AWS Direct Connect
Reference
- Sheet With Direct Connect, data can now be delivered over a private network connection between AWS and your data center or corporate network.
- links your internal network to a Direct Connect location via a standard Ethernet fiber optic cable. One end of the cable is connected to the router and the other to a Direct Connect router. With this connection, you can create virtual interfaces directly in AWS public services or in Amazon VPC.
- and 100 Gbps connections are available.
- Hosted connections of 1, 2, 5 and 10 Gbps will provide customers with greater capabilities that were previously only available through dedicated
- Amazon Direct Connect also supports AWS Transit Gateway, in addition to configuring site-to-site VPN connections. With this feature, customers can connect thousands of Amazon VPCs in multiple AWS Regions to their on-premises networks using 1/2/5/10 Gbps AWS Direct Connect connections.
Direct Connect
1 Gbps, 10 Gbps,
Supports hosted connection capacities of 1, 2, 5, and 10 Gbps.
connections.
Beneficial Use Cases
-
- When transferring large data sets
- By developing and using applications that use real-time data sources.
- By building hybrid environments that meet regulatory requirements that require the use of private connectivity.
.
Configuring methods Port speed
Method
of
1 Gbps or higher Connect directly to an AWS device from your router in an AWS
Direct Connect location.
1 Gbps or higher
Work with an AWS Partner Network Partner
or
Network Provider to connect a router from your data center, office or colocation environment to an AWS Direct Connect location. Your network provider does not have to be an APN member to connect to it.
Less than 1 Gbps
Work with an AWS Partner Network partner who can create a hosted connection for you. Sign up for AWS and then follow the instructions to accept the hosted connection.
Component connections
: Create a connection in an AWS
-
- Direct Connect location to establish a network connection from your premises to an AWS Region. From Direct Connect you can connect to all Availability Zones in your region.
- Virtual Interfaces – Create a virtual interface to allow access to AWS services. A public virtual interface allows access to public services, such as S3. A private virtual interface allows access to your VPC.
- To access public resources in a remote region, you must configure a public virtual interface and establish a border gateway protocol session.
- You can create a Direct Connect gateway in any public region. Use it to connect your Direct Connect connection through a private virtual interface to your account’s VPCs that are in different regions.
- To provide failover, request and configure two dedicated connections to AWS. These connections can terminate at one or two routers on the network. There are different configuration options available:Active
- /Active (BGP multipath) – This is the default setting, where both connections are active. If one connection becomes unavailable, all traffic is routed through the other connection.
- Active/Passive (failover): One connection handles traffic and the other is on standby. If the active connection becomes unavailable, all traffic is routed through the passive connection.
- Autonomous System Numbers (ASNs) are used to identify networks that have a clearly defined external routing policy to the Internet.
Cross-connections
-
- After you download your Connection Installation Authorization and Assignment Letter (LOA-CFA), you must complete your cross-network connection, also known as cross-connecting. If you already have a computer located in a Direct Connect location, contact the appropriate vendor to complete the cross-connection.
- If you don’t already have computers located in a Direct Connect location, you can work with one of the AWS Partner Network Partners to help you connect to an AWS Direct Connect location.
Virtual
interfaces You
-
- must create a virtual interface to start using the
- You can configure multiple virtual interfaces on a single AWS Direct Connect connection. For private virtual
- interfaces, you need a private virtual interface for each VPC to connect to from the AWS Direct Connect connection, or you can use an AWS Direct Connect gateway.
- Prerequisite connection
- : The Direct Connect connection or link aggregation group for which you are creating the virtual interface.
- name for
- Virtual interface owner
- (private virtual interface only) VLAN
- A unique virtual local area network tag that is not yet in use on your connection
- Address family: Whether the BGP peering session will be over IPv4 or IPv6.
- Peer IP addresses: A virtual interface can support a BGP peering session for IPv4, IPv6, or one of each (dual stack). You cannot create multiple BGP sessions for the same IP address family on the same virtual interface
- A public or private border gateway protocol standalone system number for your side of the BGP session and an MD5 BGP authentication key.
- (Public Virtual Interface only) Prefixes you want to advertise: Public IPv4 routes or IPv6 routes to advertise over BGP. You must advertise at least one prefix using BGP.
Virtual Interface Name: A
the virtual interface.
connection:
.
BGP information:
- The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the largest packet allowed that can be passed over the connection. The MTU of a virtual private interface can be 1500 or 9001 (jumbo frames). The MTU of a transit virtual interface for VPC transit gateways associated with Direct Connect gateways can be 1500 or 8500 (jumbo frames). A public virtual interface does not support jumbo frames.
- Jumbo frames support virtual private interfaces connected to a virtual private gateway or a Direct Connect gateway. Jumbo frames apply only to routes propagated from Direct Connect.
Direct Connect connection.
Link
Aggregation Groups (LAGs)
-
- A logical interface that uses the Link Aggregation Control protocol to aggregate multiple connections on a single Direct Connect endpoint, allowing you to treat them as a single managed connection
- All GAL connections must use the same bandwidth.
- You can have a maximum of four connections in a LAG. Each connection in the LAG counts towards your overall connection limit for the Region.
- All LAG connections must terminate at the same Direct Connect endpoint.
- You can add up to 4 direct-connect ports in a single connection using LAG.
- All connections in a LAG operate in Active/Active mode.
- It will only be available for dedicated 1G and 10G connections.
.
Direct Connect
Gateways
Use a Direct Connect gateway to connect your Direct Connect
-
- connection through a private virtual interface to one or more VPCs in your account that are in the same or different regions
- It is a globally available resource.
- The Direct Connect gateway also allows you to connect between your on-premises networks and Amazon Virtual Private Cloud (Amazon VPC) in any commercial region of AWS, except in the China Regions.
- Prior to multi-account support, you could only associate Amazon VPC with one Direct Connect gateway in the same AWS account. With the release of multi-account support for your Direct Connect gateway, you can associate up to 10 multi-account Amazon VPCs with a Direct Connect gateway. VPCs must be owned by AWS accounts that belong to the same AWS payer account ID.
.
AWS
Direct Connect
SiteLink
-
- The SiteLink feature makes it easy to create a private network connection between your on-premises locations and AWS. This is done by connecting your AWS resources to Direct Connect locations (e.g., offices, data centers) around the world.
- With the feature, you can link your on-premises datacenters to Direct Connect and send data between them through the shortest path between your AWS Direct Connect locations.
AWS Direct Connect Security
-
- Use IAM to control access
.
Monitoring AWS
Direct
-
- Connect Optionally, you can assign tags to your Direct Connect resources for categorization or management. A tag consists of a key and an optional value, both defined.
- CloudTrail captures all API calls for AWS Direct Connect as events.
- Configure CloudWatch alarms to monitor metrics.
AWS Direct Connect Pricing
-
- You only pay for the network ports you use and the data you transfer over the connection
- The price is per port-hour consumed for each port type. Outbound data transfer through AWS Direct Connect is charged per GB. IN data transfer is $0.00 per GB in all locations.
.
AWS Direct Connect
Deep Dive
Save:AWS Direct Connect
Related Fact Sheets
:S3 Transfer Acceleration vs. Direct Connect vs. VPN vs.
- Snowball vs. Snowmobile
Note: If you are studying for the AWS Certified Advanced Networking Specialty, we strongly recommend that you take our AWS-certified Advanced Networking Practice Exams and read our Advanced Networking Specialty Exam Study Guide.
Validate Your Knowledge
Question 1
A leading insurance company has a VPC in the US region. East (N. Virginia) for its headquarters in New York and another VPC in U.S. West (N. California) for its regional office in California. There is a requirement to establish a low-latency, high-bandwidth connection between your on-premises data center in Chicago and your two VPCs on AWS.
As the company’s SysOps administrator, how could you implement this in a cost-effective way?
Establish a Direct Connect connection between your VPC in the US region. East (N. Virginia) and your on-premises Chicago datacenter
- , and then establish another Direct Connect connection between your VPC in the US West (N. California) region and your on-premises datacenter.
- Direct Connect gateway with a virtual private gateway
- Set up an AWS VPN-managed connection between your VPC in the US Region. East (N. Virginia) and the local data center in Chicago.
- two VPCs and for the on-premises datacenter.
Set up an AWS
.
Configure two separate VPC peering connections for the
Question 2 An
enterprise has a hybrid cloud infrastructure consisting of its Amazon VPC in the us-east-1 (N. Virginia) region and its corporate network. A single 10 Gbps AWS Direct Connect connection with multiple private virtual interfaces has been established to allow EC2 instances to send data to on-premises file storage servers. The network administrator is tasked with ensuring high resilience to common connectivity failures that will support critical production workloads.
What must the Administrator do to satisfy this requirement?
Create a second
- 10 Gbps AWS Direct Connect connection to another AWS Direct Connect location.
- Create a second 10 Gbps AWS Managed VPN connection between your VPC and
- Start a Direct Connect gateway that connects two public virtual interfaces in the us-east-1 (N. Virginia) region to your on-premises network.
Create a second 10 Gbps AWS Direct Connect connection to your existing AWS Direct Connect location.
your on-premises network.
For more questions about AWS practice exams with detailed explanations, visit the Tutorial Portal:
AWS Direct Connect Reference Sheet References:
https://docs.aws.amazon.com/directconnect/latest/UserGuidehttps://aws.amazon.com/directconnect/features/https://aws.amazon.com/directconnect/pricing/https://aws.amazon.com/directconnect/faqs/