我想知道是路由器的AWS-VPC中的作用由虚拟机玩过吗？该虚拟机可能有多个网卡。如果不是，那么如何在VPC路由器设计的？非常感谢。

I am wondering is the role of router in AWS-VPC played by a virtual machine ? This vm may have several nics. If not, then how is the router in vpc designed ? Thanks a lot.

推荐答案

没有，它不是由一个虚拟机，甚至一组虚拟机的播放。

No, it isn't played by a virtual machine, or even a set of virtual machines.

思考了片刻，一个VPC路由器不可能是单一的东西，因为那会不会是多余的......它必须至少为六个东西（3可用性区×2每个可用性区域冗余设备的最低，以及所有必要的互连）......和这些事情必须是无限和透明的可扩展性...然后不要忘记，你的情况下，通常不是自己的身体唯一的机器主机，并可以分散在整个物理设施，包括每个可用区。

Thinking about it for a moment, a VPC router couldn't possibly be a single "thing" because that wouldn't be redundant... it would have to be at least six "things" (3 availability zones x 2 devices minimum per availability zone for redundancy, plus all of the requisite interconnections)... and those things would have to be infinitely and transparently scalable... and then don't forget that your instances are typically not the only machine on their physical host, and can be scattered throughout the physical facility that comprises each availability zone.

所以，没有。

在亿个数据包（CPN401）的生活中的一天 - 的谈话和幻灯片下面链接 - 进入错综复杂的细节如何在VPC虚拟网络运营

"A Day in the Life of a Billion Packets (CPN401)" -- the talk and slides are linked below -- goes into intricate detail how the virtual networking in VPC operates.

这是一个极端的过于简单，但我的跨$ P $材料$ P $的ptation psented有指示数据包的主机之间基本上是隧道的VPC基础设施，使用地图服务的解耦VPC子网分配从AWS物理网络连接。

This is an extreme oversimplification, but my interpretation of the material presented there indicates that the packets are essentially tunneled between hosts by the VPC infrastructure, using a mapping service that decouples the VPC subnet allocation from the AWS physical network connectivity.

在主机的AARPS主机B，它得到的回应，但回应不从B来，因为该请求永远不会到达B。它捕获并映射服务来处理......所以没有广播域，即使机器之间在同一VPC子网。

When host "A" arps for host "B," it does get a response, but that response doesn't come from "B" because the request never arrives at "B". It's captured and handled by the mapping service... so there's no broadcast domain even between machines on the same VPC subnet.

隧道可能不是一个precisely正确的术语，这里发生了什么，但它是在准确的，即内（VPC）网络拓扑结构，它可以控制，独立于外（AWS数据中心）网络拓扑结构，这并不需要了解VPC路线。

"Tunnel" is probably not a precisely correct term for what's happening here, but it's accurate in the sense that the inner (VPC) networking topology, which you control, is independent of the outer (AWS data center) networking topology, which doesn't need to understand the VPC routes.

在VPC实例要与另一个实例通信，它学会从地图服务隧道目的地。接收主机也验证与地图服务发送者是真实的。该系统能够防御的VPC之间的通信的入侵，因为什么我打电话隧道层是不能访问的实例。

When a VPC instance wants to communicate with another instance, it learns the tunnel destination from the mapping service. The receiving host also validates with the mapping service that the sender is authentic. The system is secure against incursions of traffic between VPCs because what I'm calling the tunnel layer is not accessible to the instances.

所以VPC路由器实质上是无限大容量的虚拟机，但不是在通常意义（虚拟计算机）的虚拟机。它是一个虚拟路由器由在AWS区域路由器和交换机的整个网络的，与映射基础设施，提供允许VPC流通过它的胶的帮助

So the VPC "router" is essentially a "virtual machine" of infinite capacity, but not a "virtual machine" in the normal sense (virtual computer). It's a virtual router made up of the entire network of routers and switches in the AWS region, with the help of the mapping infrastructure that provides the glue that allows VPC traffic to traverse it.

http://www.youtube.com/watch?v=Zd5hsL-JNY4

http://www.slideshare.net/AmazonWebServices/a-day-in-the-life-of-a-billion-packets-cpn401-aws-reinvent-2013