Example Corp. Automotive use case - Hybrid Connectivity

Example Corp. Automotive use case

This section of the whitepaper demonstrates how the considerations, requirement definition questions, and decision trees are used to help you decide on the optimal hybrid network design. Identifying and capturing requirements is important because they are used as input to the decision trees. Capturing requirements at the beginning avoids further design iterations. When requirements are understood up front, there is less of a chance that you will have to pause a project altogether and place valuable resources on hold while you revisit the design.

We will use Example Corp. Automotive as the illustrative customer throughout this section. They are looking to initially deploy their first analytics project on AWS. The analytics project is focused on analyzing data from cars manufactured by the company and other datasets that already exist in the company’s data centers.

Initially, the company’s architecture group thinks that they will need an AWS account, an Amazon VPC, and few subnets to host production, and development environments. The project team is eager to get started and they requested access to a development environment as soon as possible. Their plan is to go into production in three months.

Example Corp. Automotive also plans to use AWS for several additional projects, such as migrating their enterprise resource planning (ERP) systems, Virtual Desktop Infrastructure (VDI), and another 20 applications from on-premises to AWS over the next six months. Some of the requirements for additional projects are still being defined, but it is clear that their AWS Cloud use is anticipated to grow.

The architecture team decided to use the approach outlined in this whitepaper. They used the requirement definition questions outlined under each consideration to capture the inputs to make their design decisions.

They start with requirements related to the connectivity type that are summarized in the following table.

Connectivity type selection considerations Requirement definition questions Answers
Time to Deploy What is the required timeline for the deployment? Hours, days, weeks, or months? Dev/Test: 1 week Production: 3 months
Security Do your security requirements and policies allow the usage of encrypted connections over the internet to connect to AWS or mandate the usage of private network connections? Dev/Test: Site-to-Site VPN acceptable Production: private network required
When leveraging private network connections, does the network layer have to provide encryption in transit? No, application layer encryption will be used.
SLA Is hybrid connectivity SLA with service credits required? (yes/no) Dev/Test: No Production: Yes
What is the uptime target? (e.g., 99.9%) Dev/Test: N/A. Production: 99.99%
Does the entire hybrid network adhere to the uptime target? (yes/no) Dev/Test: N/A. Production: Yes.
Performance What is the required throughput? (e.g., 10 Gbps symmetric) Dev/Test: 100 Mbps Production: 500 Mbps growing to 2 Gbps
What is the maximum acceptable latency between AWS and on-premises network? (e.g., under 10 ms at p99) Dev/Test: no hard requirements. Production: less than 30 msec.
What is the maximum acceptable network variance (jitter)? Dev/Test: no hard requirements. Production: minimum jitter required.
Cost How much data would you send to AWS per month? Dev/Test: 2 TB Production: 20 TB growing to 50 TB
How much data would you send from AWS per month? Dev/Test: 1 TB Production: 10 TB growing to 25 TB
Is this connectivity permanent? Yes

Table 1 – Example Automotive Corp connectivity type requirements

Based on requirements received, the architecture team followed the connectivity type decision tree from Figure 1. The decision tree allowed the architecture team to decide on the connectivity type for the development and test environment as well as for the production environment.

For the production environment, they considered the immediate as well as the upcoming requirements. As illustrated in Figure 1, for development and test, Example Corp. Automotive will establish a site-to-site VPN over the internet. For production they are going to work with a service provider to connect their corporate network with Direct Connect. Example Corp. Automotive initially considered using a Direct Connect Hosted Connection. However, due to the requirements for an AWS provided SLA, they selected Direct Connect Dedicated Connections.


      Example Corp. Automotive decision tree

Figure 1 – Example Corp. Automotive connection type decision tree

After deciding on the connectivity type, the next step is to capture the requirements that impact the connectivity design selection. This is related to the logical design, such how the connections are configured and which AWS services to use in order to support business and technical requirements.

To capture the scalability and communication model requirements, the architecture team used the requirement definition questions from the associated sections of this whitepaper. The requirements related with those two considerations are summarized in the following table.

Connectivity design selection considerations Requirement definition questions Answers
Scalability What is the current or anticipated number of VPCs which require connectivity to on-premises sites? 2 initially, growing to 30 in 6 months
Are these VPCs deployed in a single AWS Region or multiple Regions? Single Region
How many on-premises sites need to be connected to AWS? 2 data centers
How many customer gateway devices (e.g., routers) do you have, per site, that need to connect to AWS? 2 routers per data center
How many routes are expected to be advertised to AWS VPCs as well as the number of expected routes to be received from AWS side? Routes to be advertised to AWS: 20 routes. Routes to be received from AWS: 1 /16 route.
Is there any plan to consider bandwidth increase of the connection to AWS, in the near future? Dev/Test: 100 Mbps. Production: 500 Mbps growing to 2 Gbps.
Connectivity Design Models Is there a requirement for inter-VPC communication to be enabled (within a Region and/or across Regions)? Yes, within an AWS Region
Is there a requirement to access AWS public endpoints services directly from on-premises? Yes
Is there a requirement to access AWS services using VPC endpoints from on-premises? No

Table 2 – Example Corp. Automotive connectivity design inputs

Based on inputs, the architecture team followed the decision tree in the Connectivity Design Model, shown in the preceding table. After anticipating that the number of VPCs are going to grow from 2 to 30 in the next six months, the architecture team decided to use AWS Transit Gateway as the termination gateway for the connection as well as for inter-VPC routing. They’ll use independent AWS Transit Gateways to terminate the VPN connection used for development, testing, and the production connectivity with AWS Direct Connect.

The use of separate AWS Transit Gateways makes change management simpler and provides a clear demarcation between dev/test and production environments. For the production, AWS Direct Connect gateway is required due to AWS Transit Gateway. Public VIF will be used for access to AWS public endpoint services. Figure 2 illustrates the path taken on the decision tree based on requirements collected.

Path taken on the decision tree based on
        requirements collected

Figure 2 – Example Corp. Automotive connection design decision tree

After deciding on the solution to meet the scalability and communication model requirements, the next step is to capture the requirements associated with reliability. This is related with the required level of availability and resilience.

To capture the reliability requirements, the architecture team used the requirement definition questions from the associated section of this whitepaper. The requirements are summarized in the following table.

Connectivity design selection considerations Requirement definition questions Answers
Reliability What is the impact magnitude on the business in case of a connectivity failure to AWS? Dev/Test: Low. Production: High.
From a business point of view, does the cost following a connectivity failure to AWS outweigh the cost of deploying a highly reliable connectivity model to AWS? Dev/Test: No. Production: Yes.

Table 3 – Example Automotive Corp reliability inputs

Based on inputs received, the architecture team followed the decision tree from the reliability considerations sections covered previously in this whitepaper. After considering the uptime target of 99.99% for the production connectivity and the high business impact if a service interruption event were to happen, the architecture team decided to use two Direct Connect locations and have two links from each on-premises data center to each Direct Connect location (four links in total). The VPN connectivity used for development and testing will also use two VPN connections for additional redundancy. Using traffic engineering techniques, connectivity will be configured as follows:

  • For development and testing, traffic is going to be load balanced using ECMP over the two tunnels going to the primary data center. This allows for higher throughput. The tunnels going to the secondary data center will be used in case of failure of the primary tunnels.

  • For production, the latency between on-premises and AWS over either one of the direct connect locations is very similar. In this case, they decided to load balance the traffic between AWS and on-premises over the two connections going to the primary data center. Similarly, for on-premises systems running in the secondary data center, traffic is going to be load balanced between the two connections to the secondary data center. In case of failure of the connections, BGP will facilitate an automated failover.

Figure 3 illustrates the path taken on the decision tree based on requirements collected.

Path taken on the decision tree based on
        requirements collected

Figure 3 – Example Corp. Automotive reliability decision tree