's MAC, which is captured by the HyperVisor of Host X.

2- HyperVisor of Host X goes to the mapping service to confirm if the Instance B exists in the same VPC.

3- Mapping service Confirms and it returns the MAC of Instance B to HyperVisor of Host X and HyperVisor sends the synthetic response to Instance A's ARP request.

Therefore, ARP request from Instance A does not directly reaches to the other host rather being taken care by the local HyperVisor and the mapping service.

4- Now, Instance A will send an IP packet which is encapsulated in the ethernet header. IP packet will have the source IP as instance A's ip and destination IP as Instance B's ip. And the Ethernet header will have the source MAC as Instance A's and Destination MAC as of instance B. IP packet is captured by HyperVisor of Host X where A exists. HyperVisor of host X goes to Mapping service to understand the IP of the physical host Y on which Instance B exists.

5- Mapping service returns the IP of the physical host Y to the HyperVisor of host X.

6- Now HyperVisor of host X encapsulates the IP packet with two more headers, One is VPC header which includes the VPC ID and another IP header which includes the IP of destination physical host Y. Now this packet is transmitted over the AWS network, and it reaches the destination physical host Y.

7- Now HyperVisor of the receiving physical host Y reaches to the mapping service to confirm if instance A exists in the same VPC.

8- Once Mapping service confirms, HyperVisor of Physical Host Y rips off the headers and delivers the packet to the Instance B successfully.

So there is a lot of scrutiny happens by mapping service to make sure instances within the same VPC able to connect while making sure to keep the others isolated. There is more to routing and network infrastructure of AWS however this covers the basics of how the VPC mechanics and mapping service works.

Hope it helps!

Happy Learning.

Journey to AWS Certified SAA-C02; Free Resources, Learning Path and More

Swati Tiwari — Fri, 22 Apr 2022 10:11:04 +0000

Hello Everyone,

Since i have been preparing for AWS SAA-C02 from quiet a time and earned my AWS Certified Solutions Architect Associate Badge recently, there are many people approaching me to know how i approached for this certification and what resources i followed. So i have decided to list down the learning path which helped me achieving this, hoping it helps individuals preparing for their certifications or keen to learn about AWS.

Here is the complete path i followed :

Complete AWS Cloud Practitioner Essentials Course available for free on AWS Skill builder.
Complete AWS Technical Essentials Course available for free on AWS Skill builder.

After these you can attempt AWS Cloud Practitioner certification like i did. AWS Cloud Practitioner Certification is a foundation level exam and is not a pre-requisite for the AWS SAA-C02. However, since i was completely new to AWS and wanted to learn in a systematic fashion i gave this certification prior to going directly for AWS SAA-C02.

Post completing AWS Cloud Practitioner Certification successfully, i started with the below AWS Free courses to get ready for AWS SAA-C02.

Check out the Exam Guide for SAA-C02 to understand about the exam and the domains it tests you upon.
Complete AWS architect learning plan, this is a collection of few courses, available for free on AWS Skill builder.
Exam readiness sessions for AWS SAA available for free on AWS Skill builder.
Udemy Stephan Marek’s Practice Sets (I bought a course which had 6 Practice Sets for AWS SAA-C02 exam) and one Course (Ultimate AWS Certified Solutions Architect Associate 2022) for easy hands-on labs. I did only one practice set that too right before my exam day. Which was enough to provide an understanding on what kind of question structure should i expect in the exam. This is completely optional, i did not complete either of these courses 100% therefore AWS Skill Builder is solely enough for the preparation.

Meanwhile, i also kept on attending AWS webinars and Twitch Channel discussions. Read whitepapers and articles to keep myself engaged and involved with the AWS offerings.

This complete customized path should give you good knowledge to proceed with the certification.

NOTE: AWS SAA-C02 had Scenario based questions so it is better to have thorough understanding of designing solutions for customer's technical requirements prior to attempting the Certification.

Let me know if it helps in the comment section. Also Feel free to save this learning path for later use.

Cheers!

Technical Essential Day Webinar AWS 7-3-22

Swati Tiwari — Wed, 09 Mar 2022 18:37:00 +0000

Heya All,

I attended Technical Essentials Day webinar yesterday hosted by AWSome technical trainers Thomas and Bart, and listing the key take away topics from the session below. If you find it helpful feel free to hit a like. Deep dive to each topic by following links listed in the post.

IAM - Identity and Access Management

https://aws.amazon.com/iam/

VPC - Virtual Private Cloud

https://aws.amazon.com/vpc/

EC2 family and pricing models - Elastic Compute Cloud

https://aws.amazon.com/ec2/

Security

Securing your EC2 instances by applying NACLs on subnet level and Security Groups on instance level.

https://aws.amazon.com/vpc/features/

Databases

Relational, Key Value, In-Memory, Document, Wide Column, Graph, Time Series, Ledger databases.

https://aws.amazon.com/products/databases/

Storage

Object store, File store, Block and Instance stores.

https://aws.amazon.com/products/storage/

Monitor - Amazon Cloud watch

https://aws.amazon.com/cloudwatch/

Load Balancing - Elastic Load Balancers

https://aws.amazon.com/elasticloadbalancing/

Scale - Auto Scaling of the EC2 Instances

https://docs.aws.amazon.com/autoscaling/

NOTE: All Resources listed in the post are authentic public resources provided by AWS.

Hope it helps. Cheers!

AWS Learning Resources

Swati Tiwari — Tue, 08 Mar 2022 18:08:54 +0000

Hello World, this is me sharing my learning experience of AWS as a beginner. I have completed my AWS Cloud Practitioner Certificate and presently preparing for SAA and Advanced Networking Specialty.

The article can be helpful for the individuals who want to get started with Cloud Computing leveraging Amazon Web Services. Here i will be listing resources that i use on daily basis to learn AWS and its offerings. Hope it helps. Feel free to comment your favorite AWS learning resource and help each other learn better.

In my opinion, Attending webinars is one of the best way to learn AWS from the basics along with reading whitepapers and watching digital trainings.

AWS Ramp-Up guides are great references to locate the resources and create a path to your learning as per your interested area. Ramp-up guides also include Hands-On Labs which can be done using AWS Free Tier. With AWS Free Tier you can explore and try out AWS services free of charge up to specified limits for each service. You can locate the Ramp-up guides using the following link:

https://aws.amazon.com/training/ramp-up-guides/

I also follow AWS Twitch channel and attend live sessions there as and when i get chance. It is a good platform to learn specific topics as well as for posing queries real time to AWS experts.
Also re:Post is a great place to place your queries in a forum and AWS experts will help answering your queries.

There is AWS Educate, https://aws.amazon.com/education/awseducate/, which has free trainings which you can use to build your cloud skills at your own pace. It also lists job opportunities which you can refer to locate any job openings with AWS in your skilled area.

I have recently joined DEV.to to read articles from AWS community builders. I am excited to learn more, hope you are too!

Cheers to Learning.

Hello World.

Swati Tiwari — Fri, 04 Mar 2022 14:43:43 +0000

I am here to learn AWS and connect with great AWS builder community. Hoping to learn more about AWS. I am presently preparing for AWS advanced networking specialty.