Advanced Connectivity Options
Start course
2h 40m

In this section of the AWS Certified Advanced Networking - Specialty learning path, we introduce you to the various tools, technologies, and services used to connect on-premises environments to the AWS Cloud, including Direct Connect and VPNs.

Learning Objectives

  • Identify and describe how Direct Connect and VPNs are used to connect on-premises environments to the AWS Cloud
  • Describe advanced AWS Direct Connect connectivity scenarios, including when to leverage Public, Private, and Transit Virtual Interfaces (VIFs)
  • Understand routing fundamentals for static and dynamic routing in AWS along with industry-standard routing protocols such as Border Gateway Protocol (BGP)
  • Describe how to use encryption to secure traffic as it travels across VPNs and Direct Connect connections


The AWS Certified Advanced Networking - Specialty certification has been designed for anyone with experience designing, implementing, and operating complex AWS and hybrid networking architectures. Ideally, you’ll also have some exposure to the nuances of AWS networking, particularly regarding the integration of AWS services and AWS security best practices. Many exam questions will require advanced level knowledge of many AWS services, including AWS networking services. The AWS Cloud concepts introduced in this course will be explained and reinforced from the ground up.


A common first step in the DX connection process is that a customer requests a DX connection in a DX location. And you may be asking yourself, can a customer request multiple DX connections in a DX location, or can a customer request multiple DX connections in multiple DX locations in order to increase the resiliency of their Direct Connect?

And I'm happy to say that the answer to both questions is yes. Most definitely, yes. In fact, with the introduction of the Direct Connect Resiliency Toolkit, AWS has made it easier to deploy resilient DX architectures from the time a DX connection is initially requested. If you open the Direct Connect service dashboard in the AWS management console and click 'Create Connection', you'll see two connection ordering types; classic and connection wizard. The classic connection enables an organization to configure a single Direct Connect connection.

The connection wizard ordering type launches the AWS Direct Connect Resiliency Toolkit to assist with the creation of an advanced DX architecture that is in alignment with an organization's SLA objective. The Resiliency Toolkit provides the following resiliency models: One, maximum resiliency; this model creates multiple DX connections in multiple DX locations. Two, high resiliency; this model creates a single DX connection in multiple DX locations. And three, development and test; this model creates multiple DX connections in a single DX location. If you explore the resiliency levels available to you as part of the Direct Connect connection wizard, you will notice that both the maximum resiliency and the development and test models will deploy multiple DX locations in a given DX location. Multiple DX connections within a single DX location can be configured as a Link Aggregation Group, or LAG for short. LAGs enable multiple physical DX connections to function as a single connection of their total aggregated bandwidth.

For example, four physical 1GB DX connections configured as a LAG would function as a single 4GB DX connection. When considering LAGs, remember the following: One, all DX connections in a LAG are active. Two, there is a maximum of four connections allowed per LAG. Note, however, that if you are using 100GB DX connections, only two connections can be added to a LAG. Three, all DX connections within a LAG must be the same speed. For example, a 1GB DX connection cannot be in the same LAG as a 10GB DX connection. Four, all LAG members must terminate in the same AWS DX location. Five, you can't move an existing DX connection into a LAG and you can create a LAG with one DX connection, though it is a best practice to add all LAG members at the same time. Six, the minimum links attribute of a LAG defines the minimum number of active links required for the LAG to be operational. As you might have guessed, this value can be set from 1 to 4. If you have a 4GB LAG composed of four 1GB DX connections and you know you must have at least 2GB for your applications to work correctly, you would set the minimum links value to two.

If three of the 1GB connections in the LAG are inactive, the LAG itself will be in a downstate until at least one of the DX connections is restored to operation. Though LAGs provide a measure of resiliency, such as the failure of a single DX switch port or cross-connect cable, they do not provide any benefit in regards to the failure of an entire DX location. The primary benefit of a LAG is increased network performance via the consolidated bandwidth of the individual LAG members.


About the Author
Learning Paths

Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, Azure, GCP), Security, Kubernetes, and Machine Learning.

Jeremy holds professional certifications for AWS, Azure, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).