[email protected] 1-222-2333-33

Category Archives: Logical networking

  1. Home / 
  2. Archive by category "Logical networking"
Aug 19, 2024
DNIs – Addressing Disconnected Scenarios with AWS Snow Family

DNIs were introduced to AWS Snow Family devices to support advanced network use cases. DNIs provide layer 2 network access without any translation or filtering, enabling features such as multicast streams, transitive routing, and load balancing. This direct access enhances network performance and allows for customized network configurations.

DNIs support VLAN tags, enabling network segmentation and isolation within the Snow Family device. Additionally, the MAC address can be customized for each DNI, providing further flexibility in network configuration:

Figure 4.18 – AWS Snowball Edge device with one DNI

DNIs and security groups

It’s important to note that traffic on DNIs is not protected by security groups, so additional security measures need to be implemented at the application or network level.

Snowball Edge devices support DNIs on all types of physical Ethernet ports, with each port capable of accommodating up to seven DNIs. For example, RJ45 port #1 can have seven DNIs, with four DNIs mapped to one EC2 instance and three DNIs mapped to another instance. RJ45 port #2 could simultaneously accommodate an additional seven DNIs for other EC2 instances.

Note that the Storage Optimized variant of AWS Snowball Edge does not support DNIs:

Figure 4.19 – AWS Snowball Edge network flows with DNIs

Looking at Figure 4.19, we can see that al2-1 has two Ethernet ports configured inside Linux. One is on the typical 34.223.14.128/25 subnet, but the other is directly on the 192.168.100.0/24 RFC 1918 space. A configuration such as this is the only time an interface on an EC2 instance on an AWS Snow Family device should be configured for any subnet but 34.223.14.128/25.

Figure 4.20 shows what a DNI looks like from the perspective of the EC2 instance that has one attached:

Figure 4.20 – DNI details under Amazon Linux 2

Storage allocation

All AWS Snowball Edge device variants work the same way with respect to storage allocation. Object or file storage can draw from the device’s HDD storage capacity, while block volumes used by EC2 instances can be drawn from either the device’s HDD or SDD capacity. Figure 4.21 shows an example of this:

Figure 4.21 – Storage allocation on AWS Snowball Edge

S3 buckets on a device can be thought of as being thin-provisioned in the sense that they start out consuming 0 bytes, and as objects are added, they only take the amount needed for those objects from the HDD capacity.

Block volumes for EC2 instances, on the other hand, can be thought of as thick-provisioned. When the volume is created, a capacity is specified, and it is immediately removed from the HDD pool for any other use.

More Details
Jun 22, 2024
Logical networking – Addressing Disconnected Scenarios with AWS Snow Family

First, we must level set on some terms that have specific meanings within the context of AWS Snowball Edge. These terms differ a bit from what you see in an EC2 VPC:

Public IP: In this context, the term “public” does not mean a routable IP on the internet. It simply means an IP address on the “outside” network of the device – this is the network your device will acquire Dynamic Host Configuration Protocol (DHCP) addresses from when you plug it in for the first time. The default gateway for this network will be a router that you own. DNS and NTP will also be pointing toward addresses you use now on your network.

Private IP: An IP address on the “inside” network of the device. Perhaps confusingly, AWS has chosen to make the private network range on all AWS Snow Family devices 34.223.14.128/25. This cannot be changed, and yes – it is a routable prefix registered to AWS with the Internet Assigned Numbers Authority (IANA). There are no services attached to the “real” version of this prefix out on the internet, so don’t worry.

Virtual Network Interface (VNI): A static 1:1 NAT mapping of a public IP to a private IP. These are needed for EC2 instances to talk to any network outside of the private range inside the device.

Direct Network Interface (DNI): This is a way to map one of the physical RJ45/10 GbE Ethernet ports on the AWS Snowcone device to an EC2 instance inside the device, thus bypassing the 1:1 NAT translation from 34.223.14.128/25 to 192.168.x.x (or whatever your network’s IP range is).

Two VNIs each on a different physical Ethernet port

Configuring an AWS Snowball Edge device with two VNIs, each on a separate physical Ethernet port, offers several key benefits. First, it provides increased network bandwidth and throughput by leveraging the capabilities of two separate network connections. This is particularly advantageous in scenarios that require high-speed data transfer or processing, allowing for faster and more efficient operations.

Secondly, having separate physical Ethernet ports for each VNI allows for network segregation and isolation at a hardware level. This enables the Snowball Edge device to maintain a strict separation between different types of network traffic or data flows. By keeping the networks isolated, organizations can ensure enhanced security, compliance, and operational control over their data and applications.

Furthermore, the configuration with two separate physical Ethernet ports provides inherent redundancy and high availability (HA). If one network connection or port experiences an issue, the Snowball Edge device can automatically switch to the other port, maintaining uninterrupted connectivity and data transfer. This redundancy ensures continuity of operations and minimizes the impact of any network failures:

Figure 4.15 – AWS Snowball Edge device with two VNIs on separate PNIs

More Details
Feb 24, 2024
Targets available on AWS Snowball Edge for data loading – Addressing Disconnected Scenarios with AWS Snow Family

There are several types of targets available on an AWS Snowball Edge device that you can use to load data.

NFS endpoint on the AWS Snowball Edge device

This option allows users to access and manage data on the Snowball Edge device using the familiar NFS protocol. This means you can easily mount the Snowball Edge device as a network file share, similar to mounting a NAS device. You can then perform standard file operations such as reading, writing, moving, and deleting files using drag and drop like you would on a departmental file share. Linux or macOS both have NFS support built in, while Windows requires installation of the Services for NFS optional component or a third-party NFS client.

This is generally the most convenient method and the most readily understood. Standard client-side tools such as rsync, xcopy, Robocopy, or the like can be used with no modifications.

This target has a practical maximum throughput of around 3 Gbit/s.

S3 endpoint on the AWS Snowball Edge device

All members of the AWS Snow Family have a local version of the same sort of S3 endpoint as you would work with in a region. You simply target the S3 endpoint IP on the AWS Snowball Edge device with commands from the AWS CLI or your own code (for instance, a Python script using boto3):

Figure 4.5 – S3 endpoint on an AWS Snowball Edge device

You can also target this local endpoint with third-party programs that know how to work with S3 – common examples include enterprise backup software packages such as Veeam or Commvault.

This target can ingest at speeds in excess of 20 Gbit/s. However, this requires considerable optimization of the client-side transfer mechanism to achieve.

EC2 instance running on the AWS Snowball Edge device

Another approach is to bypass the native endpoints on the device altogether by spinning up an EC2 instance on it:

Figure 4.6 – EC2 instances running on an AWS Snowball Edge device

That instance could run any third-party data transfer software you want, and the limitations on throughput would be specific to that vendor’s software.

AWS DataSync agent

The AWS DataSync agent is a special kind of EC2 instance you can spin up on an AWS Snow Family device. It is important to note that this type of target pulls the data rather than has data pushed to it like all of the others do. DataSync supports pulling data from the following types of shared storage in your on-premise environment:

NFS exports

Windows Server (CIFS/Server Message Block (SMB)) shares

Hadoop Distributed File System (HDFS)

Self-managed object stores (some NAS devices can host S3-compatible stores)

Figure 4.7 – Launching the DataSync agent from OpsHub

You create DataSync tasks inside the AWS Management Console that tell the agent how to access these resources in your environment, when to pull files, how much bandwidth to consume, or if any manipulations need to be done in the process. The agent optimizes the data transfer process by employing techniques such as parallelization, data deduplication, and delta detection to minimize transfer times and optimize bandwidth usage.

A single DataSync task is capable of relaying data to an AWS region at 10 Gbit/s. However, this is dependent upon the resources available within the instance type chosen when the agent is deployed onto the device. At a minimum, an instance type with 2 vCPUs must be used. The more vCPUs the agent has at its disposal, the more it can parallelize the transfer and attain higher speeds.

More Details
Oct 29, 2023
Global Navigation Satellite System (GLONASS) – Understanding Network and Security for Far-Edge Computing

Contemporaneously with the rollout of the US’s GPS, the Soviet Union began deployment of a similar system known as GLONASS. The first satellite was launched in 1982 and has continued to be developed by the Russian Federation and operated by Roscosmos. Due to economic constraints in the 1990s/2000s followed by sanction-related obstacles in the 2010s, GLONASS has faced numerous challenges. However, it remains operational and available for anyone to use.

Compared to GPS, GLONASS is less accurate on average (though only slightly). That said, due to the different configuration of its orbits, GLONASS is a bit more accurate than GPS at high latitudes (such as within the Arctic or Antarctic circles).

Galileo

Created by the European Union via the European Space Agency, Galileo is a multinational effort to operate a global positioning system that provides independence from single-country control as is seen with GPS and GLONASS. The system went live in 2016 and currently operates 30 satellites in MEO.

At the time of writing, Galileo is the most accurate of the three global systems for the average user.

Regional and augmentation systems

In addition to the three global systems, there are a few regional and augmentation systems. These include the following:

Quasi-Zenith Satellite System (QZSS): Operated by Japan, QZSS uses a combination of satellites in geostationary and highly elliptical orbits to augment GPS, improving performance for terminals in Japan and the surrounding region.

Navigation Indian Constellation (NAVIC): Deployed by India, NAVIC uses a handful of geostationary satellites to improve performance for GPS terminals in South Asia.

Wide Area Augmentation System (WAAS): The US Federal Aviation Agency (FAA) operates three satellites in geostationary orbit to improve navigation for civilian aircraft in North America.

European Geostationary Navigation Overlay Service (EGNOS): A distinct system from Galileo, EGNOS is a set of three geostationary satellites that augment GPS for European users. Future plans include the ability to augment the Galileo system as well.

Other uses for GNSS

When a very precise clock source is needed that is accurate down to nanoseconds, expensive atomic clocks are one approach. However, because GNSS satellites have one or more atomic clocks onboard, their signals can be used to indirectly gain access to a free atomic clock. For example, 5G NFV functions, or virtual machines running a Software-Defined Radio (SDR) application require access to a physical clock. Network Time Protocol (NTP) or Precision Time Protocol (PTP) servers frequently save money by making use of GNSS signals.

Summary

In this chapter, we introduced you to elements that are common to all wireless communication technologies that are used at the far edge – concepts such as wavelength, frequency, duplexing, modulation, multipathing, and antenna design.

We built upon that by diving into cellular networking technologies such as 4G/LTE and 5G, reviewing the key advantages of 5G networks and how they enable new low-latency/high-throughput use cases. You were given a survey of LPWAN technologies such as LoRaWAN and NB-IoT, both of which are crucial to use cases such as smart agriculture, V2X, and smart cities.

Finally, we discussed the basics needed to understand SATCOM technologies and the services based on them – upon which the most remote edge computing use cases are dependent.

In the next chapter, we will cover the AWS Snow family of services. These target remote/disconnected edge compute situations.

More Details
Sep 1, 2023
GEOMETRIC DILUTION OF PRECISION (GDOP) – Understanding Network and Security for Far-Edge Computing

GDOP is a calculated value that combines the impact of several factors related to the angle at which the ground station can reach the satellites into a single coefficient that expresses how accurate a calculated position is.

Referring back to the previous figure, we can see an example of good geometry of the satellites involved. They are spread across the sky in all three axes. Contrast that with the following situation. In this case, the user is in an area surrounded by mountains. The terminal has no choice but to use samples from satellites that are closer together in the sky, and the calculated position will be less accurate as a result:

Figure 3.43 – Poor geometry due to obstructions

Other sources of GNSS inaccuracy

Atmospheric refraction is when a satellite’s signal is bent a little while traveling through the upper layers of the atmosphere. Sunspot activity can cause interference. Lower-quality receivers are more susceptible to measurement noise, which can happen even under perfect environmental conditions. A clock error of 1 nanosecond (a billionth of a second) can introduce as much as half a meter (1.5 feet) of imprecision.

Urban environments pose a particular challenge to GNSSs. Not only is the geometry compromised by buildings, but the signals the user can receive are often reflected off of them – causing unwanted multipath propagation as previously discussed. If you’ve ever requested a ride from an app on your phone and wondered why the driver thinks you’re at a restaurant two streets away, these are likely culprits.

Global Positioning System (GPS)

The first satellite for what we now know as GPS was launched in 1978 by the United States Air Force. At first, only the US military had access to the system.

In 1983, pilots of a commercial flight from Alaska to Korea made a navigational error that took their aircraft over the Kamchatka Peninsula near Japan. In response, a Soviet SU-15 interceptor shot down the Boeing 747, killing all 269 civilians onboard. To prevent future incidents, the US opened GPS for civilian use.

As of 2020, GPS is operated by the United States Space Force and remains open for anyone to use. At the time of writing, it has 32 satellites in a semi-synchronous21 medium Earth orbit (MEO) with an altitude of 20,200 kilometers (12,600 miles). Each orbit has a different inclination, providing global ground coverage.

21 A semi-synchronous orbit is one in which the spacecraft passes over a given point on the Earth twice per day.

More Details
Aug 7, 2023
LOW-EARTH ORBIT (LEO) – Understanding Network and Security for Far-Edge Computing

LEO satellites are positioned in orbit around the Earth at an altitude of up to 2,000 kilometers (1,200 miles). Because of this, they are in constant motion relative to an observer.

LEO satellites are known for their ability to provide coverage over a large area of the Earth’s surface since they orbit the Earth relatively quickly (compared to GEO satellites). This allows them to provide communication and other services to a large number of users, as well as to track the movement of objects on the surface of the Earth.

The primary technical advantage of LEO-based SATCOM systems is their much lower latency than GEO (as low as ~20ms RTT). The main disadvantage is caused by the fact that they are in constant motion concerning any given point on the ground. They must use mechanisms such as motorized tracking antennas (or complex phased-array antennas) and constellations of a sufficient size to ensure users on the ground can always reach at least one satellite.

Here are some examples of LEO-based SATCOM services:

Certus 700: An L-band service from Iridium that supports speeds as high as 704 Kbps. It is served by 66 cross-linked satellites in LEO.

Starlink Roam: A Ka/Ku-band service from Starlink that supports speeds up to 200 Mbps. It is served by over 3,50020 cross-linked satellites in LEO, with plans to grow to as many as 12,000.

20 As of February, 2023.

Global Navigation Satellite System (GNSS)

GNSS is an overarching term that includes all of the systems that use timing signals from satellite constellations to determine a position on the ground for navigation purposes.

GNSS for positioning

Trilateration

All satellite-based navigation systems discussed in this section determine a terminal’s position using trilateration. Unlike triangulation, it measures distance – not angles. Satellites in these systems repeatedly broadcast their current position and local time, derived from multiple onboard atomic clocks.

The following figure demonstrates a point on the ground receiving the same broadcast from four satellites:

Figure 3.42 – Trilateration using four satellites

From these four pieces of data, a terminal can calculate its position within a margin of error that varies from centimeters to hundreds of meters, depending on the circumstances.

More Details
Jul 26, 2023
Satellite orbits – Understanding Network and Security for Far-Edge Computing

Geostationary orbit (GEO)

GEO satellites are positioned in orbit around the Earth at an altitude of about 35,786 kilometers (22,236 miles). They are designed to remain in a fixed location relative to a point on the Earth’s surface as they orbit the Earth at the same rate that the Earth rotates.

This makes things easy for ground-based users. There are mobile apps that will tell you exactly where in the sky to point your antenna, and then you’re done:

Figure 3.41 – GEO satellite distance

The downside is the high latency incurred when signals have to travel that far. The speed of light is fast, but it is finite. ~200 milliseconds are required for light to go from one spot on the earth up to the GEO satellite and another 200 to go down to another spot. Factor in the latency of any ground segment and a 600ms RTT is considered typical.

Here are some typical GEO-based SATCOM data services:

Broadband Global Area Network (BGAN): This is an L-band service from Inmarsat. It can achieve speeds up to 492kbps for standard IP data traffic and up to 800kbps for streaming data (usually video), although this depends heavily upon the terminal involved. Six geostationary satellites are involved in providing global coverage (including polar regions) for this service. It is extremely reliable, supporting a 99.9% uptime SLA.

Global Xpress (GX): This is a Ka-band service from Inmarsat. It can achieve download speeds up to 50mbps and 5mbps speeds for upload. Five geostationary satellites provide near-global coverage.

European Aviation Network (EAN): This is a hybrid service comprised of a single Inmarsat S-band satellite in geostationary orbit above Europe and Vodafone’s terrestrial 4G/LTE network. Specifically built to provide data services onboard aircraft in European airspace, data rates as high as 100mbps are supported. Aircraft use the terrestrial network below 10,000 feet and switch to the S-band service above this altitude.

ViaSat-3: This is a Ka-band service that uses a constellation of three geostationary satellites operated by ViaSat. Each satellite serves a specific region (AMER, EMEA, or APAC), and has a total network capacity greater than 1 terabit per second. Typical consumer plans are 100mbps, while contracts for defense and commercial entities can be higher.

GEO HTS: This is a Ku-band service from SES that can achieve speeds up to 10mbps. It has near-global coverage using four satellites in geostationary orbit.

FlexGround: This is a Ku-band service from Intelsat that supports download speeds up to 10mbps and 3mbps upload speeds. Being one of the pioneers in SATCOM19, Intelsat has over 50 satellites in geostationary orbit.

19 Intelsat launched its first satellite in 1965.

More Details
May 15, 2023
Integrating SATCOM – Understanding Network and Security for Far-Edge Computing

Satellite communication (SATCOM)

SATCOM is the use of satellites to provide communication services, such as telephone, television, and internet connectivity. SATCOM systems use a network of satellites in orbit around the Earth to transmit and receive signals between two or more points on the surface of the Earth, or between the Earth and another body in space (such as a spacecraft).

There are two main types of SATCOM systems: fixed and mobile. Fixed SATCOM systems are typically used to provide communication services to a specific location, such as a remote village or a ship at sea. Mobile SATCOM systems are designed to provide communication services to mobile users, such as aircraft, vehicles, or portable devices.

SATCOM systems are used in a wide range of applications, including military and government communications, emergency and disaster response, and commercial telecommunications. They are particularly useful in areas where it is difficult or impossible to install terrestrial communication infrastructure, such as in remote or inaccessible locations, or disaster-stricken areas.

SATCOM terminal18

18 Some SATCOM operators refer to terminals as antennas or modems, which is technically inaccurate as a terminal is the overall system the end user needs to connect to.

In the context of satellite communications, a terminal is the user equipment that acts as an interface between the user’s network and the satellite constellation. SATCOM terminals vary in cost, size, and complexity, ranging from small handheld devices to larger installations used in industries such as aviation, rail, maritime, and the military. Terminals typically consist of antennas, transceivers, modems, and associated electronics that facilitate satellite communication for voice, data, video, or other forms of communication.

SATCOM frequency bands

For the most part, SATCOM takes place within the SHF or VHF bands, as defined by the ITU. However, SATCOM has its own frequency band definitions, which are more granular:

  Band StartFrequency (GHz)Wavelengthn
StopStartStop 
Classical L-Band0.9501.450316207
Extended L-Band0.9502.150316140
S-band1.7003.000176100
Extended C-BandDownlink3.4004.2008871
Uplink5.8506.7255145
LMI C-BandDownlink3.7004.0008175
Uplink5.7256.0255250
Russian C-BandDownlink3.6504.1508272
Uplink5.9506.4755046
Standard C-BandDownlink3.7004.2008171
Uplink5.9256.4255147
X-BandDownlink7.2507.7504139
Uplink7.9008.4003836
Ku-BandDownlink10.00013.0003023
Uplink14.00017.0002118
K-Band18.00026.5001711
Ka-BandnDownlink18.00021.0001714
Uplink27.00031.0001110

Figure 3.40 – SATCOM frequency bands

More Details
Feb 7, 2023
Long range wide area network (LoRaWAN) – Understanding Network and Security for Far-Edge Computing

Long range wide area network (LoRaWAN)

This is a protocol that sits on top of LoRA. It operates at Layer 2 (data link) and Layer 3 (network) of the OSI model. LoRaWAN does the same job that Ethernet and IP do for typical computer networks. It is possible to use LoRaWAN on top of a different Layer 1 radio technology, but this is uncommon.

Figure 3.34 – Examples of LoRaWAN gateways

LoRaWAN is an open standard that is supported by the LoRa Alliance, a non-profit organization that promotes the adoption of the technology. It is widely used, having been adopted by many major telcos around the world. LoRaWAN networks are used for applications that require long-range communication, low power consumption, and a low data rate, such as smart metering, asset tracking, and environmental monitoring.

The technology is well suited for non-video IoT applications because it allows rapid deployment of inexpensive sensors and relatively little infrastructure compared, to, say, 5G:

Figure 3.35 – Smart agriculture with LoRaWAN

A LoRaWAN network consists of the following elements:

End devices: These are also called nodes. They are the actual sensors, actuators, cameras, and the like in an IoT deployment. They communicate with gateways over the LoRa protocol.

Gateways: These are also called concentrators. These are similar to Wi-Fi extenders in that they act as a bridge from the end device/node to the network. Unlike Wi-Fi, however, a given device can talk to multiple gateways at once, and all a gateway does is gather those device messages and forward them to the network server. It is up to the network server to handle duplicate messages.

You usually want your devices to talk to a minimum of three gateways.

They also have an IP connection of some sort – it could be wired or wireless – so that they can communicate with the network server. That link is not LoRaWAN, because it is an aggregation point and needs higher throughput.

Network server: These could be thought of as similar to the AP controllers some enterprise Wi-Fi networks use to manage multiple access points. They receive messages from the gateways/concentrators and forward them to the application – both over an IP network.

They are also responsible for deduplication of messages. This is because multiple gateways can receive the same message from a given device, and they will simply forward them along and let the network server figure out if it is unique or not.

Note that LoRaWAN devices are not paired to a gateway – they are paired to a network server. The gateways are just a transport mechanism.

Application server: This is the final stop of a LoRaWAN message’s journey. The application server handles message encryption, data storage, and authentication of new nodes into the network.

More Details
Oct 8, 2022
Spatial streams – Understanding Network and Security for Far-Edge Computing

The term for beamforming as it is implemented within Wi-Fi is spatial streams.

While some vendors of 802.11n (Wi-Fi-4) devices did implement beamforming, it was through proprietary mechanisms that were specific to each product line. 802.11ac (Wi-Fi-5) was the first to include it as part of the specification.

When a Wi-Fi access point has beamforming enabled, it first estimates the angle of arrival of each client by comparing small differences in arrival times of a signal across multiple antennas that are close together. Once it knows the direction in which it needs to steer the beam, it will have those antennas broadcast the signal at slightly different times. The pattern that’s used is known as a steering matrix.

This deliberately introduces interference because the waves now overlap a little bit. However, not all interference is the same. Some are constructive interference, which makes the signal stronger in one direction, while destructive interference makes it weaker in another:

Figure 3.32 – Beamforming with 802.11ac (Wi-Fi-5)

The net effect of all this is to maximize the signal strength on a per-client basis. This means the signal effectively travels farther and penetrates obstacles better. With older Wi-Fi specifications, all you could do is increase the power output of an omnidirectional signal or add Wi-Fi repeaters.

This is one of the reasons for a seemingly endless multiplication of antennas on even consumer-grade access points. More antennas on both the AP and the clients are better for Wi-Fi throughput – up to a point13. Regardless of the number of antennas, the 802.11ac (Wi-Fi-5) specification supports a maximum of four spatial streams to be active at once.

13 Two antennas are the minimum for beamforming to function at all, while three is recommended.

802.11ax (Wi-Fi-6) increased this to eight and also enhanced it by including client-side modifications that help the AP figure out where a given client is instead of leaving all the work on the AP.

More Details