Dude – Where are my Packets?

In a prior post (https://powerfulargument.com/post/2021-01-10-dude-where-is-my-data/) I spoke about where data is stored on AWS – but what about when you move data around? On AWS’s global network your packets are encrypted, private, performant, and reliable.

Packets Inside a Region

AWS has the concept of a Region, which is a physical location around the world where we cluster data centres. We call each group of logical data centres an Availability Zone. Each AWS Region consists of multiple, isolated, and physically separate AZs within a geographic area. Unlike other cloud providers, who often define a region as a single data centre, the multiple AZ design of every AWS Region offers advantages for customers.

All Availability Zones (AZs) in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fibre providing high-throughput, low-latency networking between AZs. All traffic between AZs is encrypted.

Each region also has two independent, fully redundant transit centers that allow traffic to cross the AWS network, enabling regions to connect to the global network. Further, we don’t use other backbone providers for AWS traffic once it hits our backbone.

Any link outside of AWS physical control, including between AWS datacenters, and across the AWS backbone is encrypted with MACSEC or Optical encryption using AES-256.

Moving Data Between Regions

Data only moves when you move it. You might be replicating data for DR or compliance; you might be sharing data to collaborate or any other number of reasons.

This is where the AWS Global Network Backbone enables you to move your packets reliably and securely. All Inter-Region traffic is encrypted, traverses the AWS global network, and is not exposed to the public internet – thus reducing the attack surface. All commercial Region-to-Region traffic traverses the backbone except China.

This is achieved with a fully redundant 100 GbE network that circles the globe via trans-oceanic cables that run over tens of thousands of kilometers and up to ten kilometers under the sea. The network is designed to survive link failure: no single link can have a significant impact. The deep monitoring and operational rigor of the AWS network, including fully automated software that detects and mitigates normal faults as well as “grey failures,” hard-to detect partial failure modes, provides greater fault tolerance.

We continue to invest in this backbone, with past investments including the Hawaiki, Jupiter, and Bay to Bay Express cable systems.

Network Innovation

We want customers to move more data, more cost effectively as their data needs grow. Laying more and more network conduit is an expensive and complex process. If we can deploy more fibre over the same link, we can move more packets more cost-effectively. As Peter De Santis (Vice President, AWS) shared in his 2018 AWS re:Invent session (https://youtu.be/mDNHK-SzXEM?t=472); in 2016 the most fibre strands we could fit in a 2-inch conduit was 3,456. Fast-forward to 2018 and we were the first to launch 6,912 strands in the same 2-inch conduit. Innovations like these continue at every layer of our infrastructure and help us to add more scale and lower costs for customers.

On AWS your packets are encrypted, private, performant, and reliable. So whether you are moving your data across a region or across the world – you can be assured you are doing it in the safest, most secure way possible.