Direct Connect

Customer WAN directly connected to AWS, more direct route than multiple Internet hops.

Essentials

  • A service that provides a dedicated network connection between your network and one of the AWS Direct Connect locations

  • This is done through an authorized Direct Connect Provider (Verizon, other ISPs)

    • 1 Gbps or 10 Gbps

  • An AWS Direct Connect location provides ability to access VPCs in the AWS region it is associated with.

  • Access to Public Service Endpoints

Benefits

  • Reduced network costs:

    • Reduce bandwidth commitment to corporate ISP over public Internet

    • Data transferred over direct connect is billed at a lower rate by Amazon (in/out)

  • Increased network consistency

    • Dedicated private connections reduce latency (over sending the traffic via public routing)

  • Dedicated private network connection to on-premise:

    • Connect the direct connection to a VGW in your VPC for a dedicated private connection from on-premise to VPC

    • Use multiple VIF (Virtual Interfaces) to connect to multiple VPCs.

Private Virtual Interface

  • Allows you to interface with an AWS VPC

    • With automatic route discovery using BGP

    • Requires a public or private ASN number

  • Can only communicate with internal IP address inside of EC2

  • Cannot access public IP addresses, as Direct Connect is NOT an ISP

  • This is a dedicated private connection which works like a VPN

  • For best practice, use two Direct Connect connections for active-active or active-failover availability

  • You can also use VPN as a backup to direct connect connections

  • You can create multiple private virtual interfaces to multiple VPCs at the same time

Public Virtual Interface

  • Allows you to use Direct Connect to connect to public AWS endpoints:

    • Any AWS Service (DynamoDB, S3, etc)

  • Connection maintains consistent traffic consistency as it is sent over dedicated network

  • Access public services in any region

Direct Connect Gateway

  • Connect to any VPCs in your account in ANY region (except China)

  • VPCs cannot have overlapping CIDR blocks

    • Similar to VPC peering requirements

  • Communication traverses AWS network, bypass ISP

  • Better latency and uptimes

Last updated

Was this helpful?