1
00:00:00,970 --> 00:00:01,920
Hello and welcome.

2
00:00:02,130 --> 00:00:09,690
So last lecture about the VPC theoretical part and this is the direct connect basically and the high

3
00:00:09,690 --> 00:00:13,140
performance low latency high bandwidth connection.

4
00:00:13,140 --> 00:00:25,080
That is not Internet based between your VBC and E.W. us and your on premise headquarter branch offices

5
00:00:25,080 --> 00:00:29,870
or data centers basically or remote location that you need to connect your viewers.

6
00:00:30,110 --> 00:00:30,650
OK.

7
00:00:31,020 --> 00:00:34,290
So how does that look like.

8
00:00:34,300 --> 00:00:42,870
So here is your the PC and here is your remote location on the customer network or the on premise site

9
00:00:43,330 --> 00:00:49,500
that you would like to connect to your PC and you don't want.

10
00:00:49,490 --> 00:00:55,250
You are not interested in going over the Internet so the VPN connection here is not what you are targeting

11
00:00:55,260 --> 00:00:56,550
you are targeting.

12
00:00:56,550 --> 00:01:04,450
On the other hand a higher speed higher bandwidth less latency and higher performance connection.

13
00:01:04,680 --> 00:01:10,080
And of course the Internet can give you that cannot guarantee high speed or high performance all the

14
00:01:10,080 --> 00:01:17,780
time and cannot guarantee latency and hence its not the expected performance that you need.

15
00:01:17,790 --> 00:01:20,570
Why would you need that connection you could have.

16
00:01:20,610 --> 00:01:27,330
You may have a lot of traffic that you would like to exchange between your network and your VBC and

17
00:01:27,330 --> 00:01:30,960
it could be also that you are running some applications that are time sensitive.

18
00:01:30,960 --> 00:01:32,280
Basically they are not.

19
00:01:32,370 --> 00:01:40,410
They cannot tolerate the fluctuating latencies and light and jitters and all that on the Internet.

20
00:01:40,590 --> 00:01:43,660
But of course nothing nothing is for free on the Internet.

21
00:01:43,680 --> 00:01:50,850
Its quick to deploy it is cost effective but there are no guarantees on the performance on that day

22
00:01:50,870 --> 00:01:57,120
connect it takes more time there is a lead time to submit requests to submit requests to the partner

23
00:01:57,120 --> 00:02:05,640
providers that support that connect connection in order to lay down the connections to your premises

24
00:02:05,670 --> 00:02:13,530
and on the other side as we see now connected in the connect locations of AWOS and that to be mapped

25
00:02:13,590 --> 00:02:15,880
then to your VTC it takes time.

26
00:02:16,080 --> 00:02:21,200
So to hire performance and all that but if you have an immediate need you would like to do some testing.

27
00:02:21,360 --> 00:02:26,750
And you cannot wait then definitely VPN is the way to go because you don't have any other option.

28
00:02:27,270 --> 00:02:33,850
Or if you can your product can wait for a few weeks or few months even sometimes then be it.

29
00:02:33,870 --> 00:02:40,260
That would be the direction that we need to understand some new thing called E.W. direct connect location

30
00:02:40,260 --> 00:02:40,550
here.

31
00:02:40,590 --> 00:02:41,920
So what is it a mistake.

32
00:02:42,000 --> 00:02:43,080
Good question.

33
00:02:43,320 --> 00:02:49,710
Basically lets say in the U.S. I mean you have Equinix you have AT&amp;T you have horizon and you have other

34
00:02:49,710 --> 00:02:55,770
companies that can provide you sort of wide area network links so basically and to connect something

35
00:02:55,770 --> 00:03:05,540
in Dallas to something in lets say Austin in Texas or New York then thats a long distance connection

36
00:03:05,550 --> 00:03:07,820
we call it wide area network connection.

37
00:03:07,830 --> 00:03:15,480
Now some of these providers have been choosing or have gone into agreement and partnership with us in

38
00:03:15,480 --> 00:03:19,260
order to connect to the customer that their customers to us.

39
00:03:19,260 --> 00:03:20,620
How is that possible.

40
00:03:20,700 --> 00:03:27,050
There is location in between that will have provider X provider presence and its obvious presence.

41
00:03:27,180 --> 00:03:34,530
And this is called direct connect location by the way that connect or the X they are the x is a symbol

42
00:03:34,530 --> 00:03:36,870
or an acronym for data connect.

43
00:03:36,870 --> 00:03:46,320
So I have here provider partner provider rack and it track in the same data location so I will connect

44
00:03:46,380 --> 00:03:54,030
the customer router on the customer network I will connect connected to a customer out a provision by

45
00:03:54,030 --> 00:04:00,090
either by the customer or by the provider the partner provider Equinix or similar.

46
00:04:00,120 --> 00:04:05,820
So this could be a customer the customer can have a track here and then he gets the connection from

47
00:04:05,820 --> 00:04:14,580
the provider and the customer can own these two routers or they can be outsourced or least from the

48
00:04:14,580 --> 00:04:15,870
partner provider.

49
00:04:16,290 --> 00:04:18,360
So once they have this connection is that all.

50
00:04:18,360 --> 00:04:22,400
No I still need to connect to it as it is on the tracks.

51
00:04:22,500 --> 00:04:27,910
They will have what we call they connect routers like connect equipment.

52
00:04:28,110 --> 00:04:35,450
These data connect equipment are connected to back home to the different various regions all the different

53
00:04:35,460 --> 00:04:43,070
it is a very it is on in the region anyway they are connected to you of your environment from the outside.

54
00:04:43,170 --> 00:04:45,900
Now how can I connect this one with that one.

55
00:04:45,900 --> 00:04:52,540
This is AWOS responsibility this is the provide the responsibility and then either just works with the

56
00:04:52,540 --> 00:04:58,970
partner or with your daughter in order to cross-connect this route or this.

57
00:04:59,040 --> 00:05:04,520
So now the connection is complete from the customer out here all the way to the virtual gateway.

58
00:05:04,650 --> 00:05:07,330
I have this connection after I have this connection.

59
00:05:07,350 --> 00:05:08,570
What do I do.

60
00:05:08,880 --> 00:05:12,900
So this connection has to use something called sub interfaces.

61
00:05:12,900 --> 00:05:16,350
Those of you who are from MIT and from networking background probably they will understand what they

62
00:05:16,350 --> 00:05:18,340
mean but what are some interface.

63
00:05:18,350 --> 00:05:26,560
So basically if I have this connection now and then coming through the data connection and all the way

64
00:05:26,560 --> 00:05:35,080
to the VZW so I have this pipe and that pipe could be one gig could be a hundred million it could be

65
00:05:35,080 --> 00:05:36,250
10 gig.

66
00:05:36,640 --> 00:05:39,480
So basically it supports 1 gig and 10 gig.

67
00:05:39,490 --> 00:05:45,410
But on that you can have four speeds starting from 50 megabits per second hundred megabits per second

68
00:05:45,410 --> 00:05:46,070
and onwards.

69
00:05:46,120 --> 00:05:51,100
How can I use that how can I can figure that we use something called sub interfaces or basically channels

70
00:05:51,640 --> 00:05:54,090
on the pipe that you have.

71
00:05:54,250 --> 00:05:58,290
And this is supported via something called to do that one.

72
00:05:58,420 --> 00:06:07,030
Basically I split that to sub interfaces or villans what is a villain a villain is really when you send

73
00:06:07,030 --> 00:06:14,470
your packet or your frame you will have an identifier from the packet as it goes out from here and it

74
00:06:14,470 --> 00:06:20,440
passes through this hardware in order to ensure that it is received on the right channel here and this

75
00:06:20,440 --> 00:06:24,370
channel or this villain and that will and they are completely isolated from each other and they will

76
00:06:24,370 --> 00:06:26,500
have different IP addressing as well.

77
00:06:26,770 --> 00:06:32,300
And this is going all the way so that they are three IP addresses will be here and here.

78
00:06:33,290 --> 00:06:37,430
Now can I do a little to switching over this connection.

79
00:06:37,430 --> 00:06:40,780
The answer is no because there has to be an IP address here.

80
00:06:40,820 --> 00:06:45,320
There has to be an IP address here and you have to configure BGP routing.

81
00:06:45,470 --> 00:06:46,280
On top of them.

82
00:06:46,280 --> 00:06:46,920
Why.

83
00:06:47,060 --> 00:06:53,510
Because the user needs to talk about to send few subnets from the site across.

84
00:06:53,510 --> 00:07:00,440
And also the customer router needs to send some routes from here that they will exchange traffic with

85
00:07:00,800 --> 00:07:03,570
two instances or it services.

86
00:07:03,740 --> 00:07:05,930
So this has to be transmitted this way.

87
00:07:05,930 --> 00:07:07,910
This has to be transmitted that way.

88
00:07:07,910 --> 00:07:13,130
This is how the reader knows about the remote and this is how the customer router knows about the VPC

89
00:07:13,130 --> 00:07:13,700
site.

90
00:07:15,050 --> 00:07:19,090
They now have multiple types of these interfaces.

91
00:07:19,100 --> 00:07:26,390
These are by the way are called virtual interface or VI of yes you have two types you have public the

92
00:07:26,430 --> 00:07:32,890
highest and you have private the idea of what what they use public word or use or when doing with public

93
00:07:32,890 --> 00:07:34,130
windows private.

94
00:07:34,180 --> 00:07:43,930
If your intent is from here to try to reach to public services like what like S3 storage like glacier

95
00:07:44,020 --> 00:07:51,730
archiving if you want to get to the public services you have to use the green one here represents a

96
00:07:51,730 --> 00:08:00,250
public the IAF and this is villaine number two if you want to reach your VBC and VBC subnets then you

97
00:08:00,250 --> 00:08:06,100
go through a private VHF and this is the last one.

98
00:08:06,330 --> 00:08:09,480
What's the difference here on the public.

99
00:08:09,510 --> 00:08:16,820
You need to use public Internet through double IP addresses in this one you can use private IP addresses

100
00:08:16,830 --> 00:08:27,160
and usually it will allocate the private ones from the one 16:9 one 2:54 that X that x range to interface

101
00:08:27,270 --> 00:08:29,070
will tell you use this one.

102
00:08:29,070 --> 00:08:29,490
Why.

103
00:08:29,490 --> 00:08:33,990
Because they are also having that connect with other customers and they want to make sure that they

104
00:08:33,990 --> 00:08:40,350
don't confuse sending your traffic to another one because you have an overlapping 169 IP addresses.

105
00:08:40,350 --> 00:08:48,510
So that's why also it controls the IP address on the private lives on the public VISX using Internet

106
00:08:48,510 --> 00:08:54,360
Protocol IP addresses ensures that there will be no conflict between you and another customer because

107
00:08:54,360 --> 00:08:57,540
the Internet addresses cannot be duplicated.

108
00:08:57,570 --> 00:08:57,980
Right.

109
00:08:58,010 --> 00:09:02,280
That connect is a high performance low latency connection.

110
00:09:03,610 --> 00:09:09,950
VHF is nothing more than an 82 that one Cuvee land or basically a channel or something interference

111
00:09:09,980 --> 00:09:10,800
on the link.

112
00:09:12,640 --> 00:09:19,230
You need to have one private wires to connect to your PC and private subnet and we need the public VHF

113
00:09:19,240 --> 00:09:21,790
to connect to it as public services.

114
00:09:21,880 --> 00:09:29,420
You cannot do layer to over your data collection has to be there three and you have to use BGP.

115
00:09:29,430 --> 00:09:30,670
There is no choice there.

116
00:09:30,820 --> 00:09:37,900
And as in the VPN if I have here in that instance or that gateway in my public subnet not the private

117
00:09:37,900 --> 00:09:38,370
subnet.

118
00:09:38,410 --> 00:09:45,430
So they go through my I efforts through the internet gateway and then outside to the Internet.

119
00:09:45,430 --> 00:09:47,310
And the answer is no you cannot do that.

120
00:09:47,480 --> 00:09:51,320
High availability with directly availability of that connect.

121
00:09:51,460 --> 00:09:58,420
Basically what you can do is you can have one or more customer routers and then you can connect to multiple

122
00:09:58,420 --> 00:09:59,720
direct connections.

123
00:09:59,740 --> 00:10:06,700
They could be even through different provider partners or Equinix and AT&amp;T and then you connect to that

124
00:10:06,720 --> 00:10:12,640
they will connect you through different instances on your PC side case.

125
00:10:12,670 --> 00:10:18,220
That's how you achieve that and through BGP you can do active active so both connections can be active

126
00:10:18,220 --> 00:10:19,280
at the same time.

127
00:10:19,300 --> 00:10:21,210
Or you can do active passive.

128
00:10:21,220 --> 00:10:24,000
So basically one will be active the other one will not be active.

129
00:10:24,010 --> 00:10:27,350
And here's one example for that.

130
00:10:27,360 --> 00:10:32,910
So here I have two customer routers to dial connect connections.

131
00:10:32,910 --> 00:10:38,820
I can have them to two different direct connect locations and then they connect all their back all to

132
00:10:38,820 --> 00:10:40,740
that virtual private gateway.

133
00:10:40,820 --> 00:10:46,560
Of course this is again as I said I can do active active or active backup active standby.

134
00:10:46,800 --> 00:10:50,470
But this is an expensive redundancy.

135
00:10:50,610 --> 00:10:57,360
You can use it in case if you cannot afford if one connection fails you cannot afford to downgrade the

136
00:10:57,360 --> 00:11:00,200
performance or increase the latency on the connection.

137
00:11:00,420 --> 00:11:02,950
And that's why you go there to connect both ways.

138
00:11:02,960 --> 00:11:09,220
So to customers out there so that Internet connections and to connect locations and maybe we should

139
00:11:09,220 --> 00:11:09,890
be routing.

140
00:11:10,020 --> 00:11:10,440
OK.

141
00:11:10,470 --> 00:11:15,420
So here we have another example of redundancy or fault tolerance.

142
00:11:15,450 --> 00:11:20,310
And in this case I have a high speed connection that connects the alternative or the backup.

143
00:11:20,300 --> 00:11:22,180
The connection will be VPN.

144
00:11:22,230 --> 00:11:24,990
So that's a lower performance more latency.

145
00:11:25,050 --> 00:11:25,770
In this case.

146
00:11:25,790 --> 00:11:28,680
So I can still have two customer routers here.

147
00:11:29,010 --> 00:11:29,790
I have two connections.

148
00:11:29,790 --> 00:11:32,010
One is I connect the other one is VPN.

149
00:11:32,130 --> 00:11:35,030
But of course the performance will not be the same.

150
00:11:35,160 --> 00:11:38,090
And the VPN definitely will not be used as active active.

151
00:11:38,100 --> 00:11:40,200
This will be the backup connection in my case.

152
00:11:40,230 --> 00:11:42,860
And of course VPN is a cheaper backup connection.

153
00:11:42,870 --> 00:11:50,970
One thing to note about that connect is once you have that connection to the region to have peace in

154
00:11:50,970 --> 00:11:54,810
the region do you have access to one of these on to the citizens.

155
00:11:54,820 --> 00:11:59,510
Are all of them you have access to all the Easy's in the region.

156
00:12:00,840 --> 00:12:06,870
And you can establish if you want to connect to remote regions you can establish IP SEC since this one

157
00:12:06,870 --> 00:12:12,980
has access to all the ICT that it has public IP addresses and public ranges.

158
00:12:13,140 --> 00:12:20,430
You can establish an IP connection to the VZW in remote regions over the public VHF and that's how we

159
00:12:20,430 --> 00:12:25,850
can even connect to your remote regions through the that connect.

160
00:12:25,870 --> 00:12:31,240
This is not related to that specifically but this is generally speaking in one routing table I can have

161
00:12:31,240 --> 00:12:33,110
only one default route.

162
00:12:33,280 --> 00:12:40,600
So they can have only one entry that points to 0 0 0 0 and this has to go either due to AGW to your

163
00:12:40,610 --> 00:12:45,040
VZW or to your peering connection very busy peering connection.

164
00:12:45,040 --> 00:12:46,850
But you cannot have more than one.

165
00:12:46,870 --> 00:12:53,330
Remember that propagation can be the alternative for the VZW to exchange routes with your routing table

166
00:12:53,920 --> 00:12:55,590
and that's it.

167
00:12:56,980 --> 00:13:03,440
So in the next lecture we'll start looking at the scenary questions and we'll have more fun applying.

168
00:13:03,450 --> 00:13:08,050
But we have learned through the theoretical lectures I know it might have been lengthy ones but I hope

169
00:13:08,050 --> 00:13:16,540
also that it was detailed enough and it made the point and the purpose by ensuring that the PC is very

170
00:13:16,540 --> 00:13:17,110
very clear.

171
00:13:17,110 --> 00:13:23,200
Now security groups network ACLC routing tables VZW is AGW VPN.

172
00:13:23,200 --> 00:13:29,680
All that is very clear and you don't have any ambiguity or concerns answering any question or any scenario

173
00:13:29,710 --> 00:13:35,310
and then we'll apply that also to the questions and hopefully by the end you have mastered and you can

174
00:13:35,320 --> 00:13:38,860
ask any related question in the exam.

175
00:13:39,040 --> 00:13:40,090
So I'll see you in the next lecture.