re:Invent 2023 Networking Session Summaries

We know that watching all the re:Invent session videos can be a daunting task, but we don't want you to miss out on the gold that is often found in them! In this blog, you can find quick summaries of all the 300 and 400 level sessions, grouped by track. Enjoy!

NET306 Advanced VPC designs and new capabilities

The AWS re:Invent 2023 session "Advanced VPC designs and new capabilities (NET306)" provided a comprehensive look into the latest developments in Amazon Virtual Private Cloud (VPC) and related networking services. The session, led by senior AWS personnel Matt Lewis and Alex, celebrated Matt's 10th anniversary at Amazon and his 8th year presenting at the event. They began by acknowledging the diversity of their audience, ranging from beginners to experts in VPC knowledge, and proceeded to balance foundational concepts with advanced architectural insights.

The discussion delved into various aspects of VPC management, highlighting Amazon's efforts to simplify and enhance user experience. They touched upon IP address management, emphasizing its importance due to public IPv4 address exhaustion and the complexities of managing large enterprise networks with multiple VPCs. The introduction of new features like Amazon VPC IP Address Manager (IPAM) and its free tier offering was highlighted. The session also covered advancements in IPv6 address management and its benefits in terms of address summarization and efficient routing. They emphasized the significance of having contiguous IPv6 Ciders for regional deployments, aiding global expansion and cost optimization.

The latter part of the session focused on advanced VPC networking, including the integration of various AWS services and features like Transit Gateway, Direct Connect, and Cloud WAN for scalable, secure, and efficient networking. They detailed the use of Transit Gateway for connecting thousands of VPCs, the improvements in Direct Connect for optimized hybrid connectivity, and the introduction of Cloud WAN for leveraging AWS's global backbone for private connectivity. The session also covered the advent of application networking, discussing Elastic Load Balancing, Amazon VPC Lattice for zero-trust service-to-service communication, and the integration of AI in networking, especially in large language model training, showcasing AWS's commitment to continuous innovation in cloud networking technologies.

AWS re:Invent 2023 - Advanced VPC designs and new capabilities (NET306)

NET310 Ready for what’s next? Designing networks for growth and flexibility

The AWS re:Invent 2023 session "NET310" focused on designing scalable and flexible networks. The session, led by Sid, a principal solutions architect at AWS, and Ben, a principal network engineer at Sonos, emphasized the importance of creating networks that can adapt to the growing number of applications with varying requirements. They discussed challenges such as handling high throughput applications, isolating and securing a large number of applications with different networking needs, and managing networks across business units with global considerations.

Sid outlined the use of AWS services like EC2, load balancing, Transit Gateway, and AWS Cloud WAN for network connectivity at scale. The session delved into network design strategies, addressing issues like the optimal number of Virtual Private Clouds (VPCs), network address usage (NAU), and VPC sharing techniques. Sid stressed the importance of getting the VPC design right to avoid scalability challenges. He also introduced AWS services like Transit Gateway and Cloud WAN, comparing their features, operational aspects, and performance capabilities. The discussion included advanced scenarios for SD-WAN connectivity and segment extensions, highlighting the benefits of dynamic routing and the newer tunnel-less connect feature.

Ben from Sonos shared their network journey with AWS Cloud WAN, detailing the transition from an On-Prem system to a more scalable Cloud solution. He highlighted the advantages of Cloud WAN, including its global reach, interoperability with other Clouds and SD-WAN, and the ability to connect hundreds of VPCs efficiently. Ben also mentioned the operational benefits, cost-effectiveness, and security improvements that came with using Cloud WAN. The session concluded with both speakers urging the audience to explore AWS networking services and to complete a survey for feedback.

AWS re:Invent 2023 - Ready for what’s next? Designing networks for growth and flexibility (NET310)

NET318 Enhance your app’s security & availability with Elastic Load Balancing

AWS re:Invent 2023 featured a comprehensive presentation on enhancing app security and availability with Elastic Load Balancing. The talk, led by John Zob and Satya Ramos, delved into two primary topics: availability and security. They discussed the internal mechanisms of AWS, focusing on how they approach these aspects and how these strategies have been integrated into their products. The session highlighted the use of icons to denote different sections, like internal details, feature launches, design considerations, and links to documentation. The presentation aimed to equip attendees with a thorough understanding of AWS's approach to availability and security and how to leverage new features launched over the past year.

The first part of the presentation, led by John Zob, focused on availability. He explained how Elastic Load Balancers scale to support any size workload and discussed the importance of over-provisioning and scaling strategies. He introduced the concept of scaling up aggressively and scaling down cautiously to handle traffic patterns efficiently. Zob also emphasized the significance of health checks in maintaining system reliability. He introduced new features like target group fail-open and DNS failover thresholds, along with cross-zone load balancing, all designed to enhance system availability and resilience. The segment also covered best practices for scaling and configuration to ensure smooth operations.

Satya Ramos took over the second part, discussing security aspects in detail. The segment began with a focus on IP-based access controls and the importance of using security groups in the control and data planes for efficient traffic filtering. Ramos highlighted the importance of encryption in transit, with AWS's own TLS library, s2n, being a key component in ensuring secure data transmission. He also introduced the support for Mutual TLS on ALB, enabling secure client authentication. The talk then shifted to configuration correctness, emphasizing the use of IAM policies to prevent misconfigurations. Finally, Ramos discussed extending defense in depth with third-party solutions, particularly highlighting the Gateway Load Balancer's role in integrating third-party security appliances and providing detailed use-case scenarios.

AWS re:Invent 2023 - Enhance your app’s security & availability with Elastic Load Balancing (NET318)

NET319 Adding AWS (backbone) to your network

The AWS re:Invent 2023 session "Adding AWS Backbone to Your Network (NET319)" focused on how businesses can integrate AWS's extensive backbone network into their operations. The session was geared towards cloud infrastructure engineers, network engineers venturing into the cloud, and those curious about networking. The presenters discussed the AWS backbone infrastructure, the core principles guiding its construction, and overlay services that leverage this infrastructure. They emphasized common patterns seen in customer use cases, showcasing how various AWS networking services and tools can be effectively combined to architect optimal solutions for different business needs.

One of the highlights of the session was a case study shared by a customer, illustrating how they modernized their network using AWS networking services. This real-world example demonstrated the tangible benefits of transitioning to AWS’s networking solutions, emphasizing improvements in areas like scalability, performance, and security. The session was considered advanced (level 300), assuming foundational knowledge in networking protocols and AWS concepts, but it also included refreshers on fundamental aspects to align all attendees.

Towards the end of the session, the speakers introduced new features and services, like tunnel-less connect and AWS Cloud WAN, explaining their role in simplifying global network management. They shared insights on reducing operational costs and improving network performance by migrating physical data center interconnectivity to AWS. The session concluded with an encouragement for attendees to explore hands-on workshops and provide feedback to shape future content, underlining AWS's commitment to customer-driven innovation in network services.

AWS re:Invent 2023 - Adding AWS (backbone) to your network (NET319)

NET321 How to control bots and help prevent account fraud using AWS WAF

The AWS re:Invent 2023 session titled "How to control bots and help prevent account fraud using AWS WAF (NET321)" discussed the capabilities of AWS WAF (Web Application Firewall) in managing bot traffic and preventing account fraud. The presenters, Chris and Nitin, highlighted the significance of distinguishing between beneficial and malicious bots, the latter posing various risks such as operational, security, and financial threats. AWS WAF offers a multifaceted security solution that evaluates requests to protect against common threats like cross-site scripting, SQL injection, and more, and is particularly effective in bot control and fraud detection.

AWS WAF can be configured to manage bots through Amazon managed rules, custom rules, and by using labels for fine-tuning detections. The session focused on AWS WAF's ability to handle common and targeted bots, the former managing good bots and the latter dealing with more evasive or malicious bots. Techniques like issuing challenges, collecting client telemetry, and using machine learning are employed to identify and block malicious bot activity. Additionally, AWS WAF's account takeover prevention and account creation fraud prevention functionalities were explained, showcasing how AWS WAF could block attacks like credential stuffing and fake account creation through request and response inspections.

Real-life scenarios were presented to illustrate the effectiveness of AWS WAF in different contexts. These included an online gaming company experiencing DDoS attacks, a travel website dealing with targeted bot attacks, and a mobile e-commerce app facing account takeovers. In each case, AWS WAF provided solutions like bot control challenges, optimization of traffic, and use of custom rules to mitigate attacks and reduce infrastructure impact. The session concluded with recommendations for AWS WAF configuration and an encouragement for attendees to explore further related sessions.

AWS re:Invent 2023 - How to control bots and help prevent account fraud using AWS WAF (NET321)

NET322 Evolve your web application delivery with Amazon CloudFront

In the AWS re:Invent 2023 presentation, the focus was on evolving web application delivery with Amazon CloudFront. CloudFront, AWS's Content Delivery Network Service, celebrated its 15th anniversary, showcasing its growth from 14 edge locations in 2008 to over 600 locations in over 100 cities and 50 countries by 2023. The service has continually expanded, adding features and regional edge caches to improve performance and reliability. The session highlighted the importance of caching, emphasizing its role in handling static, dynamic, and personalized content. AWS emphasized the need for caching strategies that consider content popularity, mutability, shareability, and efficient use of cache control headers.

Dynamic Content Acceleration, launched in 2012, was another key focus, highlighting AWS's efforts in optimizing connections, maintaining persistent connections to origins, and using the AWS Global Network for routing. The use of modern protocols like TLS 1.3 and HTP3 was also discussed, demonstrating their impact on reducing latency and improving performance. The session included a case study from Capital One, illustrating how they leveraged CloudFront functions for A/B testing in their Auto Navigator service. This approach led to significant improvements in performance, organic traffic, and user engagement, demonstrating the practical benefits of CloudFront's features.

The presentation also addressed security concerns, detailing how CloudFront integrates with AWS WAF for application security and how AWS manages threats at internet scale with services like Shield for DDoS protection. AWS's innovation in network architecture, including the introduction of Embedded PoPs for efficient content delivery and their own multi-threaded web server for the CDN, was showcased. This new architecture aims to improve performance and integrate with AWS services like CloudWatch and S3. The session concluded with a Q&A, reflecting AWS's commitment to evolving its CDN capabilities and addressing the dynamic needs of web application delivery.

AWS re:Invent 2023 - Evolve your web application delivery with Amazon CloudFront (NET322)

NET326 Amazon VPC Lattice architecture patterns and best practices

The presentation "Amazon VPC Lattice Architecture Patterns and Best Practices" at AWS re:Invent 2023, led by Justin Davies, a Product Manager at Amazon, focused on the Amazon VPC Lattice. The session began with a brief introduction and an audience interaction to understand their roles, emphasizing the diverse needs of admins and developers. Justin highlighted the conflict between the need for security and the desire for development freedom, stressing the importance of safely empowering developers. This set the stage for introducing Amazon VPC Lattice, a product aimed at simplifying application layer networking and bridging the gap between administrators and developers.

Amazon VPC Lattice, launched in March as a generally available product, is designed to make application development faster, simplify networking and connectivity, and enhance security and visibility. The service comprises four key components: Services, Service Networks, Auth Policies, and a Service Directory. Services in VPC Lattice are logical abstractions, not physical entities, and consist of listeners, rules, and target groups. The Service Network functions as a grouping mechanism, allowing services to be organized and associated with VPCs. Auth Policies enable the use of IAM resource policies at the service and service network level, providing a robust security model. The Service Directory offers a comprehensive view of all services created in an account and those shared with it. Justin explained the roles typically involved in configuring and using VPC Lattice, highlighting its flexibility and ease of use.

The session also covered common questions and answers, discussing topics like traffic flow through Amazon VPC Lattice, pricing, and whether VPC Lattice is solely for microservices (it's not). Top architecture patterns were showcased, including starting small with simple architectures, scaling up across multiple VPCs and accounts, addressing overlapping IP addresses and IPv6 migration, implementing centralized ingress, integrating with external connectivity solutions like AWS Global Accelerator, and adapting to serverless models. The talk concluded with resources for further learning and exploration of VPC Lattice, such as workshops, blogs, YouTube videos, and the Gateway API controller for Kubernetes integration.

AWS re:Invent 2023 - Amazon VPC Lattice architecture patterns and best practices (NET326)

NET327 Improve web application performance using AWS Global Accelerator

The AWS re:Invent 2023 session on improving web application performance using AWS Global Accelerator (NET327) was a comprehensive discussion led by Sean Meckley, General Manager of AWS Global Accelerator, and Satya, a software engineer at The Trade Desk. Meckley began by addressing the common challenges faced by engineers and developers in delivering web applications globally, such as internet unreliability, latency issues, and the complexity of deploying secure, highly available applications. He introduced AWS Global Accelerator as a solution designed to enhance application availability, security, and performance across the internet for global users.

Sean Meckley detailed the architectural resilience of AWS Global Accelerator, explaining its redundancy and cellular architecture for high availability. He described the service's ability to respond to impairments on the internet and within AWS itself, including automatic health checking and rerouting around failures. Meckley also covered the security features of AWS Global Accelerator, highlighting its ability to mitigate DDoS attacks closer to the source and reduce public exposure of applications. Satya then shared practical insights into how The Trade Desk utilizes AWS Global Accelerator for their ad bidding platform, emphasizing its role in managing network variations and ensuring smooth traffic handling during peak times.

The session concluded with an overview of recent AWS Global Accelerator updates, including full IPV6 support, client IP address preservation for network load balancers, cross-account support, and traffic dials for finer control over traffic distribution. These features, as Meckley pointed out, underscore AWS Global Accelerator's commitment to providing a stable and high-performance user experience, isolated from internet-related issues. Attendees were provided with resources for further exploration, including QR codes linking to documentation and cloud formation templates.

AWS re:Invent 2023 - Improve web application performance using AWS Global Accelerator (NET327)

Net328 Live video streaming with Amazon CloudFront and Peacock

This session at AWS re:Invent 2023, titled "Live Video Streaming with Amazon CloudFront and Peacock," featured Tal Shalom, Principal Product Manager for Amazon CloudFront, and Simon Rice, Senior Vice President of Solution Architecture at NBC Universal. They discussed the complexities and strategies involved in delivering live streaming content at scale. The session focused on the challenges of delivering live events, emphasizing the need for high-quality viewer experience, which encompasses factors like low latency, high video quality, and uninterrupted streaming. Simon shared insights into the Peacock platform's architecture, highlighting innovations in monetization and delivery optimization, and the use of Amazon CloudFront for efficient live event delivery.

The discussion also covered technical aspects of live streaming, such as the use of multi-tier caching strategies, the importance of high availability and resilience in content delivery networks (CDNs), and optimizing configurations for different types of streaming content. Tal and Simon emphasized the need for detailed planning and testing to ensure successful live event streaming, including choosing the right CDN provider based on geographical reach, capacity, API integration, and financial considerations. Simon provided a detailed overview of Peacock's approach to selecting CDN providers, managing traffic distribution, and ensuring optimal performance and reliability for live sports streaming.

The session concluded with a focus on the importance of analytics and real-time data for monitoring and improving the streaming experience. They introduced AWS’s media event management team, which supports customers in planning, executing, and analyzing high-scale live events. This team helps customers optimize settings for low latency streaming, secure content delivery, and ad insertion. They stressed the value of early engagement with AWS services and the benefits of AWS’s complementary services in planning and executing massive live sporting events. The session ended with an invitation for further questions and a reminder to complete a survey on the presentation.

AWS re:Invent 2023 - Live video streaming with Amazon CloudFront and Peacock (NET328)

NET401 AWS journey toward intent-driven network infrastructure

Stephen Callaghan, a senior principal engineer at Amazon Infrastructure Services, presented at AWS re:Invent 2023, focusing on AWS's journey towards an intent-driven network infrastructure. He elaborated on the feedback received from a previous presentation, which sparked a deeper exploration into current and future networking strategies. Callaghan emphasized the importance of high reliability and availability in AWS's network infrastructure, highlighting that his role encompasses a broad range of domains, from physical routers and switches to the software that maintains the network.

Callaghan discussed AWS's network evolution goals, including achieving higher availability, consistency, scalability, and operational efficiency. He addressed the challenges posed by increasingly complex networks, such as more device types, new topology types, and varied regional standards. AWS's approach involves owning hardware design, standardizing on single-chip network devices, and fully controlling the software stack. This strategy has led to innovations like simultaneous updates for all optics in a device and customized hardware for specific purposes.

The presentation concluded with an in-depth look at AWS's use of automated reasoning in network management. Automated reasoning helps to reason about large-scale network problems, ensuring robustness and preventing outages. By applying formal methods and exhaustive proofs, AWS can ensure that network configurations meet customer needs and specifications, leading to a more reliable and efficient network infrastructure. Callaghan encouraged feedback for future talks on AWS's infrastructure, highlighting the importance of understanding and improving the backbone and edge of the internet.

AWS re:Invent 2023 - AWS journey toward intent-driven network infrastructure (NET401)

NET402 Surviving overloads: How Amazon Prime Day avoids congestion collapse

This AWS re:Invent 2023 session, presented by Jim Raskind and Anki Chada, focused on how Amazon Prime Day avoids congestion collapse, a critical issue in large-scale networked systems. Jim Raskind, a distinguished engineer, shared insights into Amazon's approach to reducing compute costs and the importance of balancing cost reduction with the risk of underscaling, potentially leading to a "brown out" or underperformance. He emphasized the phenomenon of congestion collapse, where systems overloaded with requests lead to queues, eventually causing no productive work despite high resource utilization. Raskind illustrated this concept with real-world examples, including traffic jams and the Mother's Day phone network overload, and detailed his experiences in developing solutions like the Quick Protocol and contributions to Google Chrome's performance metrics.

Anki Chada's part of the talk dove into practical strategies to avoid congestion collapse using AWS tooling. He discussed the importance of monitoring for symptoms of congestion collapse using AWS CloudWatch, which tracks metrics like CPU utilization and disk reads/writes. Chada highlighted the importance of alerting infrastructure teams when these metrics exceed defined thresholds. He also touched on advanced metrics for networking, such as tracking packets per second and bandwidth usage, which are crucial in understanding potential network congestion. Furthermore, he explained how Amazon CloudFront, AWS WAF, and AWS Shield Advanced could help prevent malicious traffic from overwhelming systems.

The session concluded with a focus on testing methodologies to handle congestion collapse on AWS. Chada recommended creating a scaled-down model of applications for "crush testing," pushing them beyond their limits to identify weak links. He stressed the importance of using real-world traffic patterns and chaos engineering principles to simulate faults and high CPU scenarios. This approach helps in understanding the application's behavior under stress and ensures that operational processes are aligned with business needs. The session emphasized the critical balance between efficient resource utilization and maintaining system performance under high load conditions.

AWS re:Invent 2023 - Surviving overloads: How Amazon Prime Day avoids congestion collapse (NET402)

Conclusion

These are summaries of all the 300 and 400 level NET sessions.  We hope you found these helpful in both getting an overview of the new NET content as well as deciding which sessions to go watch.