a
AWS Direct Connect

AWS Direct Connect

Improved application performance can be achieved by connecting directly to AWS rather than through a public internet server. Data travelling between your network and AWS can be protected using a variety of encryption mechanisms. AWS’s low data transfer rates can help you save money on your network setup and maintenance costs.

How it works

AWS Direct Connect offers a range of use cases that deliver enhanced performance, security, and cost savings. You can achieve improved application performance by connecting directly to AWS instead of relying on public internet servers. Your data is protected through various encryption mechanisms, ensuring its integrity during transit. Customers can establish a VPN tunnel using a public Virtual Interface (VIF) rather than a typical private VIF when running an IPSec VPN over the top of your DX connection. This setup ensures consistent throughput levels and employs robust encryption algorithms to protect your data. Maintaining a VPN as a backup with a higher BGP priority is recommended for enhanced network resilience, along with enabling Bidirectional Forwarding Detection (BFD) for quicker detection and failover.

An AWS Direct Connect Gateway is a feature that allows you to establish connectivity between your Direct Connect connection and multiple Amazon Virtual Private Clouds (VPCs) either within the same region or across different regions under your AWS account. It is a globally accessible resource, facilitating the connection between your on-premises networks and your Amazon VPCs, excluding the AWS China regions. One of its primary capabilities is enabling the association of up to 10 Amazon VPCs owned by different accounts with a Direct Connect gateway, as long as they are linked to the same AWS payer account ID. This feature enhances network connectivity and allows for more flexibility in managing connections across different VPCs and regions within the AWS environment. Additionally, the Direct Connect Gateway enables the sharing of a private virtual interface across these multiple VPCs, which simplifies the network architecture by reducing the number of BGP sessions required for connectivity. This consolidation of infrastructure not only streamlines management but also enhances overall network efficiency by minimizing the complexity of BGP routing configurations.

With AWS’s low data transfer rates, you can save on network setup and maintenance costs. Your network traffic stays on the AWS global network, reducing the likelihood of bottlenecks or unexpected latency surges. This seamless connectivity allows you to leverage the full potential of AWS resources while maintaining optimal performance.

When creating a new connection, you have the flexibility to choose between an AWS Direct Connect Delivery Partner-hosted or AWS-provided connection. With over 100 AWS Direct Connect locations worldwide, you can deploy your connection at the most convenient location. AWS Direct Connect SiteLink enables you to establish private network connections between your offices and data centers across the globe, facilitating efficient data transfer.

If you don’t have the necessary equipment at an AWS Direct Connect location, AWS Partner Network members can assist you in setting up the connection. APN Technology and Consulting Partners can also provide guidance and support in establishing network connections between AWS Direct Connect sites and your data center, office, or colocation environment.

AWS Direct Connect can be accessed from several different places across the world. Cross-connects from other data centers on the same campus, run by the same provider, can connect to AWS Direct Connect in some campus situations. A standard cross-connect can access AWS Direct Connect at several AWS Direct Connect locations and campus data centers. To achieve high availability and uptime, AWS recommends using several AWS regions. The Associated AWS Region column in the table indicates the default AWS region for your connection. There is no geographical restriction on connecting to any other AWS Region (excluding China) using the Direct Connect Gateway or public Virtual Interfaces provided by AWS (except China). Traffic is delivered directly between the AWS Direct Connect location selected and the destination AWS Region, bypassing the Associated AWS Region when using Direct Connect Gateways or public Virtual Interfaces. Direct connectivity is the term for this type of connection.

Your on-premises infrastructure will save you money and time if you choose the AWS Direct Connect location nearest to you. Ensure that your workloads are located in the AWS region closest to your on-premises infrastructure to obtain the lowest latency and the greatest performance.

If you can’t access the essential equipment at an AWS Direct Connect location, an AWS Partner Network member can help you set up AWS Direct Connect. To acquire access to the AWS Direct Connect service, you may also seek the assistance of APN Technology and Consulting Partners. These APN Partner companies can assist you in setting up network connections between an AWS Direct Connect site and your data center, office, or colocation environment.

AWS Direct Connect offers speeds ranging from 50 Mbps to 100 Gbps so that you can pick the right one. You can improve communications security using encryption technologies between your data centers, branch offices, or colocation sites. IEEE 802.1AE point-to-point encryption (MACsec) is offered in some locations to protect your 10 Gbps and 100 Gbps connections. Secure connections between AWS instances using IPsec can be made through AWS Site-to-Site VPN (IP security). AWS Direct Connect can establish An end-to-end network link between the many data centers and colocation facilities that comprise your global network. Using the AWS Management Console, the WS Command Line Interface (CLI), or AWS APIs, you can enable or disable SiteLink capabilities after you’ve created connections with at least two different AWS Direct Connect data centers. A worldwide, dependable, and private network can be accessed in a few minutes. One, 10, or 100 Gbps Ethernet port is used to connect to AWS via dedicated connections. There are AWS Direct Connect Partners that enable Hosted access using existing network connections between themselves and Amazon Web Services (AWS). Various connection types and speeds range from 50 Mbps to 10 Gbps.

 

Connecting On-Premises Environments to the AWS Cloud

Several key tools, technologies, and services are crucial in bridging your on-premises environments with the AWS Cloud. These solutions ensure seamless connectivity, high availability, and secure data transfer.

Core Connectivity Solutions

AWS Direct Connect: This is a high-speed, dedicated network connection from your premises to AWS. It offers consistent, low-latency performance essential for large-scale deployments and real-time applications.

VPN Connections: AWS supports both site-to-site and client VPN solutions. Site-to-site VPNs are ideal for linking entire networks, while client VPNs connect individual devices securely to the AWS Cloud.

Supporting Technologies

AWS Transit Gateway: This service simplifies network architecture by acting as a central hub, allowing for easier management and routing of traffic between VPCs and on-premises resources.

Border Gateway Protocol (BGP): BGP routes data through Direct Connect links and ensures efficient and reliable path selection between your network and AWS.

AWS PrivateLink: Facilitates secure connectivity to AWS services from within your VPC without exposing traffic to the public internet.

Layered Security Services

AWS Identity and Access Management (IAM): Controls access to your cloud resources, ensuring only authorized users and applications can connect.

AWS Shield: Protects against DDoS attacks, safeguarding your Direct Connect links and VPN connections.

 

Pricing

Cloud service AWS Direct Connect links your network to AWS directly, allowing you to experience uninterrupted, high performance throughout your entire network. As long as you are using AWS Direct Connect, there is no minimum charge. You can stop using the service at any time, and it’s completely free of charge. Services provided by your AWS Direct Connect Delivery Partners or another local service provider may be subject to additional agreements.

Components of the pricing structure

Prices for AWS connectivity are determined by capacity, port hours, and the amount of data transferred out, in that order, in any AWS Region (such as an Amazon Virtual Private Cloud or an AWS Transit Gateway) (DTO).

Capacity: The capacity of a network link refers to the maximum data transfer rate possible over that connection. Regarding AWS Direct Connect connection capacity, you can choose between Mbps and Gbps (gigabits per second) (1,000 Mbps). The capacity choice impacts the volume of data that can be handled, influencing both performance and cost.

Port Hours: An AWS Direct Connect Delivery Partner’s or an AWS Direct Connect Networking Equipment’s “port hours” are measured when a port is allocated for your use. Whether or not data is being sent through the port, you will be charged for the time the port is accessible. This fee is consistent even if the data transfer rates are not maximized during the port hours.

Hosted connections: An AWS Direct Connect Delivery Partner provides you with logical connections that are “hosted” on their behalf. Hosted connections allow you to connect to the AWS network through a port given by the hosting company. You can get a hosted connection by contacting an AWS Direct Connect Delivery Partner in person.

Data transfer out: This refers to the total network traffic moved outside the AWS infrastructure, which is charged per gigabyte. The pricing for data transfer varies based on the AWS Region and Direct Connect location utilized. Specifically, ‘Data Transfer Out’ (DTO) encompasses the cumulative network traffic sent through AWS Direct Connect to destinations outside AWS. Each gigabyte of data transferred out is priced differently depending on the AWS Region or Local Zone and the AWS Direct Connect location you use.

Data transfer in: Network traffic sent into AWS from outside over AWS Direct Connect is another critical aspect. Unlike data transfer out, data transfer is charged at $0.00 per GB in all locations, making it highly cost-effective for users. This fee structure encourages using AWS Direct Connect for incoming data without the concern of additional costs.

The next steps are only necessary when you have determined that your connectivity scenario will either be “Present at an AWS Direct Connect site” or “Connect from your premises.”

  • Before proceeding, make sure you have selected an AWS Direct Connect location and determined the desired number of connections and port size. Using multiple ports simultaneously can enhance bandwidth and offer redundancy.
  • Log into the AWS Management Console to initiate your connection request(s). Once your request is confirmed, you can request a cross-connect to AWS Direct Connect via the AWS Management Console. You will receive your Letter of Authorization – Connecting Facility Assignment (LOA-CFA) through the console at this stage.
  • If you are connecting from your location, you can engage with a network carrier or select an APN Partner that supports Direct Connect. Provide the LOA-CFA to your chosen APN Partner or service provider, who will configure the connection based on the information provided.
  • If you are connecting from your location, you can collaborate with a network carrier of your choice or with an APN Partner that supports Direct Connect.
  • You should give the LOA-CFA to either an APN Partner or your service provider, and they will set up the connection for you based on the information you provide.
  • After the connection, you can use the AWS Management Console to configure one or more virtual interfaces to set up network communication between the two instances. This will allow the instances to share resources. Each AWS Direct Connect connection can be configured with one or more virtual interfaces (VIFs). Public VIFs allow access to S3, EC2, and DynamoDB services, while private VIFs allow access to your VPC. Public IP addresses must be used on public VIFs, and private IP addresses must be used on private VIFs.

 

 

Things to Remember:

  • Amazon Web Services (AWS) does not handle cross-connections. To establish a dedicated physical connection to an AWS Direct Connect site, you must submit the Letter of Authorization—Connecting Facility Assignment (LOA-CFA) to your AWS Direct Connect partner.
  • Because of the AWS Service Delivery Program, AWS Direct Connect partners have passed further scrutiny and are ready to assist you in acquiring access to the service.
  • Whether you hired a non-partner network provider or contracted directly with the facilities provider to seek the cross-connect depends on whether you required them to contract with the facilities provider on your behalf.
  • The facilities provider must be contacted to execute the cross-connect if you already have equipment at the AWS Direct Connect site. AWS equipment is held in a cage that is only accessible to AWS customers at an AWS Direct Connect site. Cross connections connect several components of a facility to one another. The AWS cage can only contain AWS equipment as a security precaution.
  • Manage the AWS GovCloud (US) ports with the AWS GovCloud (US) administration console (US).