Why AWS Advanced Networking Specialty now?

Many of my connections ask me the motivation taking some professional level networking certifications, such as AWS Advanced Networking Specialty (ANS) and VMware NSX, yet achieved expert-level ones like Cisco CCIE (R&S and SP).

Partially, for me, the professional ones are to meet Competence requirements as their strategic partner; also, because the emerged technologies become a new norm and reality – happening almost in my daily engagement whether the conversation pertains to a multi-cloud, DC expansion, DR, or micro-segmentation.

Compares to the CCIE routing exams in which the sky is limit, the AWS one more centers on what you cannot do (limit) vs. what you could due to the nature of public cloud. Just to name a few: 1) transitive routing - if traffic is not generated from or to your VPC, it will be black-holed. One exception to this is CloudHub via VGW; 2) max 100 routes are allowed over a BGP session using Direct Connection, otherwise the BGP session would tear down until the number of prefixes under 100; 3) traffic-engineering is limited even with AWS-TGW. The positive, however, it goes way beyond L3. ELB and Route53/DNS Resolver in Hybrid are heavily tested for instance. In my opinion, the ANS indeed tests your network design knowledges and skills against AWS well-architected framework based-on scenarios.

It is important to keep in mind that network design is a trade-off, especially for overlay-based, in which network scales most likely horizontally over vertically. As a rule of thumb, balancing­ your network design goals among speed, performance and cost, or better yet to stick with business and technical requirements if you can scope them out in advance. The chance to pan-out all three at once is extremely slim, just like the Triple Constraints of project management.

Last but not the least, don’t forget network security when design! Ideally, to take a layered access control approach whenever possible.