Skip to main content

Network Checklist

Checklist

Here are the steps in systems design for a cloud network on AWS:

  1. Define the scope of the project:
    • Determine the requirements for the network, including the number of users, the types of workloads, and the required availability and performance.
  2. Identify how many resources are projected:
    • This may be affected by non-serverless vs. serverless decisions.
    • Non-serverless may require more VPC complexity and IPs.
  3. Identify the VPC components:
    • Decide on the number of VPCs, subnets, and network interfaces needed to support the workloads.
      • Identify the number of devices and services that need IP addresses:
        • Consider the number of servers, workstations, network devices, and services that will require IP addresses within your VPC.
      • Determine the number of IP addresses required for each device or service:
        • Look at the documentation of each device and service to determine the number of IP addresses required.
      • Consider the growth of your network:
        • Think about the future growth of your network, and plan for additional IP addresses to accommodate future expansion.
      • Decide on the CIDR block size:
        • CIDR blocks come in different sizes, and the choice of the block size will determine the number of IP addresses available within the VPC.
        • A /24 block, for example, provides 256 IP addresses, while a /16 block provides 65,536 IP addresses.
      • Use IP calculators:
        • Use online IP calculators that can help you determine the number of IP addresses available in a CIDR block and how many IP addresses you need.
      • Review your VPC design:
        • Review your VPC design, and make sure that your IP address allocation is efficient and does not waste IP addresses.
  4. Design the network topology:
    • Decide on the network topology, including the number of availability zones, routing tables, and security groups.
      • Number of availability zones: The number of availability zones to be used in the network topology will depend on the required level of availability and fault tolerance for the system. If high availability and fault tolerance are required, multiple availability zones should be used.
      • Routing tables: The routing tables define how traffic is routed within the VPC, and how the VPC is connected to the Internet or other VPCs. The routing tables should be designed to ensure that traffic is directed to the appropriate subnets and instances, and to optimize the performance of the system.
      • Security groups: Security groups are used to control access to the instances and resources within the VPC, and to protect the system from unauthorized access. The security groups should be designed to provide the appropriate level of security for the system, and to be manageable and scalable.
      • Network Segmentation: Network segmentation is the process of dividing a network into smaller subnets, that are isolated from each other. This allows to control the traffic, and to have a better security posture.
      • Compliance: If the system is subject to specific compliance requirements, such as HIPAA or PCI-DSS, the network topology should be designed to meet those requirements and to ensure that the system is in compliance.
      • Scalability: The network topology should be designed to be scalable, so that it can accommodate the growth of the system, and to allow for the addition of new resources and instances as needed.
      • Cost: The network topology should be designed to be cost-effective, by using the appropriate services and resources,
  5. Select the appropriate services:
    • Choose the appropriate AWS services to support the workloads, such as Elastic Compute Cloud (EC2), Elastic Block Store (EBS), and Elastic IPs.
  6. Implement security:
    • Implement security features such as network access control lists (ACLs), security groups, and VPNs to secure the network.
  7. Test and deploy:
    • Test the network design and deploy it in a staging environment before rolling it out to production.
  8. Monitor and maintain:
    • Monitor the network performance and availability, and make adjustments as needed.

Inputs

  1. Understand your application requirements:
    • Determine the number of users, the types of workloads, and the required availability and performance for your application.
    • This will help you identify the resources needed to support the application.
  2. Consider the number of availability zones:
    • Decide on the number of availability zones needed to ensure high availability for your application.
    • This will help you determine the number of VPCs and subnets required.
  3. Analyze the traffic patterns:
    • Analyze the traffic patterns for your application, such as the volume of incoming and outgoing traffic, the types of traffic, and the frequency of traffic.
    • This will help you determine the number of network interfaces needed to support the traffic.
  4. Consider security requirements: Consider the security requirements for your application, such as the need for network segmentation, VPN connections, and firewalls. This will help you determine the number of VPCs and subnets required.
  5. Evaluate scalability requirements: Evaluate the scalability requirements for your application, such as the need for auto-scaling and load balancing. This will help you determine the number of VPCs, subnets, and network interfaces required.
  6. Consult with experts: Consult with experts in cloud networking and security, as well as your internal IT team, to help you determine the optimal number of VPCs, subnets, and network interfaces for your application.
  7. Monitor and adjust as needed: Once the VPC is in place, monitor the performance and adjust as needed. Regularly evaluate your VPC design and make changes as the need arises.

Choices Made

When designing a VPC, some of the choices in network design include:

1. The number of VPCs and subnets:

  • Depending on the size and complexity of your organization, you may need multiple VPCs and subnets to accommodate different types of workloads and users.

2. IP address range:

  • You have to decide on the IP address range for your VPC and subnets.

3. CIDR block:

  • You have to decide on the CIDR block for your VPC and subnets.

4. Network ACLs and security groups:

  • You need to decide on the inbound and outbound rules for your network ACLs and security groups.

5. Routing:

  • You have to decide on the routing configuration for your VPC, including the main route table, custom route tables, and VPC peering.

6. Internet connectivity:

  • You have to decide on the way your VPC will be connected to the Internet, such as using an Internet Gateway or a NAT Gateway.

7. Services:

  • You have to decide which services your VPC will be using, like EC2, RDS, S3, etc.

8. Public and private subnets:

  • Decide on the number and layout of public and private subnets within the VPC, and how they will be connected to the Internet or other VPCs.

9. DHCP options:

  • Decide on the DHCP options for the VPC, such as the domain name, DNS servers, and NTP servers.

10. Network interfaces:

  • Decide on the number and configuration of network interfaces needed to support the workloads.

11. Elastic IPs:

  • Decide on the number and allocation of Elastic IPs needed to support the workloads.

12. VPC endpoint:

  • Decide on the number and type of VPC endpoints needed to allow access to services without going over the Internet.

13. VPN connections:

  • Decide on the number and configuration of VPN connections needed to connect the VPC to remote networks.

14. VPC flow logs:

  • Decide whether to enable VPC flow logs to capture information about the IP traffic flowing in and out of the VPC, and where to send the logs.

15. VPC tagging:

  • Decide on the naming and tagging conventions for the VPC and its components, to make them easier to identify and manage.

16. VPC scaling:

  • Decide on the scaling strategy for the VPC, such as using auto-scaling groups to adjust the number of instances based on traffic.

17. VPC monitoring:

  • Decide on the monitoring strategy for the VPC, such as using CloudWatch to monitor the performance and availability of the VPC and its components.

18. VPC logging:

  • Decide on the logging strategy for the VPC, such as using CloudTrail to log all AWS Management Console sign-in events and to track the calls made to the AWS API.

19. VPC backup:

  • Decide on the backup strategy for the VPC, such as using Amazon S3 for data archiving and disaster recovery.

20. VPC DR:

  • Decide on the disaster recovery strategy for the VPC, such as using Amazon S3 and Amazon RDS to replicate data across multiple availability zones.

21. VPC compliance:

  • Decide on the compliance strategy for the VPC, such as ensuring that the VPC and its components comply with relevant security standards and regulations.