USING PRIVATE VPC ENDPOINTS IN AWS WAVELENGTH ZONES – Using AWS Wavelength Zones on Public 5G Networks

 2021-11-20
      No Comments
      Brette Connolly

VPC interface endpoints must be attached to subnets in the parent region. They cannot be attached to subnets in an AWS Wavelength Zone.

This also needs to be considered for any services your mobile application itself directly uses. It is common for mobile devices to retrieve files from Amazon S3:

Figure 7.18 – Mobile device communicating with Amazon S3 over the internet

This is fine in many circumstances. Just remember – once the connection leaves the MNO’s mobile network for the open internet, the QoS drops to best effort:

Figure 7.19 – WireGuard VPN used to access private endpoints

In cases where the QoS for these connections is important, consider implementing a lightweight VPN such as WireGuard to an EC2 instance inside an AWS Wavelength Zone. This allows you to route traffic to AWS PrivateLink endpoints in the VPC by impersonating the private IP of the VPN server.

While standard Linux-based VPN services such as Openswan can also perform this function, WireGuard has a much smaller footprint and makes better use of available compute resources. It is possible to push 500 Mbps over a WireGuard server on a t3.micro EC2 instance.

This is largely due to its simplicity. WireGuard consists of less than 7,000 lines of code. By comparison, StrongSwan + XFRM (a common IPSec implementation) is over 400,000 lines – and OpenVPN + OpenSSL (a common SSL VPN implementation) is greater than 600,000.

Considerations such as this are important in the world of embedded devices.

Integrating AWS Wavelength with other services

Referring back to the section in Chapter 3 about MEC, we covered how MNOs are building these capabilities out in their existing aggregation or regional central offices (COs). These are not gigantic data centers such as those a standard availability zone consists of.

This is why the service selection is limited to those that are most requested by customers for proven MEC use cases.

EC2 instances

AWS Wavelength Zones supports a limited number of Nitro-based Amazon EC2 instance types. The current list of instance types available in any given AWS Wavelength Zone can be queried with the following CLI command:
aws ec2 describe-instance-type-offerings \
–location-type “availability-zone” \
–filters Name=location,Values=eu-west-2-wl1-lon-wlz-1 \
–region eu-west-2 \
–query “InstanceTypeOfferings[*].[InstanceType]” \
–output text | sort

Figure 7.20 – Querying the EC2 instance types available in the AWS Wavelength Zone in London

Dev/test applications with smaller footprints can be launched by anyone on demand in AWS Wavelength. However, it is important to remember the capacity in any given location is managed by the MNO in whose network it lives. It is prudent to reach out to both your MNO and your AWS account team when planning larger deployments to ensure adequate capacity is provisioned and possibly reserved on your behalf.

Limits on dedicated EC2 resources

Dedicated Instances and Dedicated Hosts are not available in AWS Wavelength Zones.