Learn how to extend AWS VPC to on-premise locations using Big Network's Edge Lite. This guide provides insights into different methodologies, cost considerations, and the benefits of our solution for seamless and secure connectivity.
If your organization is looking to migrate centralized workloads to Amazon Web Services (AWS) for IoT-related use cases to the Cloud, but remote network access appears to be problematic, Big Network has the solution you need. The solution uses our Edge Lite to allow modernization of the infrastructure stack while maintaining an Ethernet handoff to devices in the field. So how can you do it?
First, let’s talk about Edge Lite. Edge Lite combines SD-WAN, mesh overlay, VPP, DPDK, and more to extend a network to anywhere and bring the power of the cloud to physical ports in any location of your choice. This combination of capabilities allows you to use Edge Lite to extend AWS VPC on-premise.
Let’s consider the case of a remote video surveillance network with these three major components:
For the purpose of this blog, we will focus on the Network from Surveillance Camera to Network Video Recorder. First, we need to assume that the NVR platform is being hosted in an AWS VPC and these other requirements:
For each of these methodologies, you will also first need to create a cloud network.
The alternative to SD-WAN-based solutions would be a type of private network using technologies such as private line, MPLS, or Carrier Ethernet services. For a network of video surveillance cameras, these solutions can often prove cost prohibitive for deployment.
Traditional, IPSEC-based connections are also an option, but they come with hidden costs. For example, according to recent AWS documentation, customers are charged $36/mo for IPSEC connectivity using AWS Site-to-Site VPN. In addition, to use IPSEC, the Internet connection on premise may also require a static IP address, which can often add another $10/mo to costs.
The Big Network solution doesn’t require the use of IPSEC, which effectively removes the need for those Static IP addresses at your premise site. This means that connections from the AWS VPC to the premise site are automatically discovered via Big Network, even when they’re deployed behind Network Address Translation, or NAT, and Carrier Grade NAT, or Carrier Grade NAT.
Now that we have set the background and discussed the trade offs, there are three methodologies for deploying an AWS VPC extension to Edge Lite:
First, we will look at the non-redundant layer 2 connection methodology. A simple cloud network is first defined to provide non-redundant Layer 2 connections from the premise to the VPC.
Devices on premise can now be deployed to connect to the Edge Lite LAN port via a Layer 2 switch!
If we could not renumber existing IP space on-premise or find a compatible range, using a Layer 3 connection can help. Let’s next assume an existing on-premise Layer 3 switch. The uplink for this device should be a routed switch port connected to the LAN side of the Edge Lite, and the Layer 3 switch should be given an interface address in the range of the cloud network.
Unlike the first methodology, your cloud network will now be used to provide a point-to-point or sets of point-to-multipoint connections to a Layer 3 switch deployed at the premise.
Now we can bring in Edge Lite, which can be deployed at the premise using our standard on-boarding procedure. It is configured with a Local Network to bridge the cloud network to the LAN interface. To make it more convenient, you can also deploy an Edge Dashboard to provide a point of ICMP monitoring for your Edge device.
Like the last methodology, cloud networks here are used to provide a point-to-point or sets of point-to-multipoint connections to a Layer 3 switch deployed at your premise. This time, though, we will use 2 cloud networks, 2 EC2 instances running the Headless Linux Client, and 2 Edge Lites per site to build full redundancy.
2 Edge Lites are deployed at the premise using our standard onboarding process: One Edge Lite is configured with a Local Network to bridge the PRIMARY cloud network to the LAN interface and a second Edge Lite is configured with a Local Network to bridge the BACKUP cloud network to the LAN interface. This means that services like Local Breakout and DHCP aren’t needed! To make it more convenient to use, you can also deploy an Edge Dashboard to provide a point of ICMP monitoring for your Edge Devices.
2 Uplink WAN ports are also defined at the existing on-premise Layer 3 switch, which are routed switch ports connected to the LAN side of an Edge Lite. Make sure to give the PRIMARY WAN port an interface address in the range of the PRIMARY Cloud Network and the BACKUP WAN port an interface address in the range of the BACKUP Cloud Network.
Even further, multiple Edge Lites can be joined to the same cloud network for scale to join multiple locations, and each one will receive IP addresses from their relevant cloud networks.
With our solution, you can easily extend AWS VPC to on-premise with Big Network’s Edge Lite. Looking to learn more about this solution? Give our Configuration Guide a read to learn how to implement the full solution. Ready to get started? Sign up for an account!
