Allow you to route traffic between two VPCs -- can be peered within your accounts or other AWS accounts within the same region (so different AZ's are OK)

• Neither a gateway nor a VPN connection -- no separate piece of hardware. No single point of failure.
• No transient peering. In A<->B<->C A can route to B but not to C. (would have to peer between A<->C)
• Cannot have same IP ranges in different VPCs
• VPCs can having many peers (50 soft limit, up to 125?)
• "Placement groups" can span peered VPCs but you will not get full bandwidth between instances in peered VPCs

Limits

• Cannot reference a security group from the peer VPC as a source of destination, must use CIDR block.
• Private DNS values cannot be resolved between VPC

Steps

• One party sends request
• 2nd party accepts
• 1st party adds route to 2nd party
• 2nd party adds routes back
• Security groups in both VPCs have to allow traffic between each other (also Network ACLs)

• Increase bandwidth, more reliability, lower cost when dealing with large volumes of traffic
• 802.1q VLANs
• Allows Multiple Virtual Interfaces (VIFs)
  • Access public resources such as S3 and private resources like EC2 private IP space while maintaining network separation between environments

• Reminder: Site to Site VPN uses Customer Gateway (customer side) to Virtual Private Gateway (AWS side) when setting up VPN connection

HPC involves

• batch processing with large and compute intensive workloads
• Demands high performance CPU, network, and storage
• Usual jumbo frames are required (9000 bytes of payload): used in shared files systems frequently and HPC apps need lots of disk I/O on shared file systems so jumbo frames critical in many cases...

Jumbo Frames only supported on "enhanced networking" instances.

• Enhanced Networking provided by using "single root I/O virtualization (SR-IOV) on supported instance types
• C3, C4, D2, I2, M4, R3
• Only on HVM (hardware virtualized) instances, not PV (paravirtual)
• See Enhanced Networking Documentation on AWS Docs

Placement Groups are a logical grouping of instances within a single AZ.

• Low latency, 10Gpbs network
• Instance type must support Enhanced Networking
• Placement Groups do NOT span AZ, but can span subnets in the same AZ (can span VPC but lots of performance degradation)
• Use homogenous instance types so that your launch suceeds (??). May not be enough capacity to launch all your instances later on so size for peak load (??)

Automatically distributes incoming traffic across multiple instances

Know which ports ELB's support

• SMTP
• HTTP/S
• 1024-65535

Cannot assign an elastic IP address to ELB (still true?)

IPv4 and IPv6 are supported (VPC's do not support IPv6 currently [still true?])

You can load balance to the "Zone Apex" of your domain name (using alias record)

You can get history of ELB API calls made on account for security analysis and operation troubleshooting purposes with CloudTrail

If you have multiple SSL certs you should use multiple ELBs (unless you have a wildcard, obviously)

Enable isntances in private subnet to access internet outbound

Bottleneck when single NAT has too much traffic

• Scale up, bigger instance type or one with enhanced networking
• Scale out, add additional NAT and subnet and migrate half your workload to the new subnet
• HA for NAT instances (check the amazon blog)

More from Amazon

• http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat.html
• http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat-comparison.html