AWS Direct Connect
AWS Direct Connect
-
Public virtual interface - Establish connectivity between AWS public endpoints and your data center, office, or colocation environment.
-
Transit virtual interface - Establish private connectivity between AWS Transit Gateway and your data center, office, or colocation environment. This connectivity option is covered in the section AWS Direct Connect + AWS Transit Gateway.
-
Private virtual interface - Establish private connectivity between Amazon VPC resources and your data center, office, or colocation environment. The use of private VIFs is shown in the following figure.
AWS Direct Connect
You can establish connectivity to the AWS backbone using AWS Direct Connect by
establishing a cross-connect to AWS devices in a
Direct Connect location
With AWS Direct Connect, you have two types of connection:
-
Dedicated connections, where a physical ethernet connection is associated with a single customer. You can order port speeds of 1, 10, or 100 Gbps. You might need to work with a partner in the AWS Direct Connect Partner Program to help you establish network circuits between an AWS Direct Connect connection and your data center, office, or colocation environment.
-
Hosted connections, where a physical ethernet connection is provisioned by an AWS Direct Connect Partner and shared with you. You can order port speeds between 50 Mbps and 10 Gbps. Your work with the Partner in both the AWS Direct Connect connection they established and the network circuits between an AWS Direct Connect connection and your data center, office, or colocation environment.
For dedicated connections, you can also use a link aggregation group (LAG) to aggregate multiple connections at a single AWS Direct Connect endpoint. You treat them as a single, managed connection. You can aggregate up to four 1- or 10-Gbps connections, and up to two 100-Gbps connections.
When discussing high availability in AWS Direct Connect, we recommend using additional AWS Direct Connect connections. The AWS Direct Connect Resiliency Toolkit offers guidance in building highly resilient network connections between AWS and your data center, office, or colocation environment. The following figure shows you an example of a high-resiliency connectivity option, with two AWS Direct Connect connections terminated in two different AWS Direct Connect locations.
AWS Direct Connect is not encrypted by default. For dedicated connections of 10 or 100 Gbps, you can use MAC security (MACsec) as an encryption option. For connections of 1 Gbps or less, you can create VPN tunnels on top of the connection – this option is covered in AWS Direct Connect + AWS Site-to-Site VPN and AWS Direct Connect + AWS Transit Gateway + AWS Site-to-Site VPN sections.
One important resource in AWS Direct Connect is the Direct Connect gateway, which is a globally available resource to enable connections to multiple Amazon VPCs or Transit Gateways across different Regions or AWS accounts. This resource also allows you to connect to any participating VPC or Transit Gateway from one private VIF or transit VIF, reducing AWS Direct Connect management, as shown in the following figure.
Regarding IP addressing, AWS Direct Connect virtual interfaces support both IPv4 and IPv6 BGP sessions for dual-stack operation.
-
Private and transit VIFs IPv4 configuration make use of either AWS-generated IPv4 addresses or addresses configured by you. For public VIFs IPv4 BGP peering, you must specify an unique public /31 IPv4 CIDR that you own (or submit a request to have a CIDR block assigned).
-
For all types of VIFs IPv6 BGP peering, AWS assigns a /125 CIDR, which is not configurable.
Additional resources
