AWS Network Connectivity Options

VPC – VPC connections

  1. VPC Peering
  2. AWS Transit Gateway
  3. Private Link

External Network connectivity to AWS

  1. CGW — (IPSEC VPN) –> VGW -> VPC1
  2. CGW — (IPSEC VPN) –> TGW -> VPC1, VPC2
  3. CGW1, CGW2 — (IPSEC VPN HUB) -> VGW
  4. RTR — ( DX VIF) –> VGW -> VPC1
  5. RTR — ( DX VIF) –> TGW -> VPC1, VPC2
  6. RTR — ( DX VPN) –> VGW -> VPC1
  7. RTR — ( DX VPN) –> TGW -> VPC1, VPC2
  8. RTR — ( DX VIF) → DGW -> VGW
  9. RTR — ( DX VIF) → DGW -> TGW

AWS Transit Gateway

Direct Connect

Components of Direct Connect
  • Connections
  • Virtual Interfaces
Physical Connection
What is a cross connect?

Cross-connections are hardware (cables, cords, and jumpers) that connect separate units of the facilities within a data center.

Types of connections
  • Dedicated Connection: A physical Ethernet connection associated with a single customer.
  • Hosted Connection: A physical Ethernet connection that an AWS Direct Connect Partner provisions on behalf of a customer. Customers request a hosted connection by contacting a partner in the AWS Direct Connect Partner Program, who provisions the connection.
How do you enable redundancy for connections?

A link aggregation group (LAG) is a logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple connections at a single AWS Direct Connect endpoint, allowing you to treat them as a single, managed connection. LAGs streamline configuration because the LAG configuration applies to all connections in the group.

Types of Virtual Interfaces
  • Private virtual interface: A private virtual interface should be used to access an Amazon VPC using private IP addresses.
  • Public virtual interface: A public virtual interface can access all AWS public services using public IP addresses.
  • Transit virtual interface: A transit virtual interface should be used to access one or more Amazon VPC Transit Gateways associated with Direct Connect gateways. You can use transit virtual interfaces with 1/2/5/10 Gbps AWS Direct Connect connections.
How do you use a Directconnect to VPCs in other accounts?

How do you connect VPCs with Direct Connect?
  • Directconnect Location (DX) -> Directconnect gateway -> transit gateway
  • Directconnect Location (DX) -> Directconnect gateway -> virtual private gateway
What are the benefits of Directconnect gateway?
  • AWS Direct Connect Gateway allows you to establish connectivity that spans Virtual Private Clouds (VPCs) spread across multiple AWS Regions.
  • Instead of establishing multiple BGP sessions for each VPC, you only need to establish a single BGP session with the Direct Connect Gateway per DX location. As the AWS Direct Connect Gateway is a global object, VPCs and DX locations in any location (except China) can be bridged.
Sample reference architectures