专用链接与 VPC 对等互连
[英]Private link vs VPC peering
问题描述
I need to set up a connection between VPCs.
我需要在 VPC 之间建立连接。 My plan was VPC peering but customer asks for Private Link as they heard it is the secure way.我的计划是 VPC 对等互连,但客户要求使用专用链接,因为他们听说这是安全的方式。 But I am mostly concerned with performance overhead with the private link.但我最关心的是私有链接的性能开销。 What I understood (maybe wrong);我的理解(可能是错误的); in the Private Link architecture there is an extra NLB.在 Private Link 架构中有一个额外的 NLB。 Does not this introduce a latency because of extra network hop?这不会因为额外的网络跃点而引入延迟吗?
1 个解决方案
解决方案1
3 已采纳 2020-04-20 23:21:38
VPC peering and Private Link serve two different purposes . VPC 对等互连和专用链接有两种不同的用途。
VPC peering enables you to connect two VPC in a same way you would connect to local networks together, and remote networks using VPN. VPC 对等使您能够以与一起连接到本地网络和使用 VPN 的远程网络相同的方式连接两个 VPC。 VPC peering allows network traffic from one VPC to the second VPC. VPC 对等允许从一个 VPC 到第二个 VPC 的网络流量。 For example, you can SSH from an instance in VPC A into an instance in VPC B.例如,您可以从 VPC A 中的实例 SSH 到 VPC B 中的实例。
Private Link is used to expose individual services of yours in VPC A to VPC B. But this does not allow for free flow of network traffic from VPC A to VPC B. For example, lets say you've developed very cool application for image segmentation. Private Link用于将您在 VPC A 中的各个服务公开给 VPC B。但这不允许网络流量从 VPC A 自由流动到 VPC B。例如,假设您开发了非常酷的图像分割应用程序. The application and all its databases and other resources that it requires are in VPC A. Now a friend comes and he/she would like to use your application.应用程序及其所需的所有数据库和其他资源都在 VPC A 中。现在有朋友来了,他/她想使用您的应用程序。 But the friend is in VPC B. Since your application is private, not exposed to the internet, a way for your friend to use the app would be to expose it through Private Link.但是朋友在 VPC B 中。由于您的应用程序是私有的,没有暴露在互联网上,因此您的朋友使用该应用程序的一种方式是通过私有链接公开它。 For this you create NLB in-front of your application, and your friend will get network interface in his VPC B through which he can access your private application in VPC A.为此,您在应用程序前面创建 NLB,您的朋友将在他的 VPC B 中获得网络接口,通过该接口他可以访问您在 VPC A 中的私有应用程序。
Based on this and your question, there is no clear answer as the two options are used for different purposes.基于这个和你的问题,没有明确的答案,因为这两个选项用于不同的目的。 I would suggest to clarify exactly what are your or your customer requirements.我建议明确说明您或您的客户的要求。
But generally, both will be equally fast.但一般来说,两者的速度都一样快。 AWS docs write about VPC peering the following: AWS 文档写了关于 VPC 对等的以下内容:
AWS uses the existing infrastructure of a VPC to create a VPC peering connection;
Other examples from AWS docs is here: AWS 文档中的其他示例如下:
Edit: Based on @Michael comment.编辑:基于@Michael 评论。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.