Unit 1: Network Design Study Guide

This guide covers Domain 1 of the AWS Certified Advanced Networking - Specialty (ANS-C01) exam, focusing on edge networking, global traffic management, load balancing, and hybrid connectivity strategies.

Learning Objectives

After studying this unit, you should be able to:

• Design global architectures using AWS edge services (CloudFront, Global Accelerator) to optimize performance.
• Select appropriate ELB types (ALB, NLB, GWLB) based on protocol, layer, and application requirements.
• Implement hybrid routing between on-premises environments and AWS using BGP and Direct Connect.
• Configure API Gateway for managed API communication and security.
• Analyze traffic management patterns to reduce latency and increase availability for global users.

Key Terms & Glossary

• Edge Location: A site that CloudFront uses to cache copies of your content for faster delivery to users at any location.
• Regional Edge Cache: An intermediate cache layer between the edge location and the origin to improve cache hit ratios.
• Anycast IP: A routing method where multiple endpoints share the same IP address; traffic is routed to the "closest" endpoint via BGP.
• TTL (Time to Live): A value that determines how long a file remains in the cache before CloudFront checks the origin for updates.
• SSL/TLS Termination: The process of decrypting encrypted traffic at the edge or load balancer to reduce the processing load on backend servers.

The "Big Idea"

The core philosophy of AWS Network Design is decoupling and proximity. By moving logic and data as close to the user as possible (the "Edge") and abstracting backend complexity through Load Balancers and API Gateways, you create a system that is both globally performant and locally resilient. This shift moves traffic from the unpredictable public internet onto the managed AWS global backbone as early as possible.

Formula / Concept Box

Hierarchical Outline

• I. Edge Networking Services
  • Amazon CloudFront
    • Architecture: Uses Edge Locations and Regional Edge Caches.
    • Security: Integrated with AWS WAF and Shield for DDoS protection.
    • Invalidation: Manual clearing of cached content before TTL expires (costs apply).
  • AWS Global Accelerator
    • Mechanism: Uses static Anycast IP addresses.
    • Benefit: Routes traffic over the AWS global network instead of the public internet.
• II. Elastic Load Balancing (ELB)
  • Application Load Balancer (ALB): Content-based routing (path/host headers).
  • Network Load Balancer (NLB): Static IP support; handles millions of requests/sec.
  • Gateway Load Balancer (GWLB): Simplifies deployment of 3rd party appliances.
• III. API Management & Hybrid Connectivity
  • API Gateway: REST/WebSocket support; throttling and authorization.
  • Routing Strategies: Using BGP (Border Gateway Protocol) for dynamic path selection between on-prem and VPCs.

Visual Anchors

CloudFront Traffic Flow

Anycast Routing Visualized

\begin{tikzpicture}[node distance=2cm, every node/.style={draw, fill=blue!10, rounded corners}] \node (User1) [fill=green!10] at (0,4) {User in NY}; \node (User2) [fill=green!10] at (8,4) {User in Tokyo}; \node (Anycast) [circle, fill=orange!20] at (4,2.5) {Anycast IP: 1.2.3.4}; \node (Edge1) at (0,1) {US-East Edge}; \node (Edge2) at (8,1) {AP-Northeast Edge}; \draw[->, thick] (User1) -- (Anycast); \draw[->, thick] (User2) -- (Anycast); \draw[->, dashed] (Anycast) -- (Edge1) node[midway, left] {Shortest Path}; \draw[->, dashed] (Anycast) -- (Edge2) node[midway, right] {Shortest Path}; \end{tikzpicture}

Definition-Example Pairs

• Invalidation: The process of removing a file from CloudFront edge caches before its expiration date.
  • Example: After updating a style.css file on your origin, you issue an invalidation for /* so users see the new theme immediately rather than waiting 24 hours.
• Custom Routing Accelerator: A type of Global Accelerator that allows you to direct multiple users to a specific EC2 destination based on port mapping.
  • Example: A multiplayer gaming application where specific groups of players must land on the same game-server instance (IP:Port).

Worked Examples

Scenario: Choosing the Right Load Balancer

Requirement: A fintech application requires a load balancer that can handle millions of volatile TCP requests per second and must provide a single static IP address for the client's firewall whitelist.

Step-by-Step Breakdown:

1. Analyze Protocol: The requirement specifies "TCP." This rules out ALB (which is optimized for HTTP/S).
2. Analyze Performance: "Millions of requests per second" suggests the need for the high-performance throughput of a Layer 4 balancer.
3. Analyze IP Requirement: ALB uses DNS names and changing IPs. NLB provides a static IP per Availability Zone.
4. Conclusion: Network Load Balancer (NLB) is the correct choice because it supports static IPs and Layer 4 TCP performance.

Checkpoint Questions

1. What is the primary difference between a CloudFront Edge Location and a Regional Edge Cache?
2. Why would a network architect choose Global Accelerator over CloudFront for a non-HTTP application?
3. At which OSI layer does the Gateway Load Balancer operate?
4. How does BGP influence traffic in a hybrid AWS/On-premises environment?

▶Click to see answers

1. Edge Locations are closest to users for immediate delivery; Regional Edge Caches sit between them and the origin to avoid hitting the origin too often for unpopular content.
2. Global Accelerator provides a performance boost for non-HTTP traffic (TCP/UDP) using Anycast IPs, whereas CloudFront is primarily for content delivery (caching).
3. Layer 3 (Network Layer) and Layer 4 (Transport Layer).
4. BGP (Border Gateway Protocol) allows for dynamic path advertisement, enabling features like failover and load sharing across multiple Direct Connect or VPN connections.

Muddy Points & Cross-Refs

• CloudFront vs. Global Accelerator: This is a common point of confusion. Remember: CloudFront = Caching (Static/Dynamic content). Global Accelerator = Path Optimization (No caching; moves packets onto the AWS fiber network).
• BGP Attributes: For the exam, you must understand how Local Preference and AS-Path Prepending influence how traffic enters and leaves your AWS environment. See Unit 2 for implementation details.

Comparison Tables

ELB Comparison Matrix