A First Look at AWS Cloud WAN

A First Look at AWS Cloud WAN

We got exciting news from this year’s AWS re:Invent like every other year. For me, the top two were on the networking: AWS Cloud WAN and AWS Private 5G. I invited my friend Ogul Celiksoydan, a network consultant, to discuss these services in this article. First, we start by discussing AWS Cloud WAN. You can check out more about the latest re:Invent here.

Screenshot 2021-12-19 at 22.29.42.png

Kemal Cagin: Hi Ogul, welcome, and thanks for doing this!

Ogul: My pleasure, I was looking forward to it. Let’s start!

First things first, what are Wide Area Networks(WAN)? And in what cases do we use them?

WAN is a type of network that provides connectivity between geographically dispersed sites of an organization. It could be something as simple as a physical link leased from a Service Provider, but it can also be in the form of a VPN (Virtual Private Network) using the existing Internet connection as a transport.

Clear. How about AWS’s offering for the topic, AWS Cloud WAN ?

Cloud WAN is a managed global WAN service from AWS. It allows the customers to utilize the AWS backbone to connect multiple AWS workloads and branch sites all around the globe.

image.png

In which cases do we need AWS Cloud WAN?

Cloud WAN would be a great solution, especially for customers with multi-regional networks. This solution’s most critical use cases are end-to-end network segmentation and network automation.

Are there different components of this service? I mean, these can be hardware or software components/resources, etc.

AWS Cloud WAN has several components:

· AWS Network Manager: Central management and monitoring.

· Global Network: A container for all AWS Cloud WAN related network objects.

· Core Network: The AWS global network acts as the Customer WAN network.

· Core Network Policy: A JSON document that defines all the attributes of the Core Network.

· Attachment: is a network connected to the Core Network. It could be a VPC, VPN, or Connect attachment.

· Core Network Edge: The network object provides the connectivity for a region’s attachments. Very similar to AWS Transit Gateway.

· Segment: An isolated routing domain stretched over the Core network. Like the VRF in traditional networking.

Cloud-WAN-Figure-1.png

All right, and how will this service help us? What is the added value of using it?

· Easier segmentation: Instead of configuring multiple Transit Gateways per region and additional Transit Gateway Peerings for each new segment, we configure a single Core Network.

· Dynamic routing: The routing in the Core Network is dynamic as opposed to the static routing over Transit Gateway Peerings

· Central management and automation: The entire Core Network is configured and monitored from a single place, with the ability to define policies to automate the addition of attachments.

· We can still use the centralized ingress/egress/inspection VPCs and similar scenarios with Transit Gateways.

How would you describe AWS Cloud WAN with one word?

Segmentation!

And why is that?

Carrying multiple isolated segments over the WAN has always been a challenge for the customers. AWS not only provides us with the means to do that in a simple way, but it also allows us to define the policy between these segments, which can cover both VPCs and on-prem connections.

Sounds great! But, are there any requirements or prerequisites to use AWS Cloud WAN?

As of this writing, AWS Cloud WAN is in preview release and supported in ten regions. Although Cloud WAN doesn’t support AWS Transit Gateway and AWS Direct Connect attachments during the preview, they announced support for the general availability release.

And what kind of AWS customers might use this service?

Global Enterprises with on-prem and cloud resources on multiple virtual networks and regions would benefit most from the AWS Cloud WAN.

When I listened to Dr. Werner Vogels’ Keynote announcing AWS Cloud WAN, I saw a slide listing AWS Cloud WAN Partners. Who are those partner companies, and what are their roles?

Service providers, system integrators, and vendors (SD-WAN and Security) have been working hard to add AWS Cloud WAN compatibility/support to their portfolio. Vendors are the crucial piece of the puzzle, and they have already started publishing design guides. I believe most of them will also develop (or already did) a single integrated workflow to deploy SD-WAN using the AWS Cloud WAN as a backbone.

image.png

Is AWS Cloud WAN good news for Service Providers or SD-WAN Partners?

Now that AWS focuses on networking, we know AWS will deliver innovative services and features, like AWS Private 5G. So maybe it is not the best news for Service Providers, but positive news for SD-WAN partners. Cloud WAN is not an SD-WAN solution; therefore, AWS is not competing with the partners. Here AWS leverages its partners, which can be growing business for both sides.

Many people were surprised because AWS started to focus more on networking in the past few years. So what is AWS aiming for, and what should we expect next?

AWS has made numerous vital developments on its networking services lately, and Cloud WAN is a clear advancement on a specific front that we call the “middle-mile.” Of course, we still need vendors for traditional WAN/SD-WAN appliances and service providers for at least first-mile access (the physical link coming to the site). However, a big part of the network remains in the middle, and AWS wants to provide this part as a service to the customers.

Therefore, AWS wants us to enter its network as soon as possible. I believe there will be improvements in this area, e.g., increasing the number of local zones supporting AWS Direct Connect was one such announcement made in the re:Invent.

Very interesting. And we can use AWS Cloud WAN with which other AWS Services?

AWS Cloud WAN needs attachments to operate. These attachments can be in VPC, VPN, or Direct Connect (planned for the future). So, these are the services we can use together with Cloud WAN.

It is worth noting that during the re:Invent, AWS also announced a new feature for the Direct Connect called SiteLink. It allows the traffic to flow from one DX location to another connected to the same Direct Connect Gateway, bypassing AWS Regions (enabled per Virtual Interface). Direct Connect attachments for AWS Cloud WAN are planned for the future, but this is another sign that AWS takes the middle-mile provider role seriously. SiteLink can be considered a complementary feature for AWS Cloud WAN.

image.png

My final question. What kind of opportunities will this service create? And are these also valid for potential new AWS customers?

AWS Cloud WAN allows the customers to quickly build a global network for multi-regional cloud and on-prem workloads while maintaining the segmentation end-to-end. Even with no cloud workloads, customers can still use AWS Cloud WAN and Direct Connect with SiteLink, to connect their on-prem resources over a managed global WAN service with multiple routing domain support.

All sound quite exciting Ogul, thanks for your input and comments on AWS Cloud WAN. Shall we discuss AWS Private 5G service next?

For sure, we should! Thanks for inviting me.

The service itself looks very interesting, and we are looking forward to using it and listening to other people’s use cases. See you in the next ones!

All image credits: Amazon