1. Home
  2. Training Library
  3. Designing Network & Data Transfer solutions in AWS - Level 2

AWS Direct Connect Concepts

Contents

keyboard_tab
Data Transfers with AWS DataSync
1
Amazon S3
Running Operations with the Snow Family
8
Amazon Kinesis
Amazon CloudFront Design Patterns

The course is part of this learning path

Instructor: David Ball

AWS Direct Connect Concepts


Direct Connect Architecture

AWS Direct Connect provides an organization a low latency and high-speed connection to AWS services by bypassing the public internet to establish a dedicated connection from your location into AWS.  However, I must be clear on this point.  AWS Direct Connect is NOT a service by which AWS assumes the entire responsibility for the installation and management of the required physical network connectivity from an AWS region to your location. 

After ordering an AWS Direct Connect, an AWS representative will not quickly appear at your location with a fiber cable that is connected to the desired AWS region and ready to be plugged into your network infrastructure.  When ordering a Direct Connect, what you’re actually ordering is access to a 1GB, 10GB, or 100GB network port at a Direct Connect location.  AWS then authorizes the customer to connect to that port. 

The customer then works with a communications or networking partner to make the connection to the Direct Connect port from their data center.  Unlike a VPN connection, Direct Connect requires physical connectivity to a specific DX location and it could take weeks, or even months, to run the required cabling between the DX location and the customer data center.  With that said, let’s get an overview of AWS Direct Connect architecture.

An AWS Direct Connect typically involves three entities:

  1.       The Business Location / The On-Prem Data Center
  2.       This represents the customers data center in which houses the customer-managed router or firewall to be used in connecting to AWS via Direct Connect.
  3.       The AWS Region
  4.       The AWS region contains resources that a customer wishes to access via the Direct Connect.  Once connectivity is established, a customer will create virtual interfaces, or VIFs, to gain access to AWS services via Direct Connect.   VIFs, as well as advanced Direct Connect connection options, will be discussed in greater detail in a separate course.
  5.       The Direct Connect (DX) location / DX Partner
  6.       The DX location is usually a large regional colocation facility in which AWS rents space.  Within its space, AWS has deployed some number of AWS-managed routers which are used as the endpoints of the DX service.
  7.       To connect to the authorized DX port, a customer can rent space within this colocation facility to install their own routers OR to avoid deploying equipment within this colo, the customer can connect to the AWS DX port using routers provided by a DX partner

Items to note in regard to connectivity:

  • The customer is responsible for establishing and managing the required networking from their site to the DX Location.

  •  AWS is responsible for establishing and managing the required networking from AWS to the DX Location.

  • Within the DX Location, the Colo Staff/DX Partners are responsible for the cross-connect which connects the customer or partner-owned router to the AWS authorized Direct Connect port.

altImage from https://docs.aws.amazon.com/directconnect/latest/UserGuide/images/direct-connect-overview.png

AWS Direct Connect Prerequisites

One can easily establish a VPN connection to AWS from their business location with virtually any router or firewall.  AWS Direct Connect however, has specific needs that must be evaluated prior to ordering.   Here is a list of conditions a customer network MUST meet prior to ordering a Direct Connect….and for you to remember prior taking an AWS exam:

  • Direct Connect requires the use of single-mode fiber and specific transceivers based on connection speed:

    • 1GB - 1000BASE-LX (1310 nm)
    • 10GB - 10GBASE-LR (1310 nm)
    • 100GB - 100GBASE-LR4

  • Though there are some Direct Connect endpoints which require auto-negotiation for a port to be enabled or disabled for 1 Gbps connections, auto-negotiation MUST be disabled for ports supporting 10 and/or 100 Gbps port speeds.  The port speed and full duplex mode must be manually set for the port(s) used for AWS Direct Connect.

  • AWS Direct Connect only supports 802.1Q VLAN encapsulation, thus every device across the entire Direct Connect connection must also support 802.1Q VLAN encapsulation.

  • The customer router serving as the Direct Connect termination point must support Border Gateway Protocol (BGP) and BGP MD5 authentication.

Though the preceding list constitutes the mandatory requirements to support an AWS Direct Connect, lets also consider the following:

  • Asynchronous Bidirectional Forwarding Detection (BFD), a network protocol that is used to detect network failures, is automatically enabled for AWS Direct Connect virtual interfaces, but does not take effect until it is configured on the customer network.

  • AWS Direct Connect supports both IPv4 and IPv6.

  • AWS Direct Connect supports an Ethernet frame size of 1522 or 9023 bytes.  Ensure that all equipment, across the entire Direct Connect connection, supports the frame size you wish to implement.

 

Difficulty
Intermediate
Duration
1h 6m
Description

This course covers the core learning objective to meet the requirements of the 'Designing Network & Data Transfer solutions in AWS - Level 2' skill

Learning Objectives:

  • Understand the most appropriate AWS connectivity options to meet performance demands
  • Understand the appropriate features and services to enhance and optimize connectivity to AWS public services such as Amazon S3 or Amazon DynamoDB.
  • Understand the appropriate AWS data transfer service for migration and/or ingestion
  • Apply an edge caching strategy to provide performance benefits for AWS solutions
About the Author
Students
207898
Labs
1
Courses
211
Learning Paths
163

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.