VPC Lattice: yet another connectivity option or a game-changer?
12 April 2024 - 4 min. read
Damiano Giorgi
DevOps Engineer
How to wisely choose the right AWS Direct Connect for your hybrid Cloud environment
30 April 2021 - 4 min. read
Network connectivity is the most fundamental and often ignored component in our daily life and work, we always take it for granted.
Sometimes our applications require performance, availability and security levels that our normal internet connection doesn’t provide, especially when we want our on-premise running environment to take advantage of cloud services (like cloud storage).
When a low-latency, constant and predictable connection to cloud resources is required a VPN connection using your internet service provider isn’t the best option, luckily enough there’s a service for that.
Meet AWS Direct Connect: an AWS service for the creation of dedicated network connections between office, on-premise data centers, or colocations and the AWS Cloud that bypass the Internet entirely, removing unpredictability and network congestion, allowing a more consistent, fast, and low-latency access to Cloud Resources to satisfy business-critical needs.
AWS Direct Connect is a service available at locations all around the world with flexible connection options starting from a 50 Mbps hosted connection to a 100Gbps dedicated connection.
Let’s deep dive into some terminology:
A Direct Connect Location is a physical location where Direct Connect is accessible via a standard cross-connect, so, if the equipment is already in an available location, access to AWS Cloud resources is only a matter of datacenter cabling. For other cases connectivity to a location is made available by selected APN partners that have passed a technical validation for following AWS service best practices.
A Direct Connect Location is physically directly linked with a default AWS Region but any other region is accessible through AWS proprietary network internal routing. A list of available locations and associated regions is available at https://aws.amazon.com/directconnect/locations/
An APN Partner can help to establish network circuits between an AWS Direct Connect location and the data center, office, or colocation environment while giving assistance in constructing a hybrid environment.
A Dedicated Connection is a physical Ethernet connection associated with a single customer, with two options for port speed (1 Gbps and 10 Gbps), it gives the ability to define up to 50 virtual network interfaces that behave like a single VLAN with a BGP Peering session on it, you can also attach this virtual interface to a Transit Gateway to implement advanced routing between VPCs
A Hosted Connection has more options for port speed, starting from 50Mbps up to 1Gbps, for use cases that do not require high capacity. With a hosted connection there’s only a single virtual network interface with a BGP Peering session, on a physical link shared with other customers. If additional interfaces are required additional hosted connections have to be provisioned, a Transit Gateway attachment is not available with this type of connection.
Resiliency: even if Direct Connect is a low-latency, constant and predictable connection there’s always the possibility that something goes wrong.
The highest level of resiliency can be achieved using separate connections that terminate on separate devices in more than one location, as shown below
In case of device failure, connectivity or location failure the network connection will always be available.
A high level of resiliency is made possible by using two single connections to multiple locations, service will still available in case of connectivity (like a fiber cut) or device failure
The suggested configuration for development and test is using separate connections that terminate on separate devices in one location
This provides resiliency against device failure.
Another option is to use a VPN connection over the internet as a backup option
Let’s talk about some examples and real life implementations to better understand how to choose the Direct Connect Location taking into account the default AWS Region.
The complete list of available Direct Connect Locations can be found at https://aws.amazon.com/directconnect/locations/
Case A: An office located in Djon, France on on-prem application uses an Aurora Database hosted in the eu-central-1 region (Frankfurt), a 300Mbps connection is enough to accommodate traffic needs
There’s a Direct Connect Location in Telehouse Voltaire, Paris, France that has the Default AWS Region in eu-central-1 set, an AWS APN partner can be involved to provision connectivity to the location and then set up a Hosted Connection to the eu-central-1.
Depending on the availability requirements a second Direct Connect link can be set up to the Interxion ZUR1, Zurich, Switzerland location, allowing redundancy for location and connectivity
Case B: An on-prem data center in Equinix PA3, Paris, uses a private API Gateway hosted in the eu-west-3 region (Paris), a new application will write a massive amount of data in a S3 bucket requiring at least 1Gbps bandwidth
The direct connect location is already available in the data center with a cross-connect, a S3 private endpoint can be also reached using the DX connection.
Wrap-Up
AWS Direct Connect is an excellent solution to meet the increasing demand of reliable, secure and fast network connections to cloud resources.
In this article we talked about how to choose your Direct Connect Location and type, only scratching the surface of the possibilities it can offer in terms of available configurations and components.
Stay connected for more about this topic: we'll be back soon with some examples about choosing the network topology and AWS resources involved in different implementation scenarios.
See you on #Proud2beCloud in 14 days!
