The GENEVE protocol was covered in Chapter 4, “Load Balancing,” as part of the gateway load balancer. In this section, we will do a brief refresher of this standardized encapsulation protocol. The GENEVE protocol preserves the original packet by providing an encapsulation protocol that supports transparent routing. To make sure that the original packet remains intact, the GENEVE protocol encapsulates the original packet in a new header for transmission over the routed network. This preserves the headers that security appliances may need to process and allows for the separation of customer traffic, which may also have overlapping CIDR addresses. GENEVE is similar to VxLAN and GRE at layer 3 but does not have the fixed field size limitations of these protocols. This makes it more flexible for multitenant content analysis and for load balancing implementations that require that the original packet format not be modified.
Since this book is a study guide for the AWS Advanced Networking certification, there is an assumption that you are familiar with networking in general and routing protocols such as BGP. However, we will do a quick review of routing fundamentals to establish a baseline of understanding. If you are not familiar with routing protocols, networking architectures, design, implementation, and troubleshooting, you should take one of the many basic networking courses available on the market before taking this advanced-level certification exam. In this section, you will learn about the two general categories of routing: static and dynamic.
The primary function of a router is to receive a packet on one of its interfaces and know how to send it to its destination. Routers need to know the next hop router and which egress interface it is connected to. This information is stored in a routing table that is stored in each router in the network so the routers know how to send and receive packets so they can reach their destination. This routing table is populated with networks it learns from either static or dynamic routing configured on the router. When a packet that needs to be routed is received by the router, the process is referred to as forwarding. The destination IP address is looked up in the routing table and sent out the interface specified in the table. If there is a change in the network, the router needs to take note of the new route, update its routing forwarding table, and forward the packet out the new interface.
For the exam and interconnecting your internal networks with AWS, the focus will be on the Border Gateway Protocol (BGP). BGP is used to dynamically exchange routing information between your internal networks and external networks such as those in AWS. BGP can be quite complex, and large books have been written about its operation; here, we will cover the basics and what is specifically needed to interconnect your networks with AWS using BGP.
Static routing defines network reachability in a router where the network administrator manually configures the routes into the routing table to be used by the router to send packets to destination networks. A static route includes the destination network or host address, its corresponding network mask, and the IP address or egress interface of the next hop to the destination. The key point to remember is that static routing does not have the ability to automatically update the routing table based on changing network conditions. If a network topology change should occur, the static routes would have to be manually updated as compared to dynamic routing where the routing protocol would automatically be aware of the change and update the routing table.
The advantage of using static routes is that there is no routing protocol overhead that is required when using dynamic routing protocols. The administrator hard-codes the routes into each router, and there is no need for the routers to exchange routing information. In small networks, it’s relatively easy to hard-code static routes with just a few routing statements. Static routing is best used in networks that will not change and do not need to be updated. It could be said that static routing is more secure since there are no routing updates sent over the wire between the routers, and there is no possibility of a router receiving a route that is not valid.