PERF 5: How do you configure your networking solution?

The optimal network solution for a workload varies based on latency, throughput requirements, jitter, and bandwidth. Physical constraints, such as user or on-premises resources, determine location options. These constraints can be offset with edge locations or resource placement.

Resources

Connectivity to AWS and hybrid AWS network architectures (NET317-R1)
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1)
Networking Products with AWS
Transitioning to Latency-Based Routing in Amazon Route 53
Amazon EBS - Optimized Instances
EC2 Enhanced Networking on Linux
EC2 Enhanced Networking on Windows
EC2 Placement Groups
Enabling Enhanced Networking with the Elastic Network Adapter (ENA) on Linux Instances
Transit Gateway
VPC Endpoints
VPC Flow Logs
Application Load Balancer
Network Load Balancer

Best Practices:

• Understand how networking impacts performance: Analyze and understand how network-related decisions impact workload performance. For example, network latency often impacts the user experience, and using the wrong protocols can starve network capacity through excessive overhead.

• Evaluate available networking features: Evaluate networking features in the cloud that may increase performance. Measure the impact of these features through testing, metrics, and analysis. For example, take advantage of network-level features that are available to reduce latency, network distance, or jitter.

• Choose appropriately sized dedicated connectivity or VPN for hybrid workloads: When there is a requirement for on-premise communication, ensure that you have adequate bandwidth for workload performance. Based on bandwidth requirements, a single dedicated connection or a single VPN might not be enough, and you must enable traffic load balancing across multiple connections.

• Leverage load-balancing and encryption offloading: Distribute traffic across multiple resources or services to allow your workload to take advantage of the elasticity that the cloud provides. You can also use load balancing for offloading encryption termination to improve performance and to manage and route traffic effectively.

• Choose network protocols to improve performance: Make decisions about protocols for communication between systems and networks based on the impact to the workload’s performance.

• Choose your workload’s location based on network requirements: Use the cloud location options available to reduce network latency or improve throughput. Utilize AWS Regions, Availability Zones, placement groups, and edge locations such as Outposts, Local Regions, and Wavelength, to reduce network latency or improve throughput.

• Optimize network configuration based on metrics: Use collected and analyzed data to make informed decisions about optimizing your network configuration. Measure the impact of those changes and use the impact measurements to make future decisions.

Improvement Plan

Understand how networking impacts performance

Define networking performance requirements: Identify your workload’s important networking performance metrics. Implement requirements as part of a data-driven approach, using benchmarking or load testing. Use this data to identify where your network solution is constrained, and examine configuration options that could improve the solution.

Measure the network’s impact on your workload: Analyze your workload's networking requirements to understand how network performance impacts overall performance

Evaluate available networking features

Understand the available product options: Learn which network related configuration options are available to you, and how they could impact your workload. Understanding how these options interact with your architecture and the impact they will have on both measured performance and the performance perceived by users is critical for performance optimization.

Use AWS Transit Gateway when scaling multiple accounts: Traffic between an Amazon VPC and AWS Transit Gateway remains on the private AWS network and is not exposed to the public internet. AWS Transit Gateway simplifies how you interconnect all of your of VPCs, which can span across thousands of AWS accounts and into your on-premises networks.

Choose appropriately sized dedicated connectivity or VPN for hybrid workloads

Develop a hybrid networking architecture based on your bandwidth requirements: Estimate the bandwidth and latency requirements of your hybrid applications. Based on your bandwidth requirements, a single VPN or Direct Connect connection might not be enough, and you must architect a hybrid setup to enable traffic load balancing across multiple connections. Direct Connect may be required. It offers a more predictable and consistence performance because it doesn’t involve internet. It is great for production workloads that require consistent latency and almost zero jitter.

Leverage load-balancing and encryption offloading

Utilize the appropriate load balancer for your workload: Select the appropriate load balancer for your workload. AWS supports three types of load balancers. If you must load balance HTTP requests, we recommend Application Load Balancer. For network/transport protocols (layer4 – TCP, UDP) load balancing, and for extreme performance/low latency applications, we recommend Network Load Balancer. Application Load Balancers support HTTPS and Network Load Balancers support TLS encryption offloading.

Enable offload of HTTPS or TLS encryption: Elastic Load Balancing includes integrated certificate management, user-authentication, and SSL/TLS decryption. It provides the flexibility to centrally manage TLS settings and offload CPU intensive workloads from your applications. Encrypt all HTTPS traffic as part of your load balancer deployment.

Choose network protocols to improve performance

Optimize network traffic: Select the appropriate protocol to optimize the performance of your workload. There is a relationship between latency and bandwidth to achieve throughput. If your file transfer is using TCP, higher latencies reduce overall throughput. There are approaches to fix latency with TCP tuning and optimized transfer protocols, some which use UDP.

Choose your workload’s location based on network requirements

Reduce latency by selecting the correct locations: Identify where your users and data are located. Take advantage of AWS Regions, Availability Zones, placement groups, and edge locations to reduce latency.

Optimize network configuration based on metrics

Enable VPC Flow Logs: VPC Flow Logs enable you to capture information about the IP traffic going to and from network interfaces in your VPC. VPC Flow Logs help you with a number of tasks, such as troubleshooting why specific traffic is not reaching an instance, which can help you diagnose overly restrictive security group rules. You can use flow logs as a security tool to monitor the traffic that is reaching your instance, to profile your network traffic, and to look for abnormal traffic behaviors.

Enable appropriate metrics for network options: Ensure that you select the appropriate network metrics for your workload. You can enable metrics for VPC NAT gateway, transit gateways, and VPN tunnels.