Direct Connect
Requirements
- Single-mode fiber with 1000 Base-LX (1310nm) for 1 Gb
- 10GBase-LR (1310nm) transceiver for 10 Gb
- Auto-negotiation disabled
- Port speed & duplex manually configured
- 802.1Q VLAN encapsulation must be supported end-to-end
- BGP Support & BGP MD5 auth support on device
- (optional) Bidir Forwarding Detection (BFD). Async BFD automatically enabled for AWS DC VIFs
Capabilities
- IPv4 & IPv6
- Frame size of 1522 or 9023 bytes
- (14 byte heder + 4 byte VLAN tag + datagram bytes + 4 bytes FCS)
- Can set MTU of private VIFs (1500 or 1901)
Types
- Once connected create a ViF
Dedicated
- 1 Gb or 10 Gb physical with single customer
- Need a DC location by working with partner
- Can’t change port speed after request
- Letter of Authorizatio (LOA) & Connecting Facility Agreement (CFA)
- LOAs expire after 90 days
- Must respond within 7 days if more info required
- Can be added to a link aggregation group (LAG) - this will cause an interruption in service
Hosted
- 1 or 10Gb physical that partner provisions
- Port speeds:
- 50 Mbps
- 100 Mbps
- 200 Mbps
- 400 Mbps
- 500 Mbps
- 1 Gb
- 2 Gb
- 5 Gb
- 10 Gb'''''
- Once configued by partner, you must accept the connection
Routing Policies
Inbound
- You must own public prefixes & must be registered with Internet registry
- Traffic must be destined to Amazon public prefixes
- DC does inbound packet filtering
Outbound
- AS_PATH determines routing path
- DC is preferred for traffic sourced from AWS
- Only public ASNs used internally
- AWS DC advertises all local & remote AWS prefixes & includes on-net prefixes from other AWS non-region points of presence (PoP) (i.e. CloudFront and Route 53)
- AWS DC advertises prefixes with minimum path length of 3
- AWS DC advertises all public prefixes with NO_EXPORT BGP community
- With multiple DC connections you can adjust load-sharing of inbound traffic by advertising prefixes with similar path attributes
- Prefixes advertised by DC must not go beyond network boundaries of your connection
BGP Communities
BGP community tags ca be applied to the public prefixes that you advertise to AWS to idicate how far to propagate your prefixes in the Amazon network.
Communities for Your Prefixes
Tag | Description |
---|---|
7224:9100 | local AWS region |
7224:9200 | All AWS regions for continent |
7224:9300 | Global (all public AWS regions) *default |
7224:1-65535 reserved by AWS DC
DC Communities
Tag | Description |
---|---|
7224:8100 | Routes originate in same region as DC PoP |
7224:8200 | Routes originate in same continent |
No tag | Global |
Local Preference Communities
Achieve load balancing & route preference for incoming traffic to your network. Support for private VIFs and transit VIFs.
Tag | Description |
---|---|
7224:7100 | low preference |
7224:7200 | Medium |
7224:7300 | High |
- Mutually exclusive
- For failover, apply higher to primary
- Evaluated BEFORE AS_PATH in order from low to high with high preferred
LAG
- Only 4 connections allowed
- All connections must terminate at the same DC endpoint
- All connections must be the same speed
- Can’t re-associate LAG connection if it falls below minimum interface threshold
Limitations
- ASN must be in 64,512 to 65,534 or range 4,200,000,000 to 4,294,967,294
- DC can’t connect to VPC in China
- VPCs connected to DC can’t have overlapping CIDRs
- Transit VIF can be anywhere but TGW must be in US
- No Transit VIF on hosted connection with > 1 Gbps
- Transit communication between DGW attachments not permitted
- No public ViF to DC GW
- Can’t attach a private ViF to more than 1 DGW
- Can’t associate VGW with more than 1 DGW
- VGW associated with DGW must be attached to VPC
- DGW advertises all connected VPCs over ASN assigned to it
- ASNs must be different between TGW & DGW
Item | # | Soft or hard limit |
---|---|---|
VIFs per Dedicated DC | 50 | Hard |
Transit VIFs per Dedicated DC | 1 | Hard |
VIFs per Hosted DC | 1 | Soft |
Active AWS Dedicated DC per Region / Account | 10 | Soft |
Routes per BGP session on private ViF | 100 | Hard (>100 puts session into idle) |
Routes per Bgp session on public ViF | 1,000 | Hard |
Dedicated connections per LAG | 4 | Hard |
LAGs per Region | 10 | Soft |
DGWs per account | 200 | Soft |
VGWs per DGW | 10 | Hard |
TGWs per DGW | 3 | Hard |
ViFs per DGW | 30 | Soft |
# of prefixes from on-prem to AWS to Transit ViF | 100 | Hard |
# of prefixes per TGW from AWS to on-prem to Transit ViF | 20 | __Hard |
Metrics
All metrics start with “Connection” https://docs.aws.amazon.com/directconnect/latest/UserGuide/monitoring-cloudwatch.html