Jun 22, 2024
Logical networking – Addressing Disconnected Scenarios with AWS Snow Family
First, we must level set on some terms that have specific meanings within the context of AWS Snowball Edge. These terms differ a bit from what you see in an EC2 VPC:
Public IP: In this context, the term “public” does not mean a routable IP on the internet. It simply means an IP address on the “outside” network of the device – this is the network your device will acquire Dynamic Host Configuration Protocol (DHCP) addresses from when you plug it in for the first time. The default gateway for this network will be a router that you own. DNS and NTP will also be pointing toward addresses you use now on your network.
Private IP: An IP address on the “inside” network of the device. Perhaps confusingly, AWS has chosen to make the private network range on all AWS Snow Family devices 34.223.14.128/25. This cannot be changed, and yes – it is a routable prefix registered to AWS with the Internet Assigned Numbers Authority (IANA). There are no services attached to the “real” version of this prefix out on the internet, so don’t worry.
Virtual Network Interface (VNI): A static 1:1 NAT mapping of a public IP to a private IP. These are needed for EC2 instances to talk to any network outside of the private range inside the device.
Direct Network Interface (DNI): This is a way to map one of the physical RJ45/10 GbE Ethernet ports on the AWS Snowcone device to an EC2 instance inside the device, thus bypassing the 1:1 NAT translation from 34.223.14.128/25 to 192.168.x.x (or whatever your network’s IP range is).
Two VNIs each on a different physical Ethernet port
Configuring an AWS Snowball Edge device with two VNIs, each on a separate physical Ethernet port, offers several key benefits. First, it provides increased network bandwidth and throughput by leveraging the capabilities of two separate network connections. This is particularly advantageous in scenarios that require high-speed data transfer or processing, allowing for faster and more efficient operations.
Secondly, having separate physical Ethernet ports for each VNI allows for network segregation and isolation at a hardware level. This enables the Snowball Edge device to maintain a strict separation between different types of network traffic or data flows. By keeping the networks isolated, organizations can ensure enhanced security, compliance, and operational control over their data and applications.
Furthermore, the configuration with two separate physical Ethernet ports provides inherent redundancy and high availability (HA). If one network connection or port experiences an issue, the Snowball Edge device can automatically switch to the other port, maintaining uninterrupted connectivity and data transfer. This redundancy ensures continuity of operations and minimizes the impact of any network failures:
Figure 4.15 – AWS Snowball Edge device with two VNIs on separate PNIs
More Details