deploying transit vpc with autoscaling for amazon web ... · deployingtransitvpcwithautoscalingfor...

Deploying Transit VPC with Autoscaling forAmazon Web Services (AWS)

The Autoscaling functionality monitors the Transit VPC and virtual private cloud (VPC). It automaticallyperforms scale in and scale out operations.

• Information About Deploying Transit VPC with Autoscaler, on page 1• How to Deploy Transit VPC with Autoscaler, on page 3• Configuration Example, on page 8• Use Cases, on page 13

Information About Deploying Transit VPC with Autoscaler

Overview of AutoscalerThe Autoscaling functionality monitors the Transit VPC and virtual private cloud (VPC). It automaticallyperforms scale in and scale out operations. It scales by adding and removing CSR instances depending on thevolume of traffic in the transit VPC. Autoscaler optimizes CSR performance in Transit VPC by effectivelyutilizing CSR instances in a cost-effective mode.

Scaling out refers to attaching additional CSR instances to increase capacity. Scaling in refers to detachingthe CSR instances to reduce the extended capacity. Autoscaler manages the Transit VPC CSR instances bymonitoring and performing scale-out and scale-in operations. Autoscaler automatically configures additionalCSR instances when there is a load increase that meets the predefined load criteria. It also automaticallyremoves CSR instances when the load is decreased. To handle varying loads, it configures and manages theappropriate number of CSR instances.

Autoscaler configures the Transit CSRs that enables CSRs to publish metrics on AWSCloudWatch. Autoscalermonitors these statistics and to determine whether the Transit VPC needs additional capacity of CSR instances.For an Autoscaler group, a minimum andmaximum number of CSR instances can be specified using parametersin the AWS CloudFormation template.

Deploying Transit VPC with Autoscaling for Amazon Web Services (AWS)1

Figure 1: Transit VPC with Autoscaler Deployment Workflow

Scaling-Out and Scaling-In in Transit VPCAutoscaler scales out by attaching CSR instances. Scale out occurs only if these three conditions are met:

• if the maximum number of instances has not been met


Deploying Transit VPC with Autoscaling for Amazon Web Services (AWS)Scaling-Out and Scaling-In in Transit VPC

• the load on each CSR in the group is higher than 50 percent of the license level

• at least one CSR must exceed 80 percent of the license level for a period of 15 minutes

Autoscaler scales in when these three conditions are met:

• the minimum number of instances has not been reached

• the load on all CSR instances in the group are below 40 percent of the license level

• at least any one CSR is lower than 10 percent of the license level

Monitoring in Transit VPCAutoscaler monitors events in the Transit VPC CSRs through CloudWatch metrics. It continuously monitorsand detects any changes in the load and determines the actions to be taken based on the parameters defined.Based on the statistics that are published on CloudWatch, it determines the appropriate time to scale-in orscale-out.

For example, if throughput value is higher than the threshold defined for a period of over 15 minutes, it scalesout.

Benefits of Autoscaler• Manages the changing requirements of a Transit VPC by adding or removing CSR instances to meetvarying load demands. Whenever the load varies, there is no need for a manual intervention of addingor removing additional CSR instances.

• Performs automatic license activation for CSR instances for Bring Your Own License (BYOL) type.• Effectively utilizes CSR instances in Transit VPC to save cost.

Prerequisites for Autoscaler• An AWS account with the privileges to create CloudFormation stack

• Access to S3 Bucket and AMI in AWS

• Elastic IPs for each CSRs in the group

• CSR license types: BYOL or LicenseIncluded

How to Deploy Transit VPC with Autoscaler

Launching Transit VPC ComponentsTransit VPCwith Autoscaler deployment involves configuring various components such as Transit VPCHub,Spoke VPC, DMVPN, CSR, AWS Service, Autoscaler, and IPSec Algo. You specify parameters for thesecomponents in the AWS CloudFormation window.


Deploying Transit VPC with Autoscaling for Amazon Web Services (AWS)Monitoring in Transit VPC

Procedure

Step 1 Go to the URL: http://github.com/csr1000v/autoscaler, select Create Stack and choose thetemplate, and then click Next.

Step 2 Specify tags (key-value pairs) for stack resources and additional options, then click Next.

Table 1: Parameters for Launching a Transit VPC

DescriptionParameter

Name of the Transit VPC.Stack name

Required throughput for the CSR 1000v instance. Itdetermines the instance type to be launched.

Default: 2 x 500 Mbps

CSR Throughput Requirements

Public/private key pair that allows a secure connectionto be made to a CSR 1000v instance after it haslaunched.

You must enter a public/private key pair. (The keypair is created at your preferred location when theAWS account is created.)

SSH Key to access CSR

The license model can be either LicenseIncluded orBYOL.

Default: LicenseIncluded

License Model

Termination protection for CSR 1000v instances helpsprevent accidental CSR 1000v termination. It isrecommended for production deployments.

Default: Yes

Enable Termination Protection

Text string to be used as a prefix when Amazon S3objects are created.

Default: vpnconfigs/

Prefix for S3 Objects

CIDR block for the transit VPC.Modify the VPC andsubnet CIDR address ranges to avoid collisions withyour network.

Default: 100.64.127.224/27

Transit VPC CIDR Block

CIDR block for the transit VPC subnet created in AZ1(See Figure 2. DMVPNwith Transit VPC in DMVPNTransit VPC).

Default: 100.64.127.224/28

1st Subnet Network


Deploying Transit VPC with Autoscaling for Amazon Web Services (AWS)Launching Transit VPC Components

b_csraws_transitVPC_chapter1.pdf#nameddest=unique_7



CIDR block for the transit VPC subnet created in AZ2.(See Figure 2. DMVPNwith Transit VPC in DMVPNTransit VPC).

Default: 100.64.127.240/28

2nd Subnet Network

BGP Autonomous System Number (ASN) for thetransit VPC.

Default: 64512

Transit VPC BGP ASN

(Optional) Enable this to add or remove additionalAWS account.

Add/remove additional AWS account

Account ID of an AWS account to be associated withthe transit network, which allows access to the S3bucket and AWS KMS customer master key.

You can only enter one additional AWSaccount ID in this field. If you want toconnect more than one additional AWSaccount to the transit network, you mustmanually configure permissions for theadditional accounts.

Note

Additional AWS Account ID

Sends anonymous data to Amazon Web Services tohelp with understanding solution usage and achievecosts savings for customers. If you choose not to sendthis anonymous data, select NO.

Default: Yes

SendAnonymousData

Select Enable to deploy Transit VPCwith Autoscalingfunctionality.

Create Auto Scaling Group

Name of the Auto Scaling group for the Transit VPCCSRs. This name is also used to tag the CSRinstances.

Group Name

Theminimum number of CSR instances that the CSRgroup maintains all the time.

Minimum number of Instances

Themaximum number of CSR instances that the CSRgroup allows. Autoscaler cannot scale out beyond themaximum number of instances.

Maximum Number of Instances

(Optional) Enable this option to receive notificationsrelated to Transit VPC events. An email address orSMS number can be specified to a subscribenotification.

SNS Notification






The license model can be either LicenseIncluded orBYOL.

Default: LicenseIncluded

License Model for Autoscaler

License token ID for smart licensing.License Token ID

Select the technology package for licensing (AX orSecurity)

Technology Package

License level in megabytes for the Transit VPCCSRs.License Level

Enter the email address for license.Email Address for License

Enable scale in for the transit VPC CSRs. If Disabled,the Autoscaler will only scale out when needed.

Enable Scale In for Autoscaled Instances

Select enable to configure DMVPN.

Default: Enable

Enable DMVPN

DMVPN Profile. Values: Spoke-to-OneHub–EIGRP,Spoke-to-MultiHub–EIGRP.

Default: Spoke-to-OneHub–EIGRP

DMVPN Profile

Create—creates the DMVPN profile. Delete—deletesthe DMVPN profile named in the DMVPN Profilefield.

Default: Create

Create or Delete

(Optional) DMVPN tunnel CIDR.

Example: 10.101.0.0/16

DMVPN tunnel CIDR

DMVPN hub tunnel IP address.

Example: 10.101.0.1

1st DMVPN Hub tunnel IP address

(Optional) Second DMVPN hub tunnel IP address.2nd DMVPN Hub tunnel IP address

Routable IP address of the first DMVPN Hub.

(Use only for transit VPC as Spoke)

1st DMVPN Hub's IP address

(Optional) Routable IP address of the secondDMVPNHub.

(Use only for transit VPC as Spoke)

2nd DMVPN Hub's IP address

IP address of the first DMVPN spoke tunnel.

Example: 10.101.0.3

1st DMVPN spoke tunnel IP address

IP address of the second DMVPN spoke tunnel.

Example: 10.101.0.4

2nd DMVPN spoke tunnel IP address




Network ID forNHRPprotocol—used underDMVPNtunnel interface.

Example: 9898

Network ID for NHRP Protocol

Authentication string—used on an interface runningNHRP.

Example: cisco123

AuthString

DMVPN Tunnel key—used in the hub.

Example: 10

Tunnel Key

AS number of routing protocol—used in the hub

Example: 10000

AS number for BGP/EIGRP

IPsec cipher algorithm. Select the alogithirm forpossible values. Values: ESP-GCM, ESP-3DES,ESP-GMAC, ESP-DES, and ESP-AES.

Default: ESP-AES

Choice of IPsec cipher algorithm

IPsec authentication algorithm. Values:ESP-SHA-HMAC, ESP-SHA256-HMAC,ESP-SHA384-HMAC, and ESP-SHA512-HMAC.

Default: ESP-SHA256-HMAC

Choice of IPsec authentication algorithm

ISAKMP shared key, used in the IPsec algorithm.Shared Key

Step 3 Click Next.Step 4 Specify tags (key-value pairs) for the stack resources and click Next.Step 5 Review and confirm the settings.Step 6 Check the checkbox to create resources for AWS Identity and Access Management (IAM).Step 7 Click Create.

Verifying Autoscaler DeploymentThe AWS CloudFormation window allows you to view the deployment status of the Transit VPC withAutoscaler. A status CREATE_COMPLETE appears approximately in five minutes after the successfuldeployment. It shows the status of main template and the two nested templates separately as shown in thefollowing image.


Deploying Transit VPC with Autoscaling for Amazon Web Services (AWS)Verifying Autoscaler Deployment

If Transit VPC launch fails, the stack event logs provide information that help you to identify the causes ofthe failure. You can also view CloudWatch logs and the router logs to detect connectivity issues that mayhave caused failure.

Note

Configuration ExampleThis example shows the output from the show running-configuration command after configuring TransitVPC with Autoscaler.Building configuration...

Current configuration : 11349 bytes!! Last configuration change at 01:14:34 UTC Wed Jul 4 2018 by automate!version 16.9service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryptionservice internalservice call-homeplatform qfp utilization monitor load 80no platform punt-keepalive disable-kernel-coreplatform console virtualplatform hardware throughput level MB 1000!hostname autoscaling-group-4!boot-start-markerboot-end-marker!!vrf definition GSrd 100:100!address-family ipv4exit-address-family!logging persistent size 1000000 filesize 8192 immediate!no aaa new-modelcall-home! If contact email address in call-home is configured as [email protected]! the email address configured in Cisco Smart License Portal will be used as contact email


Deploying Transit VPC with Autoscaling for Amazon Web Services (AWS)Configuration Example

address to send SCH notifications.contact-email-addr [email protected] "CiscoTAC-1"activedestination transport-method httpno destination transport-method emaildestination address http

http://pteodc-alphastg.cloudapps.cisco.com/its/service/oddce/services/DDCEService!ip vrf vpn-dmvpn-transit-vpc--Tun-3rd 64512:3route-target export 64512:0route-target import 64512:0!ip vrf vpn-vpc-9fcf81f9-81792rd 64512:1route-target export 64512:0route-target import 64512:0!ip vrf vpn0!!ip admission watch-list expiry-time 0!!subscriber templating!!multilink bundle-name authenticated!crypto pki trustpoint TP-self-signed-2282641679enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-2282641679revocation-check nonersakeypair TP-self-signed-2282641679!crypto pki trustpoint SLA-TrustPointenrollment terminalrevocation-check crl!!crypto pki certificate chain TP-self-signed-2282641679certificate self-signed 0130820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 0505003031312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 4365727469666963 6174652D 32323832 36343136 3739301E 170D3138 30373034 3030353933305A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 031326494F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 3238323634313637 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 003082010A028201 0100AE02 C7451287 B91A57FF E8ECE6F9 A1AC83D6 016410D4 127E17250F923728 014E91B6 0B1760C8 BE6FAAFF 46FBE5E0 36747B19 7C297232 981DBB3150CDB0C7 4CF3C8D9 49527FBC C950C718 198AFCA9 BA60165E 1327B8E5 B4FF0BBF56F56A65 31C0B1CD 069DB94B BB079EAA 70A6722B BC8B4272 08E42918 E6EA34877CF7374D 190B23CC 5FE9C7B4 091E5C0F F30C5BA8 CBC4F54A B5AA44D2 33E7C14DF9AD72C4 4419DAB4 FF4E3528 C3E98324 7E7B3CE3 DDB8A859 BA9143A8 3AB595B766281EB6 47743345 3CE5054B CE6E4E48 9A6D9FE5 DB06D14C DF24370B F503F252FD719163 F33353F1 9EBA399D 6E71E33E F266677C E4C0E791 B457E990 23076DC8BE91D4C6 A07D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF301F0603 551D2304 18301680 146CA59F 42679C84 1276FA2E 01F72B49 13419063A4301D06 03551D0E 04160414 6CA59F42 679C8412 76FA2E01 F72B4913 419063A4300D0609 2A864886 F70D0101 05050003 82010100 757EA9A3 11398961 A6D2BEB2F9FA907F C6F9D658 ABE42351 DEF1C8D5 C1B9CE08 6AB01D0E CFC40E94 D433752C7853CF07 AAA0488B 70F7A4AB 69A87AE8 DABA2A6F 12511EF3 D0E63B24 2C336C7BC6CFFAF4 1F322EE1 F76A2D0D 8E8637BE 297C5673 ED8D7116 6E6B22BD 7C479518



633F5684 FB362D4D 047053F1 F14249C4 F2BAD569 68B6E2E1 21878422 E2F542F18BADB8A3 1376A191 34198F38 7A71BAF9 1E1E0CA2 69D6A685 0F0E09E5 1542F991FDE39C64 8687C830 20BC2F35 C5A429F9 4EE47919 2476F0B9 68684C4F 34F5CABA56168375 8DFD9DD5 A45C9FC4 6DBF48A4 1698599D C2D78AF1 107B9932 32A387F1A0450FB8 86441528 7F60D860 BE22D5B7 FEE03972quit

crypto pki certificate chain SLA-TrustPointcertificate ca 0130820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B05003032310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 436973636F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 303139343834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A130543697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F003082010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64DCBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E5201C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD718868E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 0403020106300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC854B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B050003820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8BD98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F0867880DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0D697DF7F 28quit

!license udi pid CSR1000V sn 9PEEBCTDYELlicense boot level securitylicense smart enablediagnostic bootup level minimal!!!username ec2-user privilege 15 secret 5 $1$6tuC$/t0yPt7jlk13RTzdPaO2K.username automate privilege 15 password 7 060F0B706F1730302A153E5C3D092F3F!redundancy!!class-map match-all autoscaler-class-mapmatch access-group 50!policy-map autoscaler-policy-mapclass autoscaler-class-mapset cos 5

!!crypto keyring keyring-transit-vpc--Tun-3local-address GigabitEthernet1pre-shared-key address 0.0.0.0 0.0.0.0 key cisco

crypto keyring keyring-vpn-vpc-9fcf81f9-81792-2local-address GigabitEthernet1pre-shared-key address 52.214.77.11 key 0WdAFsN33XkfsBZOukL3zqxihq6OCrgZ

crypto keyring keyring-vpn-vpc-9fcf81f9-81792-1



local-address GigabitEthernet1pre-shared-key address 34.242.251.176 key Y1EPGZDdW8eMKvp9R5966rgX7RM3lOgr

!!crypto isakmp policy 200encr aesauthentication pre-sharegroup 2lifetime 28800!crypto isakmp policy 300encr aesauthentication pre-sharegroup 5crypto isakmp keepalive 30 5crypto isakmp profile isakmp-vpn-vpc-9fcf81f9-81792-1

keyring keyring-vpn-vpc-9fcf81f9-81792-1match identity address 34.242.251.176 255.255.255.255local-address GigabitEthernet1

crypto isakmp profile isakmp-vpn-vpc-9fcf81f9-81792-2keyring keyring-vpn-vpc-9fcf81f9-81792-2match identity address 52.214.77.11 255.255.255.255local-address GigabitEthernet1

!crypto ipsec security-association replay window-size 1024!crypto ipsec transform-set ipsec-prop-vpn-aws esp-aes esp-sha-hmacmode tunnelcrypto ipsec transform-set transform-transit-vpc--Tun-3 esp-aes esp-sha-hmacmode transportcrypto ipsec df-bit clear!!crypto ipsec profile ipsec-vpn-awsset transform-set ipsec-prop-vpn-awsset pfs group2!crypto ipsec profile profile-transit-vpc--Tun-3set transform-set transform-transit-vpc--Tun-3!!!!interface Tunnel1ip vrf forwarding vpn-vpc-9fcf81f9-81792ip address 169.254.99.142 255.255.255.252ip tcp adjust-mss 1387tunnel source GigabitEthernet1tunnel mode ipsec ipv4tunnel destination 34.242.251.176tunnel protection ipsec profile ipsec-vpn-awsip virtual-reassembly!interface Tunnel2ip vrf forwarding vpn-vpc-9fcf81f9-81792ip address 169.254.181.190 255.255.255.252ip tcp adjust-mss 1387tunnel source GigabitEthernet1tunnel mode ipsec ipv4tunnel destination 52.214.77.11tunnel protection ipsec profile ipsec-vpn-awsip virtual-reassembly!interface Tunnel3



ip vrf forwarding vpn-dmvpn-transit-vpc--Tun-3ip address 172.31.1.12 255.255.0.0no ip redirectsip mtu 1400ip nhrp authentication cisco123ip nhrp network-id 9898ip nhrp nhs 172.31.1.5 nbma 34.254.75.62 multicastip tcp adjust-mss 1360tunnel source GigabitEthernet1tunnel mode gre multipointtunnel key 0tunnel protection ipsec profile profile-transit-vpc--Tun-3!interface VirtualPortGroup0vrf forwarding GSip address 192.168.35.101 255.255.255.0ip nat inside!interface GigabitEthernet1ip vrf select sourceip vrf receive vpn-vpc-9fcf81f9-81792ip address dhcpip nat outsidenegotiation autoservice-policy output autoscaler-policy-map!!router eigrp 10000!address-family ipv4 vrf vpn-dmvpn-transit-vpc--Tun-3redistribute bgp 64512 metric 10000 100 255 1 1500network 172.31.0.0autonomous-system 10000exit-address-family!router bgp 64512bgp router-id interface GigabitEthernet1bgp log-neighbor-changes!address-family ipv4 vrf vpn-dmvpn-transit-vpc--Tun-3redistribute eigrp 10000exit-address-family!address-family ipv4 vrf vpn-vpc-9fcf81f9-81792neighbor 169.254.99.141 remote-as 7224neighbor 169.254.99.141 timers 10 30 30neighbor 169.254.99.141 activateneighbor 169.254.99.141 as-overrideneighbor 169.254.99.141 soft-reconfiguration inboundneighbor 169.254.181.189 remote-as 7224neighbor 169.254.181.189 timers 10 30 30neighbor 169.254.181.189 activateneighbor 169.254.181.189 as-overrideneighbor 169.254.181.189 soft-reconfiguration inboundexit-address-family!ioxip nat inside source list GS_NAT_ACL interface GigabitEthernet1 vrf GS overloadip forward-protocol ndip tcp window-size 8192ip http serverip http authentication localip http secure-serverip route 0.0.0.0 0.0.0.0 GigabitEthernet1 13.13.1.1



ip route vrf GS 0.0.0.0 0.0.0.0 GigabitEthernet1 13.13.1.1 global!ip ssh rsa keypair-name ssh-keyip ssh version 2ip ssh pubkey-chainusername ec2-userkey-hash ssh-rsa 3214AF3ED1A55040F7CB7BDCB17633FA ec2-userusername automatekey-hash ssh-rsa 10705A66BA5D14D2C4E2C3A46F6F2CF5

ip ssh server algorithm authentication publickeyip scp server enable!!ip access-list standard GS_NAT_ACLpermit 192.168.35.0 0.0.0.255access-list 50 permit 13.13.1.35!!control-plane!!line con 0stopbits 1line vty 0 4login localtransport input sshline vty 5 20login localtransport input ssh!!event manager applet PUSH_CSR_METRICSevent timer cron cron-entry "*/1 * * * *"action 1.0 cli command "enable"action 2.0 cli command "guestshell run get-stat-drop.py"!!app-hosting appid guestshellapp-vnic gateway1 virtualportgroup 0 guest-interface 0guest-ipaddress 192.168.35.102 netmask 255.255.255.0app-default-gateway 192.168.35.101 guest-interface 0name-server0 8.8.8.8name-server1 8.8.4.4name-server2 8.8.8.8name-server3 8.8.4.4end

Use Cases

Case 1The following figure illustrates a Transit VPC network architecture and its interconnections. Theseinterconnections comprise of multiple virtual networks in cloud such as VPCs and on premise networks suchas corporate network or data center networks. This` topology illustrates the Transit VPC (a virtual networkin customer’s AWS account) acting as a transit hub for transiting traffic among the different networks fromthe multiple geographical locations.


Deploying Transit VPC with Autoscaling for Amazon Web Services (AWS)Use Cases

Figure 2: Transit VPC in AWS

Case 2The following topology presents a Transit VPC network with a maximum of three CSRs. A minimum of twoCSRs are always in service with little or no traffic here. The topology shows 'ROUTER 3' is configuredautomatically whenever there is a high traffic that meets the pre-defined threshold.

The topology shows the AWS CloudWatch that publishes metrics, which provides data insights based onwhich scale-out and scale-in actions are triggered, to Autoscaler to initiate action. The topology also showsconfiguration files that stored in S3 bucket transferred to autoscaler when it initiates a newCSR configuration.


Deploying Transit VPC with Autoscaling for Amazon Web Services (AWS)Case 2

Figure 3: Autoscaler in Transit VPC



deploying transit vpc with autoscaling for amazon web ... · deployingtransitvpcwithautoscalingfor...

Documents