 Hello. Okay. Third session with networking. How many of you are feeling sleeping now? Okay. It's good actually. If you see like every movie right, particularly in Indian movie, there is a climax in the end of the movie. But before the climax if you see lot of people in the theater they sleep. Either because that there are two situations happen. Either the people will sleep or the people will sit in the front of the seat. It depends on the situation based on how the movie is going there, right? The same thing happens for me. The situation. Third session with networking. So I'll try to make more interactive so that like you can grab the thing. Before I start the session, right? So let me introduce about myself. I am Bhuminathan. I work as a cloud architect in Cisco. I work closely with Cisco and AWS. I help Cisco solutions on Amazon web services. Okay. I'm kind of like a global architect taking care of like APJC region for the solution side. This is the quick introduction about myself. So today we are going to learn about cloud van. So before I start right, I would like to hear from you guys how many of you already know cloud van? Just raise your hands. Cloud van. What is that? No, this is cloud van. Okay. So it looks like totally new. Then I can talk anything. There is no people there to validate and also nobody there to interest also. So let me ask you one more time how many of you already working with like cloud networking projects in your company? Because if you're the enterprises, the important thing is networking. Okay. So what do you work? A lot of things. Perfect. Cloud such as we would see in specific ways. Great. And routing and Azure as well. Great. I need you. Okay. So today agenda, right? So today agenda, what I'm going to talk is, so let me make like a split way so that I want to make sure because the cloud van is totally new. It got released just like a July. It's totally new. And a lot of people like big enterprises already started doing like a big POCs across APJCs that I'm part of that. So that's what I wanted to transfer the knowledge to the wider community here. So this is the agenda. First, we are before I talk about cloud network, like cloud band. I wanted to touch base with cloud networking. Okay. And then what is cloud band? What is the problem? It is solving. Then what are the key use cases? Then later, we are going to see the walkthrough. Like what are the steps involved in that? Then other thing is currently as he correctly mentioned. So what is your name? Thank you. So I mentioned, right? So if you remember the soy response, he ended with up to transit gateway and he moved to another cloud. So in AWS, the latest current production is until the transit gateway. So we are going to talk about how the cloud band is going to integrate with cloud band as well. That is transit gateway integration with cloud band. And also if you're like on premises, data center, heavy environment, how are you going to integrate with cloud band? And last thing is key takeaways. Okay. This is the agenda. Okay. So any questions on the agenda? Okay. Perfect. So if you see, right, this is like a normal virtual private cloud. So why we use virtual private cloud? Anybody? Anyone want to answer? Perfect. It's kind of like separation, meaning like logical construct, right? Logical isolation, right? That's what we are trying to do with VPC. So in the VPC, can we create like multiple segments, multiple isolation? Yes or no? Perfect. How we can do that? Perfect. So how we can communicate between two subnets? Security groups by opening the ports. Okay. I think everybody understand networking pretty well. So if you see the diagram right? So first like a, Amazon introduced like easy to write the virtual machine. So to place the virtual machine, the isolated virtual private cloud. So it's kind of like a logical network, what you have in the data center. Same thing is there. So in the VPC also we can, so what is availability zone? You, everybody knows that. So it's kind of like a group of data center in a single location. Same thing, like multiple available, availability zone in a same region is called like one region, AWS region. So in the AWS region, right? The VPC is segregated across availability zone, meaning it's a regional construct. Okay? If you are creating the VPC, it will be segregated between availability zone one and zone two. And if the other zones there in the region, you can enable or disable that also. Okay? And also to communicate between, sorry, to isolation inside the VPC, you can create like a multiple, multiple subnet to communicate between the subnet security group. So this portion, everybody clear, right? Okay. So now I'll ask the question before I move to the next slide. So consider us, how many of you currently using multiple VPC in your environment? Why are you using? Multiple VPCs we are using because like the resources are different VPCs for high availability and all. Perfect. So how about you? It's just isolate the individual environment. Correct. Yeah, isolate like a production, development, and also somebody, this side, different region for global network presence. Perfect. Okay. Now this time I come. Okay. So everybody knows that right now, we are using VPC, multiple VPC for like applications, global network, multiple isolation and it's mandatory. I don't, anybody there can say like I'm using only one VPC, only one flat network. Is anybody there in the ground or like in the room can say like I'm using only one VPC. Don't say I'm using demo environment. No, right? So it's kind of like a de facto standard to use multiple VPC. Now I have like another question. How are you going to, how do you communicate between multiple VPC? Perfect. That's a one way VPC gateway. What's that? Peering, transit gateway. Perfect. So when you say peering, what are the things you can do with peering? You have limitations, right? You can, it is like crowded. It's kind of like urban spoke. That's where like a transit gateway comes into the picture. That's what my slide. I think you guys already saying what I wanted to say. So if you see there are like multiple VPCs. So multiple VPCs or connected via transit gateway in the single, in the region consider it's a Singapore and in the Sydney, it has like multiple again, multiple regions. It's connected to the transit gateway. If I wanted to communicate between multiple VPCs, I can use transit gateway. So in a layman point of view, if you wanted to understand transit gateway, it's kind of like a virtual router. Okay. That's like a software defined virtual router where Amazon does a lot of magic inside it. Okay. So to communicate between multiple regions, how are we doing going to today? How are we doing today? Consider we have a workload in Singapore and we have another workload in Singapore. Both of them are APGC. How are we communicating today? Transit gateway appearing, that's it. But is it like manual configuration we are doing? Like a lot of routing we are doing here, lot of manual work. So did you face any time, like sometimes people may come and say, because of some wrong configuration, the whole application down. That happens a lot of times. So and also again, it's crowded. If you see, it's very good solution for peering. So generally forget about transit gateway. If anybody near the networking knows understanding the networking, they know what is the biggest problem when it comes to peering. Because when you are doing the peering, you will limit doing the scaling. You always have the limitation. That's why like a super mesh, those kind of hubbents from the hubbents spoke and those kind of things comes into the picture. So this is the common way. And everybody knows like for security, previously it was inside the data center. Now the security is moved to the cloud. So the same security also can be integrated with transit gateway via the AWS network firewall manager where you can do like a service institution also. So this is like a single slide. You can understand the entry in the current one. The current one. If you see, the transit gateway used to communicate between multiple VPC and also between regions and also the internet. And if you see, transit gateway is like kind of acting as a termination point for branch office, data center, even for the users also, okay? So until then you are clear. Now I'm going to talk about, now you already see what is the problem, right? The problem is peering, multi-crowded. So again, we are going to solve the problem. That's where CloudVan comes into the picture. So what CloudVans does? There are four things. CloudVan builds the global network. So what is global network? If you remember the previous slide, Singapore and Sydney was there. There are like two different regions, right? To connect the two different regions, we have peering, we are doing that. So consider Singapore is there and San Jose is there. How are you going to do that? And if you're adding like multiple region, consider like grab here, right? Grab customer is there in Singapore and if they want to expand grab in Indonesia, they have like another cloud. The same thing for Malaysia, it happens like that. So the scalability comes into the things and management and another thing is in transit gateway, we are managing and there is no problem in that. So if or like a highly skilled, if you know like automation, be able to manage it perfectly. But do you think like somebody manage your transit gateway from like consider, your SI managed transit gateway, do you feel like more happy and you can focus on the application or those kind of things, right? So that's the same thing, the CloudVan also doing that. It's taking the effort from the users, meaning like from the customers and it manages the CloudVan. That is, it's kind of, what is CloudVan? It's provide the global network in minutes and also global network and hybrid connectivity and simplify the VAN deployment. So don't think like what, if you don't know, understand networking, VAN and those kind of jargons, don't worry about that, just remember my previous slide. If you remember my previous slide, Singapore is there, Sydney is there, multiple branch is there. Connecting everything, it's called VAN, okay? So these are like the high level problems CloudVan is solving. So you need to remember the three key use cases. If you ask me, I attended this session, what is my only one take away? I would say this is the only one take away. If you ask me like, okay? These are like the three key use cases CloudVan is solving. The first one is between VPCs. So previously we are using VPC, now with the help of CloudVan, same thing can be connected. Another use cases related to the VAN, like Singapore and Sydney is connected. The third use case hybrid, the same way, multiple regions inside the AWS, also the data center and branches, the entire global network. These are the top three use cases and I'm going to talk about that in the further things, okay? So let me pause here for a minute. Just wanted to check with you guys, is my flow okay? Are you, yeah, just, yeah, please, please loud. Is the AWS market or is this a AWS product? It's AWS product. CloudVan is the AWS service. I'm from Cisco and we have like joint integration. I work for a BU, yeah. And we have like a joint partnership. So I'm going to talk about the VAN and hybrid, how Cisco and AWS in high level. Okay, these are like a six CloudVan components. One is the global network, core network, core network edges exactly similar to the transit gateway. The difference is transit gateway is managed by the customer, core network edges managed by the AWS, okay? And core network policy. Core network policy is kind of like a single logical policy where it will be applied. It is exactly similar to CloudFormation or Terraform. It's kind of a policy as a code. Just apply, it's a JSON document. Just add what you need to do, like for example, in one liner. These are the regions I need to do and these are my core network edge and these are like VPC I need to attach. It will do automatically. That's why like it's, if you remember my previous slide, I say in few minutes, you able to do the global network, okay? And segments, if you remember my first slide, what I told, in the VPC, you can create multiple segments via subnet. Same way, in the global network also, you can create multiple segments. Segments means like L3 routing domain, okay? And the last one is more towards attachment. This is where like, if you're existing like a VPC, you are existing VPC user or transit gateway or SD-WAN or whatnot, like VPN, you can connect that with the CloudVPN, okay? This is like a high level connectivity diagram to showcase how the CloudWAN connects with the existing VPC. So if you see, there are like multiple regions. So multiple regions, like consider this region have like two VPC, this one has one VPC and this one has like two VPCs. Everything will be connected to your single CloudWAN. So just ignore this slide. Previously, what do you do for three regions? What do you do for three regions? Generally, if no CloudWAN is there, exactly, you need to create like a pre-transit gateway, right? So because transit gateway is a regional construct, you need to create three transit gateway. But now you are having like only one CloudWAN. It's also like automated creation. It will be automatically, routes also automatically propagated. This is the problem it's solving, okay? So now we have seen the VPC. Let's see about what CloudWAN sees in the nutshell. Again, if you're like enterprise architect, I would suggest you to have a look on that. This is like the global network. Same thing available for other vendors also, like other hyperscalers, if you take like Azure Oracle also building that. But AWS is kind of like matured because it comes early. So what it does, right? If you see a single CloudWAN, I can create multiple segments. How I create like a subnet in the VPC, I can create multiple segments, hybrid production and development, and I can attach the VPC directly to there. And also I can attach my SDVAN like a data center and VPN, client to VPN, direct connect. And even if I have like a transit gateway, those transit gateway also can be attached. You can see that it's like a single unified network, okay? So maybe the outside maybe see like it's extra against the, inside the Cloud, this is what happens. Like segments will be there. This is the core network policy and the global network. These are like attachments. If you see like multiple VPCs will be there. This is how it's connected, okay? And everything is connected via the tag. That's another cool thing, okay? So you don't need to say like, because the problem in networking, right? If you are doing like a static route, you always need to remember, there I do the add at the core one. I think Sai remembers he says this like that. So every network engineer problem, that is what it's solving actually, okay? It's automatic. So now we have seen the high level concept and everything. To prepare demo, it will take at least 20 minutes to create the things. So I just take like a screenshot. So before I go through the screenshot of the configuration walkthrough, any questions I would like to take? Yeah, please. So this solution will replace the transit gateway, right? Sorry? The solution will replace the transit gateway? No, that's what I'm going to talk in the next one. If you remember in my agenda, the fourth one is how it's going to work. It is not going to replace transit gateway. It's kind of like extended one. Consider you are using transit gateway. Instead of you do the peering between two regions, you just connect the transit gateway to the cloud band. You can do the migration. I don't know. I'm in a traffic gateway. So why I need this application? Yeah, if you remember the slide, consider you have like Singapore, your customer having the same customer having the office in Sydney. How do you connect for the Sydney? Don't need. Don't need, simple. Yeah, only thing is if you would like to do, like in the Singapore region itself, if you are doing like multiple VPC, you wanted to do the automation of the transit gateway, networking, configuration and management, like a service offloading to this AWS, that's where the cloud band, rest you don't need. So any other questions? Yeah, please say. Something related to SDVAN. So can you directly integrate SDVAN with the network partners with AWS? Exactly. And right now we are doing it with SDVAN as an appliance. Sorry? SDVAN as an appliance. Okay. In a VPC, where we connect it via internet. Yeah, normally. So can we directly integrate out what are the partners available right now to do it? Okay. Directly to the cloud band. Okay, so it's currently, there are a lot of partners doing the solution and Cisco is one among them. Inside the Cisco itself, there are two solutions, Viptila is there, Meraki is there. I'm going to touch base with one solution, but apart from that Cisco, Fortinet is there, VMware is there and a lot of Windows also there and HPE, Arubo is also there. Okay? So I'll move on to these walkthrough things. Okay? So creating the configuration is so simple. There are like only three steps. Sorry, can you address FoxScience? Yeah, because it's a very shocking for the rest of the school, isn't it? All good? Thank you. Yeah, please. Very good question. Very good question. This is the same question. Whenever I do like POC or demo with customer, they ask, they ask how I'm going to integrate the security with the cloud band. That's a good question. I'm going to, maybe I'll answer it now. So if you remember my second slide, there is AWS network firewall manager, right? Same thing can be integrated with cloud band itself. The good thing is you can automate both things in a single network policy. That's a good thing. Is it answered? I answered your question, right? Perfect, perfect. So creating the configuration is so simple. So I just take this, that's the reason I take this screenshot. Just need to like name the global network. Then you need to tell the ASN number and also like what are the regions you want it to do. And in that also you can tell like, if you are having like a transit gateway, you can select that, or if you are like a VPC there, you can select that, then that's it. So once you're done, the configuration will be completed within like 20 minutes, 15 to 20 minutes, it will take to complete it, okay? And this is like a high level topology diagram. After the completion, after the configuration completes, you will get it, okay? So this is the global network. If you see, it's a Europe is there, Singapore is there, and US like San Jose also there, and East Coast also there. So this is the high level view. So it can reduce the like a network engineer's pain, particularly in the operations way. So this is like some fancy diagram, like logical diagram, if you wanted to see that the traffic and the multiple regions, everything, okay? Now I'm going to come back to the question the one gentleman asked nicely. So is it going to replace transit gateway? No, both of them are going to stay. Transit gateway is very good solution, and it's running in multiple protection instrument today. The good thing is transit gateway can be integrated to the cloud band to extend the global network. And you don't need to do the configuration of transit gateway, peering, okay? That portion you can hand out to cloud band. Another thing is if you don't need transit gateway, if you're connected to the VPC, right? You can migrate the VPC from transit gateway to the cloud band also. You have that option, okay? Yeah, who is the question? That's a good question. You can integrate RAM also inside the cloud band. RAM, right? Yeah, the multi-account, that can be integrated with cloud band. So this is the good use case. If you're like having the enterprises, customers, they mostly like a, at your small companies, right? So that's a, that kind of things, this can be used. Yeah. Does it mean we need to remove the transit gateway? There are two ways, okay? One is you can have the transit gateway as it is, and instead of to connect to the transit gateway to another region, like a peering, you can use cloud band. So cloud band will act as like a single logical network. Option number one. Option number two is you can remove the transit gateway. If you feel I don't want to configure that, I want to offload this to AWS managed services because cloud band is managed services, okay? You can have like a two links, one VPC, one VPC connected to the transit gateway, and the VPC connected to the cloud band, and slowly once you check the configuration, you can bypass that. So I have checked that. If you need, you can contact me. I can help you, okay? So this is the comparison, a high-level comparison. If you see, transit gateway is managed by the customer, and cloud band is fully managed by AWS, and the transit gateway, it's kind of like our own responsibility, like doing the configuration, and if needed, we can integrate with cloud, cloud formation, or like Terraform, whatever may be the things. But in cloud band, everything is like fully automated. AWS will take care of like entire route propagation, and the FD band integration also automated with the help of like attachment, which I explained earlier, and cloud band integrates with the transit gateway, and both of them supports the direct gateway, like sorry, direct connect, okay? So this is the question somebody asked, right? How it is going to connect to the data center? Because when we say global network, that needs to connect everything from user to data center, branch to data center, data center to cloud, between multiple cloud, that's where the key, this is the, I would like to highlight this slide. So cloud band can integrate with data center, also the branch via the FD band, and FD band is like multiple leading vendors are there, and this is where like Cisco is one of them, one of the solution. This is the quick start, in Cisco we have like Meraki VMAX, and also Viptila, so this where Meraki VMAX we have already available, and multiple customers already deploying it, and this is the quick start, if you need like you can go through it, and if you need you can reach out to me also, and it's like deployed in like a few minutes, okay? So these are like a advantage of Cisco and AWS, somebody asked, right? Why Cisco logo here? This is the reason. So it's like automation, it provides like entry and automation, to make sure like a global network, and unified management, and secure cloud networking. So I know like I'm running out of time, so this is like a last slide. So before I explain the last slide, I would like to take any questions. Yeah, okay, I think this is the first time I'm seeing like organizer also asking the question, okay? So it is exactly similar to normal AWS concept, only the data transfer only will come into the pricing. I'll share you the pricing guide later, but not for any configuration, like for example we are attaching, we are detaching, those kind of things, nothing, and there is no soft limit also, okay? So any other questions? Yeah? How to manage the routing part actually? AWS manages the routing port. It's a BDP supported. So normally in the transit, our transit gate will be out there. That's a pain, right? That's the pain it solves. I mean what all of my databases, various accounts in different regions, different countries to be connected, but I don't want such a network to be able to like fit the firewall. That's a good one. You can, for security mechanism, you can integrate with firewall, but to answer your question, you can have the policy, network policy, right? If you remember, in that policy, we have two options, either to accept all the, whatever the VPC we need to do, or whatever the regions, or whatever the core network engine, or we need to isolate also. There are two options. You can do that. So is it answer question? Separate, maybe I'll have like another session to walk through the demo also, okay? Any other question? Okay, okay, then this is the nutshell. If you see, I think I don't need to explain to you, so you already aware that. Thank you. I think this session is useful, yeah? Thank you. Thank you.