AWS Direct Connect - How do we get there?

In this blog we will discuss how enterprises connect their infrastructure to AWS using Direct Connect.

What is AWS Direct Connect?

AWS Direct is a service/design on ramp solution that provides secure and fast connectivity to AWS. There are multiple methods of connecting to AWS including VPN and public access.

Benefits of AWS Direct Connect

AWS Direct Connect Architecture is quickly becoming the choice of enterprises when connecting to the cloud.

There are multiple major benefits when utilising Direct Connect vs VPN. This includes the following:

Low Latency – Connectivity to your AWS Direct Connect location would utilise a private layer 2 or layer 3 service such as VPWS or MPLS. This provides much less latency than a VPN across the public internet would.

High Bandwidth – Throughput is another reason why AWS Direct Connect is preferred over VPNs. Currently AWS has a 1.25Gbps limit on IPSEC tunnels, with an announcement of supporting 5Gpbs tunnels in the future. This is dwarfed by AWS Direct Connect cross connects which can be 400Gbps per port.

Quality of Service – Cause Direct Connect will be traversing a service provider network, various QOS and shaping policies can be applied for your traffic. This cannot be done on the public internet when using VPN’s.

Redundancy – Multiple paths maybe established to your co-location gateway, utilising multiple service providers. BGP can be used to steer your preferred path. Again, with VPN’s going over the public internet. You had no control of the path your traffic to AWS takes.

How do we connect to AWS Direct Connect?

Now that we have gone through the benefits of the service, we should explain how we get there.

AWS is currently the largest cloud provider and hypers scaler on the planet. Naturarly because of this they have point of presence (POP) in various co-location facilities around the globe. These are known as a AWS Direct Connect location. Amazon have very high standards so will only provision an AWS Direct Connect location in a tier 3 or 4 data centre. For this blog, we will choose Equinix’s fabric to achieve this. See how we at Network Revived accomplished this for one of our customers

Co-location cross-connect

Equinix’s Software Defined Network Fabric allows enterprises to connect to AWS Direct Connect Architecture. Typically for redundancy, enterprises will purchase a virtual router in two different Equinix co-locations what are also AWS Direct Connect locations. Each virtual router will then connect the Equinix fabric. This fabric will then provide a cross connect into AWS architecture. Speeds of 400Gbps are currently on offer at select locations. AWS Direct Connect encryption is also supported on the cross connects. Typically MACsec would be used on the layer2 links.

On-Ramp Connectivity

Now we need to get our traffic from our on-premise data centre to our virtual routers at our co-location facilities. Many major ISP’s have partnerships with Equinix which enables them to terminate their service. There are many technologies what can be used to achieve this. But most frequently used for AWS Direct Connect is MPLS. MPLS L3VPN’s will uses BGP so this makes sense when we want to exchange routes between our data centre and our AWS Transit Gateway. Other alternatives instead of MPLS is a layer2 service such as VPWS which will allow AWS Direct Connect encryption using MACsec.

We have now gone through the recommended AWS Direct Connect architecture using Equinix Fabric. Watch out for our future blogs and guides on Mega port.