Chat Zalo Chat Messenger Phone Number Đăng nhập
AWS Direct Connect Cheat Sheet - Tutorials Dojo
Blogs

AWS Direct Connect Cheat Sheet – Tutorials Dojo

Follow Saigon Techsoluionts

AWS Direct Connect

Reference

  • Sheet With Direct Connect, data can now be delivered over a private network connection between AWS and your data center or corporate network.

    • Direct Connect

  • links your internal network to a Direct Connect location via a standard Ethernet fiber optic cable. One end of the cable is connected to the router and the other to a Direct Connect router. With this connection, you can create virtual interfaces directly in AWS public services or in Amazon VPC.

    • 1 Gbps, 10 Gbps,

  • and 100 Gbps connections are available.

    • Supports hosted connection capacities of 1, 2, 5, and 10 Gbps.

  • Hosted connections of 1, 2, 5 and 10 Gbps will provide customers with greater capabilities that were previously only available through dedicated

    • connections.

  • Amazon Direct Connect also supports AWS Transit Gateway, in addition to configuring site-to-site VPN connections. With this feature, customers can connect thousands of Amazon VPCs in multiple AWS Regions to their on-premises networks using 1/2/5/10 Gbps AWS Direct Connect connections.

AWS Training AWS Direct Connect

Beneficial Use Cases

    • When transferring large data sets

      • .

    • When developing and using applications that use real-time data sources.
    • By building hybrid environments that meet regulatory requirements that require the use of private connectivity.

Configuring methods Port speed

Method

of

1 Gbps or higher Connect directly to an AWS device from your router in an AWS

Direct Connect location.

1 Gbps or higher

Work with an AWS Partner Network Partner

or

Network Provider to connect a router from your data center, office or colocation environment to an AWS Direct Connect location. Your network provider does not have to be an APN member to connect to it.

Less than 1 Gbps

Work with an AWS Partner Network partner who can create a hosted connection for you. Sign up for AWS and then follow the instructions to accept the hosted connection.

Component connections

: Create a connection in an AWS

    • Direct Connect location to establish a network connection from your premises to an AWS Region. From Direct Connect you can connect to all Availability Zones in your region.
    • Virtual Interfaces – Create a virtual interface to allow access to AWS services. A public virtual interface allows access to public services, such as S3. A private virtual interface allows access to your VPC.
  • To access public resources in a remote region, you must configure a public virtual interface and establish a border gateway protocol session.
  • You can create a Direct Connect gateway in any public region. Use it to connect your Direct Connect connection through a private virtual interface to your account’s VPCs that are in different regions.
  • To provide failover, request and configure two dedicated connections to AWS. These connections can terminate at one or two routers on the network. There are different configuration options available:Active
    • /Active (BGP multipath) – This is the default setting, where both connections are active. If one connection becomes unavailable, all traffic is routed through the other connection.
    • Active/Passive (failover): One connection handles traffic and the other is on standby. If the active connection becomes unavailable, all traffic is routed through the passive connection.
  • Autonomous System Numbers (ASNs) are used to identify networks that have a clearly defined external routing policy to the Internet.

Cross-connections

    • After you download your Connection Installation Authorization and Assignment Letter (LOA-CFA), you must complete your cross-network connection, also known as cross-connecting. If you already have a computer located in a Direct Connect location, contact the appropriate vendor to complete the cross-connection.
    • If you don’t already have computers located in a Direct Connect location, you can work with one of the AWS Partner Network Partners to help you connect to an AWS Direct Connect location.

Virtual

interfaces You

    • must create a virtual interface to start using the

      • Direct Connect connection.

    • You can configure multiple virtual interfaces on a single AWS Direct Connect connection. For private virtual
      • interfaces, you need a private virtual interface for each VPC to connect to from the AWS Direct Connect connection, or you can use an AWS Direct Connect gateway.
    • Prerequisite connection
      • : The Direct Connect connection or link aggregation group for which you are creating the virtual interface.

        • Virtual Interface Name: A

      • name for

        • the virtual interface.

      • Virtual interface owner
      • (private virtual interface only) VLAN

        • connection:

      • A unique virtual local area network tag that is not yet in use on your connection

        • .

      • Address family: Whether the BGP peering session will be over IPv4 or IPv6.
      • Peer IP addresses: A virtual interface can support a BGP peering session for IPv4, IPv6, or one of each (dual stack). You cannot create multiple BGP sessions for the same IP address family on the same virtual interface

        • BGP information:

      • A public or private border gateway protocol standalone system number for your side of the BGP session and an MD5 BGP authentication key.
      • (Public Virtual Interface only) Prefixes you want to advertise: Public IPv4 routes or IPv6 routes to advertise over BGP. You must advertise at least one prefix using BGP.
    • The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the largest packet allowed that can be passed over the connection. The MTU of a virtual private interface can be 1500 or 9001 (jumbo frames). The MTU of a transit virtual interface for VPC transit gateways associated with Direct Connect gateways can be 1500 or 8500 (jumbo frames). A public virtual interface does not support jumbo frames.
    • Jumbo frames support virtual private interfaces connected to a virtual private gateway or a Direct Connect gateway. Jumbo frames apply only to routes propagated from Direct Connect.

Link

Aggregation Groups (LAGs)

    • A logical interface that uses the Link Aggregation Control protocol to aggregate multiple connections on a single Direct Connect endpoint, allowing you to treat them as a single managed connection

      • .

    • All GAL connections must use the same bandwidth.
    • You can have a maximum of four connections in a LAG. Each connection in the LAG counts towards your overall connection limit for the Region.
    • All LAG connections must terminate at the same Direct Connect endpoint.
    • You can add up to 4 direct-connect ports in a single connection using LAG.
    • All connections in a LAG operate in Active/Active mode.
    • It will only be available for dedicated 1G and 10G connections.

Direct Connect

Gateways

Use a Direct Connect gateway to connect your Direct Connect

    • connection through a private virtual interface to one or more VPCs in your account that are in the same or different regions

      • .

    • It is a globally available resource.
    • The Direct Connect gateway also allows you to connect between your on-premises networks and Amazon Virtual Private Cloud (Amazon VPC) in any commercial region of AWS, except in the China Regions.
    • Prior to multi-account support, you could only associate Amazon VPC with one Direct Connect gateway in the same AWS account. With the release of multi-account support for your Direct Connect gateway, you can associate up to 10 multi-account Amazon VPCs with a Direct Connect gateway. VPCs must be owned by AWS accounts that belong to the same AWS payer account ID.

AWS Direct Connect Security

    • Use IAM to control access

.

Monitoring AWS

Direct

    • Connect Optionally, you can assign tags to your Direct Connect resources for categorization or management. A tag consists of a key and an optional value, both defined.
    • CloudTrail captures all API calls for AWS Direct Connect as events.
    • Configure CloudWatch alarms to monitor metrics.

AWS Direct Connect Pricing

    • You only pay for the network ports you use and the data you transfer over the connection

      • .

    • The price is per port-hour consumed for each port type. Outbound data transfer through AWS Direct Connect is charged per GB. IN data transfer is $0.00 per GB in all locations.

AWS Direct Connect

Deep Dive

Save:AWS Direct Connect

Related Fact Sheets

:S3 Transfer Acceleration vs. Direct Connect vs. VPN vs.

  • Snowball vs. Snowmobile

Note: If you are studying for the AWS Certified Advanced Networking Specialty, we strongly recommend that you take our AWS-certified Advanced Networking Practice Exams and read our Advanced Networking Specialty Exam Study Guide.

AWS Certified Advanced Networking Special Practice Exams

Validate Your Knowledge

Question 1

A leading insurance company has a VPC in the US region. East (N. Virginia) for its

headquarters in New York and another VPC in U.S. West (N. California) for its regional office in California. There is a requirement to establish a low-latency, high-bandwidth connection between your on-premises data center in Chicago and your two VPCs on AWS.

As the company’s SysOps administrator, how could you implement this in a cost-effective way?

Establish a Direct Connect connection between your VPC in the US region. East (N. Virginia) and your on-premises Chicago datacenter

  1. , and then establish another Direct Connect connection between your VPC in the US West (N. California) region and your on-premises datacenter.

    2. Set up an AWS

  2. Direct Connect gateway with a virtual private gateway

    3. .

  3. Set up an AWS VPN-managed connection between your VPC in the US Region. East (N. Virginia) and the local data center in Chicago.

    4. Configure two separate VPC peering connections for the

  4. two VPCs and for the on-premises datacenter.

Question 2 An

enterprise has a hybrid cloud infrastructure consisting of its Amazon VPC in the us-east-1 (N. Virginia) region and its corporate network. A single 10 Gbps AWS Direct Connect connection with multiple private virtual interfaces has been established to allow EC2 instances to send data to on-premises file storage servers. The network administrator is tasked with ensuring high resilience to common connectivity failures that will support critical production workloads.

What must the Administrator do to satisfy this requirement?

Create a second

  1. 10 Gbps AWS Direct Connect connection to another AWS Direct Connect location.

    2. Create a second 10 Gbps AWS Direct Connect connection to your existing AWS Direct Connect location.

  2. Create a second 10 Gbps AWS Managed VPN connection between your VPC and

    3. your on-premises network.

  3. Start a Direct Connect gateway that connects two public virtual interfaces in the us-east-1 (N. Virginia) region to your on-premises network.

For more questions about AWS practice exams with detailed explanations, visit the Tutorial Portal:

AWS Direct Connect Reference Sheet References:

https://docs.aws.amazon.com/directconnect/latest/UserGuidehttps://aws.amazon.com/directconnect/features/https://aws.amazon.com/directconnect/pricing/https://aws.amazon.com/directconnect/faqs/

Contact US