CR

4_Connecting to Your Remote Network With Direct Connect

AWS Direct Connect

Overview

  • AWS Direct Connect enables connecting an on-premises network to Amazon Virtual Private Cloud (VPC) using dedicated, private network connections.
  • It utilizes Virtual Local Area Networks (VLANs) to extend the private network to include AWS resources.
  • Direct Connect offers increased bandwidth and a more consistent network experience compared to internet-based connections.

Use Cases

  • Hybrid environments: Accessing on-premises databases and AWS cloud resources.
  • Large datasets: Transferring large datasets that might compete with internet bandwidth.
  • Applications requiring predictable network performance: Ensuring consistent performance for latency-sensitive applications.
  • Security and compliance: Meeting security and compliance requirements that necessitate a dedicated private network connection.

Connection Types

  • Dedicated Connections: A physical cable is provisioned for the exclusive use of the customer.
  • Hosted Connections: A physical cable is provisioned by a Direct Connect partner and shared with the customer.

Virtual Interfaces

  • Public Virtual Interface: Provides access to public AWS services, such as Amazon S3.
  • Private Virtual Interface: Offers access to a VPC by using a virtual private gateway.
  • Transit Virtual Interface: Provides access to a VPC by using a transit gateway.

Direct Connect and Transit Gateway

  • Direct Connect can connect to an AWS Transit Gateway to streamline routing between the on-premises network and multiple VPCs.
  • The Transit Gateway has a Transit Gateway Direct Connect attachment pointing to a Direct Connect Gateway.
  • Multiple Transit Gateways can be connected using a Direct Connect Gateway.
  • A transit virtual interface is used for communication between the Direct Connect location and the Direct Connect Gateway.

High Availability

  • Achieve high availability by coupling one or more Direct Connect connections with a lower-cost backup Virtual Private Network (VPN) connection.
  • Use dynamically routed connections, with Direct Connect as the primary connection and a VPN as a backup.
  • This allows choosing the primary network path and network provider for AWS traffic, with the option to use a different provider for the backup VPN connection.

High Resiliency

  • For critical production workloads, AWS recommends having connections at multiple locations to ensure resilience against connectivity failures.
  • Physical location redundancy is key to a well-architected system.

Key Takeaways

  • Direct Connect is a dedicated private VLAN connection that extends an on-premises network to include AWS resources.
  • Three types of virtual interfaces: public, private, and transit virtual interfaces.
  • Network High Availability: Use Direct Connect as a primary connection and VPN as a backup.
  • Network High Resiliency: Connect from multiple on-premises networks to AWS using multiple Direct Connect locations.