AWS Direct Connect

Posted on by Osama Mustafa in Cloud

Direct Connect provides a private, reliable connection to AWS from your physical facility, such as a data center or office. It is a fully integrated and redundant AWS service that provides complete control over the data exchanged between your AWS environment and the physical location of your choice.

Direct Connect offers consistent performance with reduced bandwidth cost, backed by a service-level agreement that guarantees 99.99 percent availability.

When choosing to implement a Direct Connect connection, you should first consider bandwidth, connection type, protocol configurations, and other network configuration specifications.

Speed

Direct Connect offers physical connections of 1, 10, and 100 Gbps to support your private connectivity needs to the cloud. Direct Connect supports the Link Aggregation Control Protocol (LACP), facilitating multiple dedicated physical connections to be grouped into link aggregation groups (LAGs). When you group connections into LAGs, you can stream the multiple connections as a single, managed connection. 

Available only in select locations, the 100-Gbps connection is particularly beneficial for applications that transfer large-scale datasets. Such applications include broadcast media distribution, advanced driver assistance systems for autonomous vehicles, and financial services trading and market information systems.

Consider the following Direct Connect specifications: 

  • All connections must be dedicated connections and have a port speed of 1 Gbps, 10 Gbps, or 100 Gbps.
  • All connections in the LAG must use the same bandwidth.
  • You can have a maximum of two 100-Gbps connections in a LAG, or four connections with a port speed less than 100 Gbps. Each connection in the LAG counts toward your overall connection limit for the Region.
  • All connections in the LAG must terminate at the same Direct Connect endpoint.
  • When you create a LAG, you can download the Letter of Authorization and Connecting Facility Assignment (LOA-CFA) for each new physical connection individually from the Direct Connect console.

Network requirements 

To use Direct Connect in a Direct Connect location, your network must meet one of the following conditions:

  • Your network is co-located with an existing Direct Connect location.
  • You are working with a Direct Connect Partner.
  • You are working with an independent service provider to connect to Direct Connect.

The two most common solutions are co-locating at a Direct Connect location or contracting with a Direct Connect Partner.

co-locating

You deploy a router and supporting network equipment to a location with a physical uplink to AWS. Your router at the Direct Connect location is connected to the AWS router using a cross connect. This establishes the physical link used by the Direct Connect service to connect your physical location with AWS.

contracting with a Direct Connect Partner.

The Direct Connect Partner provides you with the physical equipment necessary to connect to an AWS router at the Partner’s physical location. You use this physical link to configure the Direct Connect service to link your physical location with AWS.

Additionally, your network must meet the following conditions:

  • Your network must use single-mode fiber with one of the following:
    • 1000BASE-LX (1,310 nm) transceiver for 1-gigabit Ethernet
    • 10GBASE-LR (1,310 nm) transceiver for 10-gigabit Ethernet
    • 100GBASE-LR4 for 100-gigabit Ethernet
  • Auto-negotiation for the port must be deactivated. Port speed and full-duplex mode must be configured manually. 
  • 802.1Q VLAN encapsulation must be supported across the entire connection, including intermediate devices. 
  •  Your device must support Border Gateway Protocol (BGP) and BGP MD5 authentication. 
  • (Optional) You can configure Bidirectional Forwarding Detection (BFD) on your network. Asynchronous BFD is automatically activated for Direct Connect virtual interfaces, but does not take effect until you configure it on your router or customer gateway device. 

LOA-CFA

When all the physical components are in place to create the Direct Connect connection, AWS will provide you with an LOA-CFA. The LOA-CFA lets you show the operator of the facility hosting the AWS router that AWS approves your request to connect to the AWS router. This connection will complete the last physical step in setting up the Direct Connect connection.

When this is done, you can complete the setup using the AWS Management Console. Here you can choose the virtual interface type your connection will use and configure the Direct Connect gateway.

Virtual interface types

Direct Connect supports three different virtual interfaces:

  • A private virtual interface permits traffic to be routed to any VPC resource in the same private IP space as the virtual interface.
  • A public virtual interface permits traffic to be routed to any VPC or AWS regional resource with a public IP address in the same Region.
  • A transit virtual interface permits traffic to be routed to any VPC or AWS regional resource routable through an AWS Transit Gateway in the same Region.

Cheers, Enjoy the Cloud

Osama

Published by Osama Mustafa

Osama considered as one of the leaders in Cloud technology, DevOps and database in the Middle-East. I have more than ten years of experience within the industry. moreover, certfied 4x AWS , 4x Azure and 6x OCI, have also obtained database certifications for multiple providers. In addition to having experience with Oracle database and Oracle products, such as middle-ware, OID, OAM and OIM, I have gained substantial knowledge with different databases. Currently, I am architecting and implementing Cloud and DevOps. On top of that, I'm providing solutions for companies that allow them to implement the solutions and to follow the best practices.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.