{"id":686,"date":"2012-02-07T18:09:59","date_gmt":"2012-02-07T10:09:59","guid":{"rendered":"https:\/\/blog.ychsiao.org\/?p=686"},"modified":"2012-02-07T18:16:06","modified_gmt":"2012-02-07T10:16:06","slug":"amazon-vpc%e4%bb%8b%e7%b4%b9%e8%88%87%e5%bb%ba%e7%bd%ae-%e7%b0%a1%e4%bb%8b","status":"publish","type":"post","link":"https:\/\/blog.ychsiao.org\/?p=686","title":{"rendered":"Amazon VPC\u4ecb\u7d39\u8207\u5efa\u7f6e-\u7c21\u4ecb"},"content":{"rendered":"<p><strong>\u524d\u8a00<\/strong><\/p>\n<p>\u64b0\u5beb\u672c\u6587\u7ae0\u6642\u5019\uff0c\u6211\u662f<a href=\"http:\/\/www.pixnet.net\">PIXNET<\/a>\u7684\u54e1\u5de5\u3002<\/p>\n<p><strong>\u7c21\u4ecb<\/strong><\/p>\n<p>\u6709\u95dc\u65bc<a href=\"http:\/\/aws.amazon.com\/\">Amazon Web Service(AWS)<\/a>\u7684\u61c9\u7528\uff0c\u5df2\u7d93\u6eff\u5730\u958b\u82b1\uff0c\u672c\u6587\u5c31\u4e0d\u518d\u8a73\u8ff0\uff0c\u9019\u7bc7\u6587\u7ae0\u91cd\u9ede\u662f\u4f86\u4ecb\u7d39<strong>VPC\u8207\u74b0\u5883\u5efa\u7acb<\/strong>\u3002\u7528\u904eEC2\u90fd\u77e5\u9053\uff0c\u9023\u5165EC2\u9700\u8981\u82b1\u4e00\u4e9b\u529f\u592b\uff0c\u7576\u4f60\u6a5f\u5668\u4e00\u591a\u6642\u5019\uff0c\u6216\u662f\u91cf\u4e00\u4f86\u7684\u6642\u5019\uff0c\u5982\u679c\u6c92\u6709\u9069\u7576\u7684\u5de5\u5177\u4f86\u5354\u52a9\u901a\u5e38\u90fd\u6703\u624b\u5fd9\u8173\u4e82\u3002\u5982\u679c\u4f60\u9084\u6709\u81ea\u5df2\u7684Data Center\uff0c\u8207EC2\u4e0a\u6a5f\u5668\u4ea4\u63db\u8cc7\u6599\u6642\uff0c\u9084\u8981\u8003\u616e\u52a0\u5bc6\u50b3\u8f38\u9019\u4ef6\u4e8b\uff0c\u9084\u6709\u4e00\u5806\u6703\u8b93SA\u60f3\u6bba\u4eba\u7684\u4e8b&#8230;.(\u4e0b\u7565300\u5b57)\u3002 <\/p>\n<p><!--more--><\/p>\n<p><em>Amazon Virtual Private Cloud (Amazon VPC) lets you provision a private, isolated section of the Amazon Web Services (AWS) Cloud where you can launch AWS resources in a virtual network that you define.<\/em><\/p>\n<p>Amazon\u662f\u9019\u9ebc\u4ecb\u7d39\u7684\uff0c\u767d\u8a71\u4e00\u9ede\u8aaa\u6cd5\u5c31\u662f\uff0c\u300c\u628a\u96f2\u62c9\u9032\u4f86\u5bb6\u88e1\u300d(\u8aa4)\u3002<\/p>\n<p><strong>\u57fa\u672c\u9700\u6c42<\/strong><\/p>\n<p>\u76ee\u524d(2012\/02)\u54ea\u4e9b\u670d\u52d9\u53ef\u4ee5\u900f\u904eVPC\u5b58\u53d6:<\/p>\n<ul>\n<li>EC2<\/li>\n<li>RDS<\/li>\n<li>S3(\u6211\u9084\u6c92\u627e\u5230\u600e\u9ebc\u9023)<\/li>\n<li>SimpleDB<\/li>\n<\/ul>\n<p>\u8dd1VPC\u7684<a href=\"http:\/\/aws.amazon.com\/vpc\/faqs\/#C8\">\u57fa\u672c\u9700\u6c42<\/a>\uff0c\u60f3\u8981\u7701\u9322(\u571f\u70ae)\u51fa\u4f86\u7684\u8edf\u9ad4\u6216\u8a2d\u5099\u4e00\u5b9a\u8981\u80fd\u8dd1IPSec\u8207BGP:<\/p>\n<ul>\n<li>Establish IKE Security Association using Pre-Shared Keys<\/li>\n<li>Establish IPsec Security Associations in Tunnel mode<\/li>\n<li>Utilize the AES 128-bit encryption function<\/li>\n<li>Utilize the SHA-1 hashing function<\/li>\n<li>Utilize Diffie-Hellman Perfect Forward Secrecy in &#8220;Group 2&#8221; mode<\/li>\n<li>Establish Border Gateway Protocol (BGP) peerings<\/li>\n<li>Bind tunnels to logical interfaces (route-based VPN)<\/li>\n<li>Utilize IPsec Dead Peer Detection<\/li>\n<li>Perform packet fragmentation prior to encryption<\/li>\n<\/ul>\n<div>\u5982\u679c\u5c0d\u4e0a\u8ff0VPN\/\u8def\u7531\u5354\u5b9a\u4e0d\u719f\uff0c\u6c92\u95dc\u4fc2\uff0c\u82b1\u9322\u6700\u5feb\uff0c<a href=\"http:\/\/aws.amazon.com\/vpc\/faqs\/#C9\">\u8cb7\u786c\u9ad4\u5f0f\u7684IPSec VPN<\/a>\u3002<\/div>\n<div>AWS\u9084\u63d0\u4f9b\u8a2d\u5b9a\u7bc4\u672c\u7d66\u4f60\u76f4\u63a5\u8cbc\u4e0a\u4f7f\u7528\u3002\u4ee5\u4e0b\u7d05\u5b57\u90e8\u5206\u662f\u6211\u6709\u5be6\u969b\u6e2c\u8a66\u904e\u7684:<\/div>\n<div>\n<ul>\n<li>Astaro Security Gateway running version 8.3 (or later)<\/li>\n<li>Astaro Security Gateway Essential Firewall Edition running version 8.3 (or later)<\/li>\n<li><span style=\"color: #ff0000;\">Cisco ISR running Cisco IOS 12.4 (or later) software<\/span><\/li>\n<li>Juniper J-Series Service Router running JunOS 9.5 (or later) software<\/li>\n<li>Juniper SRX-Series Services Gateway running JunOS 9.5 (or later) software<\/li>\n<li><span style=\"color: #ff0000;\">Juniper SSG running ScreenOS 6.1, or 6.2 (or later) software<\/span><\/li>\n<li>Juniper ISG running ScreenOS 6.1, or 6.2 (or later) software<\/li>\n<li>Yamaha RTX1200 router<\/li>\n<\/ul>\n<\/div>\n<p><strong>\u7db2\u8def\u67b6\u69cb<\/strong><\/p>\n<p>\u600e\u9ebc\u900f\u904eVPC\u628a\u4e0a\u8ff0\u670d\u52d9\u62c9\u9032\u4f86\u81ea\u5df2\u7684\u7db2\u8def\u5462?\u5728<a href=\"http:\/\/docs.amazonwebservices.com\/AmazonVPC\/latest\/UserGuide\/VPC_Scenarios.html\">Scenarios for Using Amazon VPC<\/a>\u88e1\u9762\u63d0\u5230\u56db\u500b\u5834\u666f\uff0c\u5982\u679c\u7528\u786c\u9ad4\u5f0f\u7684VPN\u5c31\u662f\u5f8c\u9762\u5169\u7a2e\u5566\uff0c\u88e1\u9762\u90fd\u6709\u8a73\u7d30\u7684\u4ecb\u7d39\u3002\u4ee5\u76ee\u524d\u7684\u9700\u6c42\uff0c\u6211\u662f\u9078\u7528<a href=\"http:\/\/docs.amazonwebservices.com\/AmazonVPC\/latest\/UserGuide\/VPC_Scenario3.html\">Scenario 3: VPC with Public and Private Subnets and Hardware VPN Access<\/a>\u3002<\/p>\n<p>\u9700\u8981\u6ce8\u610f\u7684\u4e8b\u60c5:<\/p>\n<ul>\n<li>Public Subnet\u7684\u6a5f\u5668\u9700\u8981\u6709EIP\uff0c\u624d\u80fd\u5f9eInternet\u9023\u5165\u3002<\/li>\n<li>Public Subnet\u7121\u6cd5\u900f\u904eVPC\u9023\u5230\u4f60\u7684Data Center\u3002<\/li>\n<li>Private Subnet\u7684\u6a5f\u5668\uff0c\u53ea\u80fd\u9023\u5230Public Subnet\u8207Data Center\u7684\u6a5f\u5668\u3002<\/li>\n<\/ul>\n<ul>\n<li>\u82e5\u8981\u9023\u5916\u9700\u5728Public Subnet\u67b6\u8a2dNAT server\u3002<\/li>\n<li>\u6216\u662f\u900f\u904eVPC\u9023\u56deData Center(Server Fram)\u7684\u7db2\u8def\/Proxy\u9023\u5916\u3002<\/li>\n<li>Public Subnet\u4e0d\u80fd\u4f7f\u7528ELB\u3002<\/li>\n<\/ul>\n<p>\u67b6\u69cb\u5716\u5982\u4e0b\uff1a<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/docs.amazonwebservices.com\/AmazonVPC\/latest\/UserGuide\/images\/Case3_Routing.png\" alt=\"\" width=\"752\" height=\"789\" \/><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u524d\u8a00 \u64b0\u5beb\u672c\u6587\u7ae0\u6642\u5019\uff0c\u6211\u662fPIXNET\u7684\u54e1\u5de5\u3002 \u7c21\u4ecb \u6709\u95dc\u65bcAmazon Web Service(AWS)\u7684\u61c9\u7528\uff0c\u5df2\u7d93\u6eff\u5730\u958b\u82b1\uff0c\u672c\u6587\u5c31\u4e0d\u518d\u8a73\u8ff0\uff0c\u9019\u7bc7\u6587\u7ae0\u91cd\u9ede\u662f\u4f86\u4ecb\u7d39VPC\u8207\u74b0\u5883\u5efa\u7acb\u3002\u7528\u904eEC2\u90fd\u77e5\u9053\uff0c\u9023\u5165EC2\u9700\u8981\u82b1\u4e00\u4e9b\u529f\u592b\uff0c\u7576\u4f60\u6a5f\u5668\u4e00\u591a\u6642\u5019\uff0c\u6216\u662f\u91cf\u4e00\u4f86\u7684\u6642\u5019\uff0c\u5982\u679c\u6c92\u6709\u9069\u7576\u7684\u5de5\u5177\u4f86\u5354\u52a9\u901a\u5e38\u90fd\u6703\u624b\u5fd9\u8173\u4e82\u3002\u5982\u679c\u4f60\u9084\u6709\u81ea\u5df2\u7684Data Center\uff0c\u8207EC2\u4e0a\u6a5f\u5668\u4ea4\u63db\u8cc7\u6599\u6642\uff0c\u9084\u8981\u8003\u616e\u52a0\u5bc6\u50b3\u8f38\u9019\u4ef6\u4e8b\uff0c\u9084\u6709\u4e00\u5806\u6703\u8b93SA\u60f3\u6bba\u4eba\u7684\u4e8b&#8230;.(\u4e0b\u7565300\u5b57)\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[56,55],"tags":[62,61,63,64,65],"class_list":["post-686","post","type-post","status-publish","format-standard","hentry","category-technology","category-work","tag-amazon","tag-aws","tag-cloud","tag-juniper","tag-vpc"],"_links":{"self":[{"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/posts\/686","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=686"}],"version-history":[{"count":5,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/posts\/686\/revisions"}],"predecessor-version":[{"id":718,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=\/wp\/v2\/posts\/686\/revisions\/718"}],"wp:attachment":[{"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=686"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=686"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ychsiao.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=686"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}