PERF 5: How do you configure your networking solution?
The optimal network solution for a workload varies based on latency, throughput requirements, jitter, and bandwidth. Physical constraints, such as user
or on-premises resources, determine location options. These constraints can be offset
with edge locations or resource placement.
Connectivity to AWS and hybrid AWS network architectures (NET317-R1)
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1)
Networking Products with AWS
Transitioning to Latency-Based Routing in Amazon Route 53
Amazon EBS - Optimized Instances
EC2 Enhanced Networking on Linux
EC2 Enhanced Networking on Windows
EC2 Placement Groups
Enabling Enhanced Networking with the Elastic Network Adapter (ENA) on Linux Instances
VPC Flow Logs
Application Load Balancer
Network Load Balancer
Understand how networking impacts performance: Analyze and understand how network-related decisions impact workload performance. For example, network latency often impacts the user experience, and using the wrong protocols can starve network
capacity through excessive overhead.
Evaluate available networking features: Evaluate networking features in the cloud that may increase performance. Measure the impact of these features through testing, metrics, and analysis. For
example, take advantage of network-level features that are available to reduce latency, network distance, or jitter.
Choose appropriately sized dedicated connectivity or VPN for hybrid workloads: When there is a requirement for on-premise communication, ensure that
you have adequate bandwidth for workload performance. Based on bandwidth requirements, a single dedicated connection or a single VPN
might not be enough, and you must enable traffic load balancing across multiple connections.
Leverage load-balancing and encryption offloading: Distribute traffic across multiple resources or services to allow your
workload to take advantage of the elasticity that the cloud provides. You can also use load balancing for offloading encryption
termination to improve performance and to manage and route traffic effectively.
Choose network protocols to improve performance: Make decisions about protocols for communication between systems and
networks based on the impact to the workload’s performance.
Choose your workload’s location based on network requirements: Use the cloud location options available to reduce network latency or improve throughput. Utilize AWS Regions, Availability Zones, placement groups, and edge locations such as Outposts, Local Regions, and Wavelength, to reduce network latency or improve throughput.
Optimize network configuration based on metrics: Use collected and analyzed data to make informed decisions about optimizing
your network configuration. Measure the impact of those changes and use the impact
measurements to make future decisions.
Understand how networking impacts performanceDefine networking performance requirements: Identify your workload’s important networking performance metrics. Implement requirements as part of a data-driven approach, using benchmarking
or load testing. Use this data to identify where your network solution is constrained,
and examine configuration options that could improve the solution.
Measure the network’s impact on your workload: Analyze your workload's networking requirements to understand how network performance impacts overall performance
Evaluate available networking featuresUnderstand the available product options: Learn which network related configuration options are available
to you, and how they could impact your workload. Understanding how these options interact with your architecture and the impact they will have on both measured performance and the performance perceived by users is critical for performance optimization.
Use AWS Transit Gateway when scaling multiple accounts: Traffic between an Amazon VPC and AWS Transit Gateway remains on the private AWS network and is not exposed to
the public internet. AWS Transit Gateway simplifies how you interconnect all of your
of VPCs, which can span across thousands of AWS accounts and into your on-premises
Choose appropriately sized dedicated connectivity or VPN for hybrid workloadsDevelop a hybrid networking architecture based on your bandwidth requirements: Estimate the bandwidth and latency requirements of your hybrid applications. Based on your bandwidth requirements, a
single VPN or Direct Connect connection might not be enough, and you must architect
a hybrid setup to enable traffic load balancing across multiple connections.
Direct Connect may be required. It offers a more predictable
and consistence performance because it doesn’t involve internet. It is great for production workloads that require consistent latency and almost zero jitter.
Leverage load-balancing and encryption offloadingUtilize the appropriate load balancer for your workload: Select the appropriate load balancer for your workload. AWS supports three types of load balancers. If you must load balance HTTP requests, we recommend Application
Load Balancer. For network/transport protocols (layer4 – TCP, UDP) load balancing,
and for extreme performance/low latency applications, we recommend Network Load Balancer. Application Load Balancers support HTTPS and Network Load Balancers
support TLS encryption offloading.
Enable offload of HTTPS or TLS encryption: Elastic Load Balancing includes integrated certificate management, user-authentication, and SSL/TLS decryption.
It provides the flexibility to centrally manage TLS settings and offload CPU intensive
workloads from your applications. Encrypt all HTTPS traffic as part of your load balancer deployment.
Choose network protocols to improve performanceOptimize network traffic: Select the appropriate protocol to optimize the performance of your workload. There is a relationship between latency and bandwidth to achieve throughput. If your file transfer is using TCP, higher latencies
reduce overall throughput. There are approaches to fix latency with TCP tuning and optimized transfer protocols, some which use UDP.
Choose your workload’s location based on network requirementsReduce latency by selecting the correct locations: Identify where your users and data are located. Take advantage
of AWS Regions, Availability Zones, placement groups, and edge locations to reduce latency.
Optimize network configuration based on metricsEnable VPC Flow Logs: VPC Flow Logs enable you to capture information about the IP traffic going to and from network
interfaces in your VPC. VPC Flow Logs help you with a number of tasks, such as troubleshooting why specific traffic is
not reaching an instance, which can help you diagnose overly restrictive security group rules. You can use flow logs as a security tool to monitor the traffic that is reaching your instance, to profile your network
traffic, and to look for abnormal traffic behaviors.
Enable appropriate metrics for network options: Ensure that you select the appropriate network metrics for your
workload. You can enable metrics for VPC NAT gateway, transit gateways, and VPN tunnels.