AWS Certified Advanced Networking Specialty Notes - Direct Connect

Direct Connect

Requirements

  • Single-mode fiber with 1000 Base-LX (1310nm) for 1 Gb
  • 10GBase-LR (1310nm) transceiver for 10 Gb
  • Auto-negotiation disabled
  • Port speed & duplex manually configured
  • 802.1Q VLAN encapsulation must be supported end-to-end
  • BGP Support & BGP MD5 auth support on device
  • (optional) Bidir Forwarding Detection (BFD). Async BFD automatically enabled for AWS DC VIFs

Capabilities

  • IPv4 & IPv6
  • Frame size of 1522 or 9023 bytes
    • (14 byte heder + 4 byte VLAN tag + datagram bytes + 4 bytes FCS)
  • Can set MTU of private VIFs (1500 or 1901)

Types

  • Once connected create a ViF

Dedicated

  • 1 Gb or 10 Gb physical with single customer
  • Need a DC location by working with partner
  • Can’t change port speed after request
  • Letter of Authorizatio (LOA) & Connecting Facility Agreement (CFA)
    • LOAs expire after 90 days
    • Must respond within 7 days if more info required
  • Can be added to a link aggregation group (LAG) - this will cause an interruption in service

Hosted

  • 1 or 10Gb physical that partner provisions
  • Port speeds:
    • 50 Mbps
    • 100 Mbps
    • 200 Mbps
    • 400 Mbps
    • 500 Mbps

  • 1 Gb
  • 2 Gb
  • 5 Gb
  • 10 Gb'''''
  • Once configued by partner, you must accept the connection

Routing Policies

Inbound

  • You must own public prefixes & must be registered with Internet registry
  • Traffic must be destined to Amazon public prefixes
  • DC does inbound packet filtering

Outbound

  • AS_PATH determines routing path
  • DC is preferred for traffic sourced from AWS
  • Only public ASNs used internally
  • AWS DC advertises all local & remote AWS prefixes & includes on-net prefixes from other AWS non-region points of presence (PoP) (i.e. CloudFront and Route 53)
  • AWS DC advertises prefixes with minimum path length of 3
  • AWS DC advertises all public prefixes with NO_EXPORT BGP community
  • With multiple DC connections you can adjust load-sharing of inbound traffic by advertising prefixes with similar path attributes
  • Prefixes advertised by DC must not go beyond network boundaries of your connection

BGP Communities

BGP community tags ca be applied to the public prefixes that you advertise to AWS to idicate how far to propagate your prefixes in the Amazon network.

Communities for Your Prefixes

Tag Description
7224:9100 local AWS region
7224:9200 All AWS regions for continent
7224:9300 Global (all public AWS regions) *default

7224:1-65535 reserved by AWS DC

DC Communities

Tag Description
7224:8100 Routes originate in same region as DC PoP
7224:8200 Routes originate in same continent
No tag Global

Local Preference Communities

Achieve load balancing & route preference for incoming traffic to your network. Support for private VIFs and transit VIFs.

Tag Description
7224:7100 low preference
7224:7200 Medium
7224:7300 High
  • Mutually exclusive
  • For failover, apply higher to primary
  • Evaluated BEFORE AS_PATH in order from low to high with high preferred

LAG

  • Only 4 connections allowed
  • All connections must terminate at the same DC endpoint
  • All connections must be the same speed
  • Can’t re-associate LAG connection if it falls below minimum interface threshold

Limitations

  • ASN must be in 64,512 to 65,534 or range 4,200,000,000 to 4,294,967,294
  • DC can’t connect to VPC in China
  • VPCs connected to DC can’t have overlapping CIDRs
  • Transit VIF can be anywhere but TGW must be in US
  • No Transit VIF on hosted connection with > 1 Gbps
  • Transit communication between DGW attachments not permitted
  • No public ViF to DC GW
  • Can’t attach a private ViF to more than 1 DGW
  • Can’t associate VGW with more than 1 DGW
  • VGW associated with DGW must be attached to VPC
  • DGW advertises all connected VPCs over ASN assigned to it
    • ASNs must be different between TGW & DGW
Item # Soft or hard limit
VIFs per Dedicated DC 50 Hard
Transit VIFs per Dedicated DC 1 Hard
VIFs per Hosted DC 1 Soft
Active AWS Dedicated DC per Region / Account 10 Soft
Routes per BGP session on private ViF 100 Hard (>100 puts session into idle)
Routes per Bgp session on public ViF 1,000 Hard
Dedicated connections per LAG 4 Hard
LAGs per Region 10 Soft
DGWs per account 200 Soft
VGWs per DGW 10 Hard
TGWs per DGW 3 Hard
ViFs per DGW 30 Soft
# of prefixes from on-prem to AWS to Transit ViF 100 Hard
# of prefixes per TGW from AWS to on-prem to Transit ViF 20 __Hard

Metrics

All metrics start with “Connection” https://docs.aws.amazon.com/directconnect/latest/UserGuide/monitoring-cloudwatch.html