AWS Direct Connect Concepts


Data Transfers with AWS DataSync
Amazon S3
Running Operations with the Snow Family
Amazon Kinesis
Amazon CloudFront Design Patterns
Understanding Direct Connect
Why Direct Connect?
5m 25s

The course is part of this learning path

Start course
1h 30m

This course covers the core learning objective to meet the requirements of the 'Designing Network & Data Transfer solutions in AWS - Level 2' skill

Learning Objectives:

  • Understand the most appropriate AWS connectivity options to meet performance demands
  • Understand the appropriate features and services to enhance and optimize connectivity to AWS public services such as Amazon S3 or Amazon DynamoDB.
  • Understand the appropriate AWS data transfer service for migration and/or ingestion
  • Apply an edge caching strategy to provide performance benefits for AWS solutions

AWS Direct Connect provides an organization a low latency and high-speed connection to AWS services by bypassing the public Internet to establish a dedicated connection from your location into AWS. However, I must be clear on this point. AWS Direct Connect is not a service by which AWS assumes the entire responsibility for the installation and management of the required physical network connectivity from an AWS region to your location. After ordering an AWS Direct Connect, an AWS representative will not quickly appear at your location with a fiber cable that is connected to the desired AWS region and ready to be plugged into your network infrastructure. When ordering a Direct Connect, what you're actually ordering is access to a 1 Gbps, 10 Gbps, or 100 Gbps network port at a Direct Connect or DX location. AWS then authorizes the customer to connect to that port.

The customer then works with their communications or networking partner to make the connection to the Direct Connect port from their data center. Unlike a VPN connection, Direct Connect requires physical connectivity to a specific DX location and it could take weeks or even months to run the required cabling between the DX location and the customer data center. With that said, let's get an overview of AWS Direct Connect architecture. An AWS Direct Connect typically involves three entities. 

One, the business location. This represents the customer's data center which contains the customer-managed router or firewall to be used in connecting to AWS via Direct Connect. Two, the AWS region. The AWS region contains resources that a customer wishes to access via the Direct Connect. Once connectivity is established, a customer will create virtual interfaces or VIs to gain access to AWS services via Direct Connect. VIs, as well as advanced Direct Connect connection options, will be discussed in greater detail in a separate course. Three, the Direct Connect or DX location.

The DX location is usually a large regional colocation facility in which AWS rents space. Within its space, AWS has deployed some number of AWS-managed routers which are used as the endpoints of the DX service. To connect to the authorized DX port, a customer can rent space within this colocation facility to install their own routers. Or to avoid deploying equipment within this colocation facility, the customer can connect to the AWS DX port using routers provided by a DX partner. 

There are a few items to note in regard to connectivity. First, the customer is responsible for establishing and managing the required networking from their business location to the DX location. Second, AWS is responsible for establishing and managing the required networking from AWS to the DX location. Third, within the DX location, the colo staff or the DX partners are responsible for the cross-connect which connects the customer or partner-owned router to the AWS authorized Direct Connect port. Let's talk about AWS Direct Connect Prerequisites.

One can easily establish a VPN connection to AWS from their business location with virtually any router or firewall. AWS Direct Connect, however, has specific needs that must be evaluated prior to ordering. Let me give you a list of conditions a customer network must meet prior to ordering a Direct Connect, and for you to remember, prior to taking an AWS exam. One, Direct Connect requires the use of single-mode fiber and specific transceivers based on the connection speed. A 1 GB Direct Connect must use a 1000 base LX transceiver. A 10 GB Direct Connect must use a 10 GBASE-LR transceiver. A 100 GB connection must use a 100 GBASE-LR4 transceiver. Two, though there are some Direct Connect endpoints which require auto-negotiation for a port to be enabled or disabled for 1 GB connections, auto-negotiation must be disabled for ports supporting 10 and/or 100 GB port's speeds.

The port's speed and full duplex mode must be manually set for the ports used for AWS Direct Connect. Three, AWS Direct Connect only supports 802.1Q VLAN encapsulation, thus every device across the entire Direct Connect connection must also support 802.1Q VLAN encapsulation. And four, the customer router serving as the Direct Connect termination point must support Border Gateway Protocol, BGP, and BGP MD5 authentication. 

Though the proceeding list constituted the mandatory requirements to support an AWS Direct Connect, also consider the following points. Asynchronous Bidirectional Forwarding Detection, or BFD, a network protocol that is used to detect network failures, is automatically enabled for AWS Direct Connect virtual interfaces, but it does not take effect until it is configured on the customer network. Also, AWS Direct Connect supports both IP version 4 and IP version 6.

And finally, AWS Direct Connect supports an ethernet frame size of 1,522 or 9,023 bytes. Ensure that all equipment across the entire Direct Connect connection supports the frame size that you wish to implement.


About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.