4_Connecting to Your Remote Network With Direct Connect

AWS Direct Connect

Overview

• AWS Direct Connect enables connecting an on-premises network to Amazon Virtual Private Cloud (VPC) using dedicated, private network connections.
• It utilizes Virtual Local Area Networks (VLANs) to extend the private network to include AWS resources.
• Direct Connect offers increased bandwidth and a more consistent network experience compared to internet-based connections.

Use Cases

• Hybrid environments: Accessing on-premises databases and AWS cloud resources.
• Large datasets: Transferring large datasets that might compete with internet bandwidth.
• Applications requiring predictable network performance: Ensuring consistent performance for latency-sensitive applications.
• Security and compliance: Meeting security and compliance requirements that necessitate a dedicated private network connection.

Connection Types

• Dedicated Connections: A physical cable is provisioned for the exclusive use of the customer.
• Hosted Connections: A physical cable is provisioned by a Direct Connect partner and shared with the customer.

Virtual Interfaces

• Public Virtual Interface: Provides access to public AWS services, such as Amazon S3.
• Private Virtual Interface: Offers access to a VPC by using a virtual private gateway.
• Transit Virtual Interface: Provides access to a VPC by using a transit gateway.

Direct Connect and Transit Gateway

• Direct Connect can connect to an AWS Transit Gateway to streamline routing between the on-premises network and multiple VPCs.
• The Transit Gateway has a Transit Gateway Direct Connect attachment pointing to a Direct Connect Gateway.
• Multiple Transit Gateways can be connected using a Direct Connect Gateway.
• A transit virtual interface is used for communication between the Direct Connect location and the Direct Connect Gateway.

High Availability

• Achieve high availability by coupling one or more Direct Connect connections with a lower-cost backup Virtual Private Network (VPN) connection.
• Use dynamically routed connections, with Direct Connect as the primary connection and a VPN as a backup.
• This allows choosing the primary network path and network provider for AWS traffic, with the option to use a different provider for the backup VPN connection.

High Resiliency

• For critical production workloads, AWS recommends having connections at multiple locations to ensure resilience against connectivity failures.
• Physical location redundancy is key to a well-architected system.

Key Takeaways

• Direct Connect is a dedicated private VLAN connection that extends an on-premises network to include AWS resources.
• Three types of virtual interfaces: public, private, and transit virtual interfaces.
• Network High Availability: Use Direct Connect as a primary connection and VPN as a backup.
• Network High Resiliency: Connect from multiple on-premises networks to AWS using multiple Direct Connect locations.