Secured Connectivity with AWS Direct Connect (DX)

Overview

By moving to the cloud, businesses can optimize their IT costs and save on large portions of hardware and software. Maintaining low latency in the architecture is also somewhat complex and difficult. As a result, AWS created the AWS Direct Connect (DX) service, which lets you use it with extremely low latency with consistent bandwidth. AWS Direct Connect uses standard Ethernet fiber cables to connect your internal network to AWS Direct Connect locations. Connect one cable end to your router and the other to your AWS Direct Connect router. This connection allows you to create a virtual interface directly to public AWS services (such as Amazon S3) or Amazon VPC, bypassing your ISP in your network path. In this blog, we will get a walkthrough on creating AWS DX (Direct Connect) Connection.

Introduction

Through AWS Direct Connect, we can access Amazon VPC privately and AWS public services endpoints (e.g., Amazon DynamoDB, Amazon S3). It leverages AWS Global network backbone. Autoreactive 3rd party providers provide AWS DX locations. It takes around 4-12 weeks for end-to-end provisioning. With a dedicated connection, you can get up to 1, 10, and 100 Gbps.

AWS Direct Connect Connection Types

• Dedicated Connections — Comes with three bandwidths 1 Gbps, 10 Gbps, and 100 Gbps capacity. Provides physical ethernet port dedicated to a customer. We must request dedicated connections from the AWS console before AWS Direct Connect partners complete it. Connecting on-premises network with AWS Direct Connect can be done by your Network provider or AWS Direct Connect Partner.
• Hosted Connections— Multiple bandwidth options, from 50 Mbps to up to 10 Gbps capacity. Partners own it and divide the bandwidth into multiple customers. Connection requests are directly made to AWS Direct Connect partners. AWS uses a traffic policy on hosted connection types. If sending excess traffic, that connection is dropped.

Steps to Setup AWS Direct Connect Connection

Steps for Dedicated Connection

1. Select the AWS region where you want your Direct Connect connection and submit the request from the AWS console.
2. AWS provisions your port within 72 hours and provides you with the Letter of Authorization- Connection Facility Assignment (LOA-CFA)
3. LOA needs to be shared with an AWS Direct Connect location provider. They can allocate that port and cross connect to the AWS router and your router.
4. If your organization has a physical presence in the DX location, you can request a cross-connect within the facility to connect to the AWS device.
5. If not, you provide a copy of the LOA to the DX APN partner, who places the order for cross-connect.
6. After the connection, you receive a Tx/Rx optical signal at your equipment.
7. Private or Public Virtual Interfaces can now be created to connect to your VPC or public AWS services.

Steps for Hosted Connection

1. You don’t need to obtain an LOA to order a hosted connection. You can directly contact a Direct Connect Partner to order the connection.
2. You share your 12-digit AWS account ID with the partner
3. The partner will set up the hosted connection, which will be available in your account (in the given region) for acceptance.
4. The billing for port hours and data transfer charges is enabled once you accept the connection.

DX Virtual Interfaces

1. Provides logical connectivity
2. Provisioning the Virtual Interfaces is necessary to use the DX connection.
3. When you create Virtual Interfaces, you must use the 802.1Q VLAN feature
4. There are 3 types of VIFs

• Public VIF – enables connectivity to all AWS public IP addresses. Outside VPC, you can access services like S3, SQS, DynamoDB, and other public endpoints, like AWS managed VPN (VGW) Public IPs. Providing both the public IP addresses of the AWS router and your side of the router with a /30 CIDR is necessary for creating a public VIF with IPv4 addresses.

• Private VIF – enables connectivity to VPC via a Virtual Private Gateway or Direct Connect Gateway. Allows your network to connect to VPC resources through private IPs for resources like Amazon EC2, Amazon RDS, and Redshift. Private VIF and VGW must be in the same AWS Region.

• Transit VIF – The Direct Connect gateway enables connectivity to Transit Gateways. Transit VIF is connected to AWS Direct Connect Gateway, and AWS Direct Connect Gateway connects to Transit Gateway. Support for MTU of 1500 and 8500 (Jumbo Frame). Multiple Transit Gateways can be connected to a single DX Gateway.

Conclusion

Certain companies have existing data centers that are not ready to be decommissioned, and these customers want to be able to use their existing data centers alongside the AWS infrastructure. This is where AWS Direct Connect hosts a high-speed, low-latency connection that allows you to access public and private AWS resources.

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 650k+ professionals in 500+ cloud certifications and completed 300+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, AWS Training Partner, AWS Migration Partner, AWS Data and Analytics Partner, AWS DevOps Competency Partner, Amazon QuickSight Service Delivery Partner, Amazon EKS Service Delivery Partner, Microsoft Gold Partner, AWS Microsoft Workload Partners, Amazon EC2 Service Delivery Partner, and many more.

To get started, go through our Consultancy page and Managed Services Package, CloudThat’s offerings.