AWS Direct Connect
AWS Direct Connect is a service that allows customers to establish a dedicated network connection from their on-premises data center to their environments with AWS. In many cases, this service can reduce network costs, increase bandwidth throughput, reduce latency, increase security, and provide a more consistent network experience than Internet or IP-VPN connections.
Equinix is an AWS Direct Connect Service Delivery program partner. These partners must meet stricter requirements as a Direct Connect partner and also provide additional features and functionality not offered by other Direct Connect partners. This includes higher speed hosted connections with 1, 2, 5 and 10 Gbps bandwidth options.
AWS Direct Connect Types
Equinix supports the two recommended product types for AWS Direct Connect :
- Dedicated Connections – Available as a dedicated port and cross connectA Cross Connect is a point-to-point cable link between two customers in the same Equinix IBXdata center. With cross connects customers receive a fast, convenient and affordable integration with business partners and service providers within the Equinix digital ecosystem. They also get highly reliable, extremely low-latency communication, system integration and data exchange into the AWS network with bandwidth capability of 1 and 10 Gbps.
- Hosted Connections – Available via the Equinix Cloud Exchange Fabric (ECXF) at bandwidth increments of 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps and 10 Gbps.
Note: AWS recommends customers with workloads sensitive to network congestion use Dedicated Connections or Hosted Connections.
Virtual InterfaceAn interface is a point on a device where data flows in and out. The virtual device is like a physical device because it has some amount of interfaces that allow it to transmit and receive data from the outside world. This can be in the form of an Internet connection, a connection to ECX, a service chain to another virtual device or any other communication. (VIF) is the mechanism for configuring VLAN’s and routing (BGPBorder Gateway Protocol. A standardized exterior gateway protocol designed to exchange routing and reachability information between autonomous systems on the internet) between the customer edge device and the AWS device. There are two kinds of VIF’s; Public and Private.
For more information on AWS DX Virtual Interfaces
Feel free to follow the simple video tutorial of how to order AWS Direct Connect, or read further for a more detailed guide.
Step 1/6: Capture your AWS Account Number
For more information on your AWS Account ID
Step 2/6 Create a Connection
From the success window, you can launch to one the following options:
- Check your inbox for the confirmation email. You receive a second email to let you know when the order is provisioned
- Go to your inventory page to view the connection details and status
- Accept the hosted connection in the AWS Console (Step 3/6 below)
- If you need more details about your connection such as the associated VPC or AWS Device ID, you can get that information on the AWS Management Console under “Direct Connect—Connections”, and highlight a ConnectionConnection is a general term that refers to any solution that results in the ability to pass data from one point to another. Connections can be made with Layer 2 or Layer 3 technology, may involve several parts or components and can be created from the portal or with APIs in a variety of ways. ID for details
- Proceed to your dashboard. To view the current connection state, refresh the browser
Step 3/6: Accept Direct Connect Hosted Connection
Step 4/6: (Optional) Create Redundant Direct Connect Connection
Equinix and Amazon Web Services (AWS) offers customers the ability to achieve highly resilient network connections between Amazon Virtual Private Cloud (Amazon VPC) and their on-premises infrastructure.
To configure redundancy, a second Direct Connect link must be created by repeating the same steps from above. It is recommended that redundancy be created over a second port into the ECX FabricECX Fabric is an advanced interconnection solution that improves performance by providing a direct, private network connection (although not required as redundant Virtual Circuits can be created over the same physical port).
There are different configuration choices available when you provision two dedicated connections:
Active/Active (BGP multipath). Network traffic is load balanced across both connections. If one connection becomes unavailable, all traffic is routed through the other. This is the default configuration.
Active/Passive (failover). One connection is handling traffic, and the other is on standby. If the active connection becomes unavailable, all traffic is routed through the passive connection.
How you configure the connections doesn't affect redundancy, but it does affect the policies that determine how your data is routed over both connections. We recommend that you configure both connections as active. AWS will treat return traffic on those links as Active/Active.
To achieve high availability with AWS Direct Connect, each Virtual Private Gateway (“VGW”) should be configured with connections to multiple Direct Connect locations. For maximum resilience, AWS strongly recommends the following:
- Ensure that each VGW is associated with a private virtual interface on AWS Direct Connect connections at two or more AWS Direct Connect locations.
- Confirm that each private virtual interface advertises the same routes.
- For public virtual interfaces, ensure that you have a public virtual interface on each AWS Direct Connect connection at two or more Direct Connect locations.
- Regularly test your configuration to ensure proper failover between AWS Direct Connect locations.
A complete guide to configuring your connections for High Availability can be found here: https://aws.amazon.com/directconnect/resiliency-recommendation/
Step 5/6: Configure the Z-Side (AWS) BGP Peering
Before you begin, the following parameters are required:
- A new, unused VLAN tag that you select.
- A public or private BGP ASN. If you are using a public ASN, you must own it. If you are using a private ASN, it must be in the 65000 range.
- The network prefixes to advertise. Any advertised prefix must include only your ASN in the BGP AS-PATH.
- The virtual private gateway to connect to. For more information about creating a virtual private gateway, see adding a hardware virtual private gateway to your VPC in the Amazon VPC User Guide.
Under Define Your New Private Virtual Interface, do the following:
- In the Interface Name field, enter a name for the virtual interface.
- In Interface Owner, select the My AWS Account option if the virtual interface is for your AWS account ID.
- In the VGW list, select the virtual gateway to connect to.
- The VLAN # field will already be filled in and grayed out.
- To have AWS generate your router IP address and Amazon IP address, select Auto-generate peer IPs.
- To specify these IP addresses yourself, clear the Auto-generate peer IPs check box, and then in the Your router peer IP field, enter the destination IPv4Version 4 of the IP protocol providing 32-bit addresses. For standards reference, please see http://www.ietf.org/ rfc/rfc791.txt CIDR address that Amazon should send traffic to. In the Amazon router peer IP field, enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services.
- In the BGP ASN field, enter the Border Gateway Protocol (BGP) Autonomous System Number (ASN) of your gateway; for example, a number between 1 and 65534.
- Select Auto-generate BGP key check box to have AWS generate one.
- To provide your own BGP key, clear the Auto-generate BGP key check box, and then in the BGP Authorization KeyThe authorization key typically contains alpha-numeric characters and is a unique identifier authorizing Equinix to provision a connection towards the CSPNote: To Equinix, authorization key is a generic term and is NOT encrypted on ECX. CSPs might use a different name to refer to the same key. For example: Azure ExpressRoute calls the authorization key the “service key” while AWS calls it the “account ID” field, enter your BGP MD5 key.
Note: Public VIF’s are also supported on ECX Fabric
View the Router (BGP) Configuration
In the Virtual Interfaces pane, select a virtual interface, click the arrow to show more details,
Step 6/6: Configure A-Side BGP Peering
Varies depending on vendor of customer device (Cisco, Juniper, etc...)
- Configure physical port with appropriate protocols/tagging
- Configure logical ports (sub-interfaces) with appropriate IP addresses and VLAN tags
- Configure BGP peering
Configure physical port with appropriate protocols/tagging
Configure logical ports (sub-interfaces) with appropriate IP addresses and VLAN tags
Configure BGP Peering