Networking & Content Delivery

Category: Networking & Content Delivery

Intelligent failover using AWS Lambda@Edge and Amazon DynamoDB

Modern applications increasingly require seamless user experiences and high availability, especially in scenarios where regional disruptions or outages could impact critical workloads. Businesses frequently face challenges when dynamically allocating users to specific endpoints or regions while providing persistent user-endpoint relationships and implementing robust failover mechanisms. To address these complex scenarios, this post describes a solution […]

How IAG accelerated service-to-service communication with Amazon VPC Lattice

Insurance Australia Group Limited (IAG) is the largest general insurance company in Australia and New Zealand. It operates major insurance brands like NRMA Insurance, CGU, SGIO, and NZI. IAG’s modern serverless digital engineering platform is built on AWS to host digital components, microservices, and customer experiences. It provides unified patterns, consistent delivery, and strong governance, […]

Phased AWS Transit Gateway to AWS Cloud WAN Migration with Terraform and Network MCP Server

Phased AWS Transit Gateway to AWS Cloud WAN Migration with Terraform and Network MCP Server

Migrate from AWS Transit Gateway to AWS Cloud WAN across multiple Regions using a six-phase Terraform approach with AWS Network MCP Server validation

Intelligent VPN observability: Decoding AWS Site-to-Site VPN logs

When an AWS Site-to-Site VPN connection degrades, you sift through hundreds of log entries, correlate Border Gateway Protocol (BGP) state transitions with Internet Key Exchange (IKE) phase changes and decide whether the cause is a prefix quota violation, an autonomous system (AS) path loop, or a hold timer expiry. That repetitive manual work prolongs recovery. […]

AWS Cloud WAN Routing Policy: Real-World Global Network Scenarios – Part 2

In Part 1, we introduced AWS Cloud WAN routing policies and showed how you can use fine-grained controls to influence route propagation and path selection across a global network. Each routing policy is built with three core components: 1) match conditions, that evaluate route prefixes or BGP attributes; 2) actions, that determine how matching routes […]

Extending NLB health checks for RADIUS using an Amazon ECS witness

Extending NLB health checks for RADIUS using an Amazon ECS witness

Network Load Balancer health checks confirm that a RADIUS server is reachable, not that it can authenticate a user, so a server with a failed identity store keeps receiving traffic. This post walks through an open-source reference solution that closes the gap with a single Amazon ECS witness that runs application-layer RADIUS probes and reconciles NLB target group membership directly.

VPC resource gateways: Implementation patterns and use cases

VPC resource gateways: Implementation patterns and use cases

When you need to connect applications across Amazon Virtual Private Clouds (Amazon VPCs) to services that don’t fit the traditional AWS PrivateLink provider-consumer model, you face complex networking challenges that VPC peering and AWS Transit Gateway alone can’t easily solve. This is especially true for overlapping IP spaces. You can now connect to services that […]

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 2

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 2

For organizations operating multi-tenant environments, regulated environments, or multiple business units, maintaining strict network segmentation between SD-WAN and AWS is essential for meeting security, compliance, and operational requirements. This is Part 2 of the two-part series on extending SD-WAN segmentation into AWS Cloud WAN. In Part 1, the Generic Routing Encapsulation (GRE) based Connect attachment […]

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 1

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 1

For organizations operating multi-tenant environments, regulated environments, or multiple business units, maintaining strict network segmentation between SD-WAN and AWS is essential for meeting security, compliance, and operational requirements. Deploying SD-WAN virtual appliances and extending your segmentation through AWS Cloud WAN helps unify these segmented environments under a single, scalable global network. That said, segmentation is […]

Best practices for securing your IPv6 infrastructure on AWS using VPC Block Public Access

Best practices for securing your IPv6 infrastructure on AWS using VPC Block Public Access

Organizations often struggle with how to secure IPv6 network and application infrastructure on AWS based on what type of IPv6 addresses they are using. In this post, I cover the best practices and considerations for securing private IPv6 resources while maintaining the flexibility to adjust connectivity models as your infrastructure evolves. I also cover how […]