Nic Acton
  • My Gitbook
  • My Favorite Things
    • Podcasts
    • Newsletters
  • Monthly Summaries
    • May 2019
    • June 2019
  • Cloud Computing
    • Cloud Concepts
    • AWS
      • Certified Solutions Architect
      • Well Architected Framework
        • Operational Excellence
        • Reliability
        • Performance Efficiency
        • Cost Optimization
        • Security
      • Analytics
        • Elasticsearch Service
        • Kinesis
        • Elastic MapReduce (EMR)
      • Compute Services
        • Elastic Beanstalk
        • Elastic Container Service (ECS)
      • Deployment
        • CloudFormation
      • Application Services
        • Key Management Service (KMS)
        • Simple Queue Service (SQS)
        • API Gateway
        • Simple Work Flow (SWF)
        • Amazon MQ
        • Simple Notification Service (SNS)
      • Simple Storage Service (S3)
        • Macie
      • Databases
        • RDS
        • DynamoDB
        • ElastiCache
        • Neptune
        • Redshift
      • Cloudfront
      • IAM
      • Monitoring
        • Trusted Advisor
        • Amazon Inspector
        • AWS Config
        • AWS Shield
        • CloudWatch
          • VPC Flow Logs
        • CloudTrail
        • Guard Duty
      • Route53
      • Serverless Architectures
        • Lambda
      • VPC
        • Highly Available & Fault Tolerant VPCs
        • Hybrid Environments
          • VPC Peering
          • Direct Connect
        • Cloud HSM
    • GCP
    • Azure
    • HashiCorp
    • Red Hat
      • RHEL
        • Basics
        • Grep & Regex
        • SSH
      • Ansible
    • Tutorials/Guides
      • Linux
        • Admin
  • Software Engineering
    • Machine Learning
      • Deep Learning
        • Tensorflow
      • Training and Loss
    • Programming
      • APIs
    • Security
    • Web Development
      • OSI 7 Layer Model
    • Tutorials/Guides
      • Apache Server
    • Virtualization
      • Virtual Machines
      • Containers
      • Serverless
  • Fitness
    • Nutrition
      • Diets
      • Macronutrients
      • Supplements
      • Miscellaneous
    • Strength Training
    • BodyBuilding
  • Miscellaneous
    • Technology Ethics
      • Education
    • Interesting Concepts
      • Libertarian Paternalism
Powered by GitBook
On this page
  • Essentials
  • Benefits
  • Private Virtual Interface
  • Public Virtual Interface
  • Direct Connect Gateway

Was this helpful?

  1. Cloud Computing
  2. AWS
  3. VPC
  4. Hybrid Environments

Direct Connect

Customer WAN directly connected to AWS, more direct route than multiple Internet hops.

Essentials

  • A service that provides a dedicated network connection between your network and one of the AWS Direct Connect locations

  • This is done through an authorized Direct Connect Provider (Verizon, other ISPs)

    • 1 Gbps or 10 Gbps

  • An AWS Direct Connect location provides ability to access VPCs in the AWS region it is associated with.

  • Access to Public Service Endpoints

Benefits

  • Reduced network costs:

    • Reduce bandwidth commitment to corporate ISP over public Internet

    • Data transferred over direct connect is billed at a lower rate by Amazon (in/out)

  • Increased network consistency

    • Dedicated private connections reduce latency (over sending the traffic via public routing)

  • Dedicated private network connection to on-premise:

    • Connect the direct connection to a VGW in your VPC for a dedicated private connection from on-premise to VPC

    • Use multiple VIF (Virtual Interfaces) to connect to multiple VPCs.

Private Virtual Interface

  • Allows you to interface with an AWS VPC

    • With automatic route discovery using BGP

    • Requires a public or private ASN number

  • Can only communicate with internal IP address inside of EC2

  • Cannot access public IP addresses, as Direct Connect is NOT an ISP

  • This is a dedicated private connection which works like a VPN

  • For best practice, use two Direct Connect connections for active-active or active-failover availability

  • You can also use VPN as a backup to direct connect connections

  • You can create multiple private virtual interfaces to multiple VPCs at the same time

Public Virtual Interface

  • Allows you to use Direct Connect to connect to public AWS endpoints:

    • Any AWS Service (DynamoDB, S3, etc)

  • Connection maintains consistent traffic consistency as it is sent over dedicated network

  • Access public services in any region

Direct Connect Gateway

  • Connect to any VPCs in your account in ANY region (except China)

  • VPCs cannot have overlapping CIDR blocks

    • Similar to VPC peering requirements

  • Communication traverses AWS network, bypass ISP

  • Better latency and uptimes

PreviousVPC PeeringNextCloud HSM

Last updated 6 years ago

Was this helpful?