Public endpoints or VPC peering?

[JoeAlamo]

Are the latency tests performed using DynamoDB public endpoints? So the packets are going across public internet? Or do you have VPC peering set up between regions?

[kennykjam]

+1 one this question. Are these stats based on VPC or Public Internet? Are the stats RTT or one way(assume RTT)? On the whole the RTT seems quite slow compared to what is possible!

[mdeora]

+1 one this question about vpc peered latency or public igw?

[mda590]

Great question! These stats are based on RTT between IGW in source region and public DynamoDB endpoint in destination region.

VPC peering is coming in the near future via one of the updates I am currently working on.

[JoeAlamo]

That's nice to hear! Out of interest, how would you do that? With DynamoDB having public endpoints they'd usually go across public internet as far as I know, can you use VPC endpoints and access these cross region?

[swestcott]

That's nice to hear! Out of interest, how would you do that? With DynamoDB having public endpoints they'd usually go across public internet as far as I know, can you use VPC endpoints and access these cross region?

Cross-region VPC peering + VPC endpoints should enable this.

I'm really curious to see the difference between public/private routing 👍

[argo516]

Hitting gateway style VPC Endpoints (Dynamo DB or S3) will not work across VPC peering. Your best bet would be using any of the interface style VPC Endpoints from this list: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html

[DarwinJS]

I was wondering what networking this was using as well.

It could be super helpful to clarify that the current page is using internet latencies in both the website and the read me!

Also I hope that you plan is to retain the internet latency and add the VPC peering (AWS Backbone) numbers rather than replace the internet latency. Having both helps with smaller budget implementations that can't step up to an AWS backbone implementation due to cost or complexity.

[chriselsen]

Have a look at the AWS VPC FAQ:

Q. Does traffic go over the internet when two instances communicate using public IP addresses, or when instances communicate with a public AWS service endpoint? No. When using public IP addresses, all communication between instances and services hosted in AWS use AWS's private network. Packets that originate from the AWS network with a destination on the AWS network stay on the AWS global network, except traffic to or from AWS China Regions. In addition, all data flowing across the AWS global network that interconnects our data centers and Regions is automatically encrypted at the physical layer before it leaves our secured facilities. Additional encryption layers exist as well; for example, all VPC cross-region peering traffic, and customer or service-to-service Transport Layer Security (TLS) connections.

Therefore from a network path perspective traffic from a Lambda function in region A to the public endpoint of DynamoDB in region B will take the same AWS backbone path as if you would create VPC peering or TGW peering between the regions and use a different private endpoint instead of DynamoDB. In neither of these two cases would traffic traverse the public Internet. But in the second case you would be adding latency due to processing of packets by the peering connection encryption and potentially the PrivateLink-based endpoint in the target region. With that switching the traffic path away from what it currently is, you would actually get less reliable data.