This content is outdated. This version of the Well-Architected Framework is now found at: https://docs.aws.amazon.com/en_us/wellarchitected/2022-03-31/framework/performance-efficiency.html

PERF 5: How do you configure your networking solution?

The optimal network solution for a workload varies based on latency, throughput requirements, jitter, and bandwidth. Physical constraints, such as user or on-premises resources, determine location options. These constraints can be offset with edge locations or resource placement.

Resources

Connectivity to AWS and hybrid AWS network architectures (NET317-R1)
Optimizing Network Performance for Amazon EC2 Instances (CMP308-R1)
Networking Products with AWS
Transitioning to Latency-Based Routing in Amazon Route 53
Amazon EBS - Optimized Instances
EC2 Enhanced Networking on Linux
EC2 Enhanced Networking on Windows
EC2 Placement Groups
Enabling Enhanced Networking with the Elastic Network Adapter (ENA) on Linux Instances
Transit Gateway
VPC Endpoints
VPC Flow Logs
Application Load Balancer
Network Load Balancer

Best Practices:

Improvement Plan

Understand how networking impacts performance

  • Define networking performance requirements: Identify your workload’s important networking performance metrics. Implement requirements as part of a data-driven approach, using benchmarking or load testing. Use this data to identify where your network solution is constrained, and examine configuration options that could improve the solution.
  • Measure the network’s impact on your workload: Analyze your workload's networking requirements to understand how network performance impacts overall performance
  • Evaluate available networking features

  • Understand the available product options: Learn which network related configuration options are available to you, and how they could impact your workload. Understanding how these options interact with your architecture and the impact they will have on both measured performance and the performance perceived by users is critical for performance optimization.
  • Use AWS Transit Gateway when scaling multiple accounts: Traffic between an Amazon VPC and AWS Transit Gateway remains on the private AWS network and is not exposed to the public internet. AWS Transit Gateway simplifies how you interconnect all of your of VPCs, which can span across thousands of AWS accounts and into your on-premises networks.
  • Choose appropriately sized dedicated connectivity or VPN for hybrid workloads

  • Develop a hybrid networking architecture based on your bandwidth requirements: Estimate the bandwidth and latency requirements of your hybrid applications. Based on your bandwidth requirements, a single VPN or Direct Connect connection might not be enough, and you must architect a hybrid setup to enable traffic load balancing across multiple connections. Direct Connect may be required. It offers a more predictable and consistence performance because it doesn’t involve internet. It is great for production workloads that require consistent latency and almost zero jitter.
  • Leverage load-balancing and encryption offloading

  • Utilize the appropriate load balancer for your workload: Select the appropriate load balancer for your workload. AWS supports three types of load balancers. If you must load balance HTTP requests, we recommend Application Load Balancer. For network/transport protocols (layer4 – TCP, UDP) load balancing, and for extreme performance/low latency applications, we recommend Network Load Balancer. Application Load Balancers support HTTPS and Network Load Balancers support TLS encryption offloading.
  • Enable offload of HTTPS or TLS encryption: Elastic Load Balancing includes integrated certificate management, user-authentication, and SSL/TLS decryption. It provides the flexibility to centrally manage TLS settings and offload CPU intensive workloads from your applications. Encrypt all HTTPS traffic as part of your load balancer deployment.
  • Choose network protocols to improve performance

  • Optimize network traffic: Select the appropriate protocol to optimize the performance of your workload. There is a relationship between latency and bandwidth to achieve throughput. If your file transfer is using TCP, higher latencies reduce overall throughput. There are approaches to fix latency with TCP tuning and optimized transfer protocols, some which use UDP.
  • Choose your workload’s location based on network requirements

  • Reduce latency by selecting the correct locations: Identify where your users and data are located. Take advantage of AWS Regions, Availability Zones, placement groups, and edge locations to reduce latency.
  • Optimize network configuration based on metrics

  • Enable VPC Flow Logs: VPC Flow Logs enable you to capture information about the IP traffic going to and from network interfaces in your VPC. VPC Flow Logs help you with a number of tasks, such as troubleshooting why specific traffic is not reaching an instance, which can help you diagnose overly restrictive security group rules. You can use flow logs as a security tool to monitor the traffic that is reaching your instance, to profile your network traffic, and to look for abnormal traffic behaviors.
  • Enable appropriate metrics for network options: Ensure that you select the appropriate network metrics for your workload. You can enable metrics for VPC NAT gateway, transit gateways, and VPN tunnels.