Tutorial / Cram Notes

Amazon VPC is the cornerstone of AWS networking, and it comes with several quotas:

  • VPCs per region: By default, you can create 5 VPCs per region. If you need more VPCs, you can request an increase.
  • Subnets per VPC: You can create up to 200 subnets per VPC, which should accommodate most network designs. However, remember that each subnet must reside entirely within one Availability Zone and cannot span zones.
  • Route tables per VPC: Each VPC can support up to 200 route tables (including the main route table). Additionally, each route table can have up to 50 static routes (not including propagated routes from a VPN).

Elastic Load Balancing (ELB)

The Elastic Load Balancing service provides quotas related to the numbers of load balancers:

  • Application Load Balancers (ALBs) per region: 50
  • Network Load Balancers (NLBs) per region: 50
  • Listeners per Load Balancer: 50

It’s important to note that these are default values and can be increased by submitting a service limit increase request to AWS.

AWS Direct Connect

With AWS Direct Connect, various quotas can affect your network architecture:

  • Direct Connect gateways per account per region: 20
  • Virtual interfaces per AWS Direct Connect connection: 50
  • MACsec keys per connection: 20

For organizations requiring high bandwidth for hybrid cloud architecture, keeping an eye on these quotas is essential for maintaining network performance and reliability.

Amazon Route 53

Amazon Route 53, the DNS service by AWS, enforces limits such as:

  • Hosted zones per account: 500 (soft limit)
  • Resource record sets per hosted zone: 10,000 (soft limit)

Soft limits can often be increased by reaching out to AWS support, whereas hard limits are enforced by the system and cannot be changed.

AWS Transit Gateway

When using AWS Transit Gateway to interconnect VPCs and on-premises networks, you will encounter these quotas:

  • Transit gateways per account: 5
  • Attachments per transit gateway: 50
  • Route tables per transit gateway: 20

Knowing the Transit Gateway quotas is essential for designing a large-scale network that spans multiple VPCs and potentially multiple AWS accounts.

Bandwidth Limits

Bandwidth limits are particularly crucial from a networking perspective as they directly influence the performance of your applications. Here are a few scenarios where bandwidth can come into play:

  • EC2 instance bandwidth: Each EC2 instance type has different networking capabilities, from low to 100 Gbps for the largest instance types.
  • Inter-region VPC Peering: AWS has a limit on the bandwidth for traffic between regions, which varies by instance type and the distance between the regions.
  • VPN Connection: The VPN connection typically provides a maximum throughput of 1.25 Gbps per tunnel.

Managing Limits and Quotas

It’s important to continually monitor your service usage against the established limits. AWS provides the Service Quotas console and the AWS Trust Advisor, which can alert you when you’re close to hitting a quota. Additionally, using CloudWatch metrics, you can monitor network traffic and performance, and take proactive measures to request limit increases before it becomes a bottleneck for your applications.

Strategies for Working Within Limits

Here are a few strategies to cope with AWS service limits:

  • Architecture Design: Design architectures that can scale horizontally, creating more instances of resources rather than hitting vertical scaling limits.
  • Request Increases Proactively: Don’t wait for the limits to become an issue. If you foresee growth, request limit increases in advance.
  • Use Multiple Accounts: Strategically use multiple accounts to manage resources and stay within per-account limits.

By understanding these limits and proactively managing quotas, you can ensure a robust and scalable network for your AWS resources, which is a key part of success in the AWS Certified Advanced Networking – Specialty (ANS-C01) exam.

Practice Test with Explanation

True or False: AWS VPCs have a limit on the number of Internet Gateways (IGWs) that can be attached to them.

  • True
  • False

Answer: True

Explanation: Each AWS VPC can have only one Internet Gateway (IGW) attached to it.

True or False: The number of Elastic IP addresses (EIPs) you can allocate per region is unlimited by default.

  • True
  • False

Answer: False

Explanation: AWS limits the number of Elastic IP addresses you can allocate per region, and you have to request an increase if you need more.

Multiple Choice: AWS Direct Connect supports which of the following bandwidths?

  • 50 Gbps
  • 100 Mbps
  • 1 Gbps
  • All of the above

Answer: All of the above

Explanation: AWS Direct Connect supports bandwidths of 50 Mbps, 100 Mbps, 1 Gbps, and more, depending on the type of connection.

True or False: The maximum Transmission Control Protocol (TCP) throughput for a single flow across an AWS Virtual Private Cloud (VPC) peering connection is 5 Gbps.

  • True
  • False

Answer: True

Explanation: The maximum TCP throughput for a single flow across an AWS VPC peering connection is 5 Gbps, but can be higher for instances that support enhanced networking.

Multiple Select: Which of the following are limitations associated with Amazon Virtual Private Cloud (Amazon VPC)?

  • Number of VPCs per region
  • Number of subnets per VPC
  • Number of security groups per instance
  • Number of route tables per VPC
  • All of the above

Answer: All of the above

Explanation: AWS imposes limits on the number of VPCs per region, subnets per VPC, security groups per instance, and route tables per VPC.

True or False: The number of route tables per AWS Direct Connect gateway is unlimited.

  • True
  • False

Answer: False

Explanation: There are limits on the number of route tables you can associate with an AWS Direct Connect gateway.

Single Choice: What is the default limit for the number of route 53 hosted zones that can be created per AWS account?

  • 50
  • 100
  • 500
  • 1000

Answer: 500

Explanation: By default, you can create up to 500 hosted zones per AWS account.

True or False: AWS Transit Gateway supports inter-region peering.

  • True
  • False

Answer: True

Explanation: AWS Transit Gateway does indeed support inter-region peering, allowing you to connect transit gateways across different AWS Regions.

True or False: The limit on the number of AWS Client VPN endpoints per region can be increased upon request.

  • True
  • False

Answer: True

Explanation: The number of Client VPN endpoints per region is subject to a service limit, which can be increased by contacting AWS support and submitting a limit increase request.

Multiple Select: What are the quota limits for AWS Network Load Balancer (NLB)?

  • Number of target groups per NLB
  • Number of targets per target group
  • Number of listeners per NLB
  • Number of subnets per Availability Zone

Answer: Number of target groups per NLB, Number of targets per target group, Number of listeners per NLB

Explanation: AWS NLB has quotas on the number of target groups, targets per target group, and listeners. There is no limit on the number of subnets per Availability Zone.

Multiple Choice: How often can you request an increase for the Elastic IP (EIP) limit per region?

  • Once a week
  • Once a month
  • As often as needed
  • Once a year

Answer: As often as needed

Explanation: You can request an increase for the Elastic IP limit per region as often as needed by submitting a request to AWS support.

True or False: Network ACLs (Access Control Lists) in AWS have a limit on the number of rules per network ACL.

  • True
  • False

Answer: True

Explanation: There is a limit on the number of rules you can have per network ACL; the default limit is 20 inbound and 20 outbound rules which can be increased by requesting AWS support.

Interview Questions

What is the default limit for Elastic IP addresses for a new AWS account, and how can this affect the deployment of highly available architectures?

The default limit for Elastic IP addresses per region for a new AWS account is This limit can affect highly available architectures since more Elastic IPs might be needed for NAT gateways, or instances across multiple Availability Zones. Limits can be increased by submitting a limit increase request to AWS.

Can you describe how the bandwidth limits for an Amazon VPC peering connection can impact inter-VPC communication?

Bandwidth limits for VPC peering connections depend on the instance type since the data transfer is bound by the lowest bandwidth of the instances in the peering relationship. This can impact inter-VPC communication if workloads require high-throughput, as it might necessitate the use of instances with higher bandwidth capabilities or multiple peering connections.

How does AWS throttle bandwidth on the Internet Gateway, and what is the impact on high-traffic workloads?

AWS does not explicitly throttle bandwidth on the Internet Gateway (IGW). However, traffic is subject to the aggregate bandwidth limit of the underlying EC2 instances using the IGW. For high-traffic workloads, this can necessitate scaling horizontally by adding more instances or vertically by using instances with higher bandwidth capacities to avoid potential bottlenecks.

Explain how you would manage AWS Direct Connect limits to ensure optimal performance for critical workloads.

Managing AWS Direct Connect limits involves monitoring Direct Connect connections and their utilization, ensuring that connections are not oversubscribed. For critical workloads, consider provisioning multiple dedicated connections for redundancy and increased bandwidth, or using hosted connections with additional virtual interfaces (VIFs) when needed, to achieve the desired performance.

Discuss the consequences of exceeding the maximum number of routes in a VPC Route Table and how you can address this issue.

Exceeding the maximum number of routes in a VPC Route Table, which is currently 50 for the main route table and 100 for custom route tables, can cause new routes not to be programmed, thus affecting network connectivity. To address this issue, subnetting or segmenting the VPC network, using more specific routes, or employing Transit Gateways for more complex routing are potential solutions.

Can you outline the implications of NAT Gateway bandwidth limits for a VPC with resource-intensive workloads?

NAT Gateway bandwidth limits are bound by the instance type and can scale up to 45Gbps. For resource-intensive workloads, NAT Gateway limits can constrain outbound internet traffic leading to degraded performance. Mitigation strategies include deploying multiple NAT Gateways across different subnets and Availability Zones, or implementing NAT Instances that can be tuned for performance.

How do the number of virtual interfaces (VIFs) per AWS Direct Connect connection limit impact the network design for a multi-VPC environment?

The limit on the number of VIFs, which is 50 per AWS Direct Connect connection, can impact network design as each VIF is used to connect to a separate VPC. A multi-VPC environment may require multiple Direct Connect connections or the consolidation of VPCs through AWS Transit Gateway to manage connectivity within this limit.

Describe the challenges introduced by API rate limits when automating AWS Networking services, and how can you mitigate them?

API rate limits can lead to throttling and failure of automation scripts if calls are made too frequently. Challenges include the inability to make timely changes or retrieve information. To mitigate this, implement exponential back-off in scripts, cache API responses when possible, and use AWS service features that batch API calls, such as aggregated security group rules.

What strategies can be employed to prevent limitations on inter-region VPC peering from affecting disaster recovery plans?

To prevent limitations on inter-region VPC peering, which is capped by the number of peering connections and bandwidth per connection, from affecting disaster recovery plans, you can employ replication across multiple regions in advance, use AWS Transit Gateway for scalable connectivity, as well as ensure that the architecture is designed with redundancy to handle regional failover seamlessly.

How can reaching the connection tracking limit for an AWS Network Load Balancer impact your application’s performance and how can you mitigate this risk?

Reaching the connection tracking limit (800K concurrent flows for Network Load Balancer) can lead to dropped connections and degraded application performance. To mitigate this, you can distribute traffic across multiple NLB instances, enable Elastic IP addresses for scaling, tune the application to use fewer connections, or architect to allow connections to be reused effectively.

In the context of AWS Service Quotas, how would you plan for scaling your network infrastructure in response to increased demand?

Planning for scaling involves monitoring current usage against service quotas, and proactively requesting quota increases in anticipation of higher demand to ensure that limits do not hinder scaling. Additionally, designing networks to be modular with the ability to add additional resources, such as EC2 instances, NAT Gateways, or using AWS Global Accelerator for distributing traffic, can help accommodate increased demand.

Explain the importance of understanding the burstable performance of T2/T3 instances in AWS networking and how it can affect application performance.

T2/T3 instances offer burstable performance that uses CPU credits to manage CPU usage. In networking, if a burstable instance is the bottleneck (e.g., hosting a NAT Gateway), and it exhausts its CPU credits, this can lead to reduced network throughput and slower application performance. Monitoring and managing CPU credits or choosing instances without burstable performance based on the network demand are critical to maintaining consistent application performance.

0 0 votes
Article Rating
Subscribe
Notify of
guest
21 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Maya Côté
6 months ago

Great article on AWS networking limits and quotas!

Oscar Vargas
6 months ago

Could someone explain how bandwidth limits impact VPC peering?

Jaime Cornejo
6 months ago

I appreciate the detailed explanations in this blog. Much needed for my ANS-C01 exam prep!

Željka Srećković

What about route table limits in a VPC? How do they affect network performance?

Lucas Pedersen
6 months ago

Very helpful post, thanks!

Franz Lorenzen
7 months ago

In my experience, dealing with high route table limits often requires breaking down the architecture into smaller, more manageable VPCs.

سارا احمدی

Does anyone have tips on managing ENI (Elastic Network Interface) limits effectively?

Aron Fogaça
7 months ago

This article really breaks down the networking constraints well. Kudos!

21
0
Would love your thoughts, please comment.x
()
x