Example Corp. Automotive use case - Hybrid Connectivity

Example Corp. Automotive use case

This section of the whitepaper demonstrates how the considerations, requirement definition questions, and decision trees are used to help you decide on the optimal hybrid network design. Identifying and capturing requirements is important since they are used as input to the decision trees. Capturing requirements upfront avoids further design iterations. Halting a project altogether if the design must be revisited and having valuable resources on hold can be minimized and ideally avoided when requirements are understood upfront.

Example Corp. Automotive will be used throughout this section as the illustrative customer. They are looking to initially deploy their first analytics project on AWS. The analytics project is focused on analyzing data from cars manufactured by the company and other datasets that already exist in the company’s data centers. Initially, the company’s architecture group thinks that they will need an AWS account, an Amazon VPC, and few subnets to host production, and development environments. Project team is eager to get started and they requested development environment access as soon as possible. They aim to go in production in 3 months from now.

Example Corp. Automotive also plans to use AWS for several additional projects, such as migrating their ERP systems, Virtual Desktop Infrastructure (VDI), and another 20 applications from on-premises to AWS over the next 6 months. Some of the requirements for additional projects are still being defined, but it’s clear that their AWS Cloud usage is going to grow.

The architecture team decided to leverage the approach outlined in this whitepaper. They used the requirement definition questions outlined under each consideration to capture the inputs to make their design decisions.

They start with requirements related to the connectivity type which are summarized in the table below.

Table 2 – Example Automotive Corp connectivity type requirements

Connectivity type selection considerations Requirement definition questions Answers
Time to Deploy What is the required timeline for the deployment? Hours, days, weeks, or months? Dev/Test: 1 week Production: 3 months
Security Do your security requirements and policies allow the usage of encrypted connections over the internet to connect to AWS or mandate the usage of private network connections? Dev/Test: Site-to-Site VPN acceptable Production: private network required
When leveraging private network connections, does the network layer have to provide encryption in transit? No, application layer encryption will be used.
SLA Is hybrid connectivity SLA with service credits required? (yes/no) Dev/Test: No Production: Yes
What is the uptime target? (e.g. 99.9%) Dev/Test: N/A. Production: 99.99%
Does the entire hybrid network adhere to the uptime target? (yes/no) Dev/Test: N/A. Production: Yes.
Performance What is the required throughput? (e.g. 10Gbps symmetric) Dev/Test: 100 Mbps Production: 500Mbps growing to 2Gbps
What is the maximum acceptable latency between AWS and on-premises network? (e.g. under 10ms at p99) Dev/Test: no hard requirements. Production: less than 30 ms.
What is the maximum acceptable network variance (jitter)? Dev/Test: no hard requirements. Production: minimum jitter required.
Cost How much data would you send to AWS per month? Dev/Test: 2TB Production: 20TB growing to 50TB
How much data would you send from AWS per month? Dev/Test: 1TB Production: 10TB growing to 25TB
Is this connectivity permanent? Yes

Based on requirements received the architecture team followed the connectivity type decision tree from Figure 6 (found in connectivity type selection summary section). It allowed the architecture team to decide on the connectivity type for the development and test environment as well as for the production environment. For the production environment, they considered the immediate as well as the upcoming requirements. As illustrated on the Figure 17, for development and test Example Corp. Automotive will establish a site to site VPN over the internet. For production they are going to work with a service provider to connect their corporate network with AWS Direct Connect. Example Corp. Automotive initially considered using a Direct Connect Hosted Connection, however due to the requirements for an AWS provided SLA they selected Direct Connect Dedicated Connections.

Figure 17 – Example Corp. Automotive connection type decision tree

After deciding on the connectivity type, the next step is to capture the requirements which impacts the connectivity design selection. This is related with the logical design, such how the connections are configured and which AWS services to use to support business and technical requirements.

To capture the scalability and communication model requirements the architecture team used the requirement definition questions from the associated sections of this whitepaper. The requirements related with those two considerations are summarized on the table below.

Table 3 – Example Corp. Automotive connectivity design inputs

Connectivity design selection considerations Requirement definition questions Answers
Scalability What is the current or anticipated number of VPCs which require connectivity to on-premises sites? 2 initially, growing to 30 in 6 months.
Are these VPCs deployed in a single AWS Region or multiple Regions? Single Region.
How many on-premises sites need to be connected to AWS? 2 data centers.
How many customer gateway devices (e.g. routers) you have, per site that need to connect to AWS? 2 routers per data center.
How many routes are expected to be advertised to AWS VPCs as well as the number of expected routes to be received from AWS side? Routes to be advertised to AWS: 20 routes. Routes to be received from AWS: 1 /16 route.
Is there any plan to consider bandwidth increase of the connection to AWS, in the near future? Dev/Test: 100 Mbps. Production: 500Mbps growing to 2Gbps.
Connectivity Design Models Is there a requirement for inter-VPC communication to be enabled (within a Region and/or across Regions)? Yes, within an AWS Region.
Is there a requirement to access AWS public endpoints services directly from on-premises? Yes.
Is there a requirement to access AWS services using VPC endpoints from on-premises? No.

Based on inputs, the architecture team followed the decision tree from on section XXX (Connectivity Design Model). After anticipating that the number of VPCs is going to grow from 2 to 30 in the next 6 months, the architecture team decided to use AWS Transit Gateway as the termination gateway for the connection as well as for inter-VPC routing. Independent AWS Transit Gateways will be used to terminate the VPN connection used for development and testing and the production connectivity with AWS Direct Connect. The usage of separated AWS Transit Gateways makes change management simpler and provide a clear demarcation between dev/test and production environments. For the production, AWS Direct Connect gateway is required due to AWS Transit Gateway. Public VIF will be used for access to AWS public endpoint services. Figure 18 illustrates the path taken on the decision tree based on requirements collected.

Figure 18 – Example Corp. Automotive connection design decision tree

After deciding on the solution to meet the scalability and communication model requirements, the next step is to capture the requirements associated with reliability. This is related with the required level of availability and resilience.

To capture the reliability requirements the architecture team used the requirement definition questions from the associated section of this whitepaper. The requirements are summarized in the table below.

Table 4 – Example Automotive Corp reliability inputs

Connectivity design selection considerations Requirement definition questions Answers
Reliability What is the impact magnitude on the business in case of a connectivity failure to AWS? Dev/Test: Low. Production: High.
From business point of view, is the cost following a connectivity failure to AWS, overweighs the cost of deploying a highly reliable connectivity model to AWS? Dev/Test: No Production: Yes.

Based on inputs received the architecture team followed the decision tree from the reliability considerations sections covered previously on this whitepaper. After considering the uptime target of 99.99% for the production connectivity and the high business impact if there was a service interruption, the architecture team decided to use 2 Direct Connect locations and have 2 links from each on-premises data center to each Direct Connect location (4 links in total). The VPN connectivity used for development and testing will also use two VPN connections for additional redundancy. Using route engineering techniques discussed in the reliability section, connectivity will be configured as follows:

  • For development and testing, traffic is going to be load balanced using ECMP over the 2 tunnels going to the primary data center. This allows for higher throughput. The tunnels going to the secondary data center are going to be used in case of failure of the primary tunnels.

  • For production, the latency between on-premises and AWS over either one of the direct connect locations is very similar. In this case, it has been decided to load balance the traffic between AWS and on-premises over the two connections going to the primary data center for the on-premises systems deployed in the primary data center. Similarly, for on-premises systems running in the secondary data center traffic is going to be load balanced between the two connections to the secondary data center. In case of failure of the connections BGP will facilitate an automated failover.

Figure 19 illustrates the path taken on the decision tree based on requirements collected.

Figure 19 – Example Corp. Automotive reliability decision tree