Overview:
AWS Direct Connect enables you to securely connect your AWS environment to your on-premises data center or office location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic connection. AWS Direct Connect offers dedicated high speed, low latency connection, which bypasses internet service providers in your network path. An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. AWS Direct Connect allows you to logically partition the fiber-optic connections into multiple logical connections called Virtual Local Area Networks (VLAN). You can take advantage of these logical connections to improve security, differentiate traffic, and achieve compliance requirements.

arch diagram

What you’ll accomplish:

Select a Direct Connect Partner and an AWS Direct Connect facility. Before logging into your console, you will need to decide which partner and facility to work with. This project guide will assist you in selecting the partner and AWS Direct Connect facility best suited for your needs.

Order a Direct Connect circuit using the AWS Management Console. You will select a region of your choice and work through the process of ordering your direct connect circuit from AWS.

Configure a logical connection across your Direct Connect. To establish IP connectivity, you will need to configure a logical VLAN at the minimum and assign an IP address to the connection.

Exchange routes between AWS and your data center. You will establish routing between your AWS environment and your data center, giving you secure and low-latency access to your AWS resources.

What you’ll need before starting:
An AWS Account: You will need an AWS account to begin provisioning resources to host your website. Sign up for AWS.

AWS Experience: Basic knowledge of core AWS concepts like Virtual Private Cloud (VPC), Regions, and Availability Zones are recommended to successfully complete this project.
IT Experience: Working knowledge of networking concepts like IP routing, BGP, and 802.1q VLANS is recommended to successfully complete this project.

Billing Estimates:
Cost to complete project: There are no charges for setting up AWS Direct Connect. Once the connection is established, charges will be incurred for data transfer and pricing per port-hour.

Monthly billing estimate: The total cost of maintaining your AWS Direct Connect link to your on-premises environment will vary depending on the volume of data transfer out of AWS and the region you select. Data transfer pricing over Direct Connect is lower than data transfer pricing over the internet.

For example, if you order a 1GB connection to the US East region – Virginia and you expect to transfer 1TB out on a monthly basis, the total cost would be $236 per month

Product Description: AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS cloud services. AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.

How Pricing Works: AWS Direct Connect pricing has two main cost components: (1) Pricing per port-hour for all AWS Direct Connect locations, (2) data transfer out fees by AWS Direct Connect locations. For details on each cost component, see AWS Direct Connect Pricing.

Cost Estimate: Let’s say you order a 1GB connection to the US East region – Virginia and you expect to transfer 1TB out on a monthly basis. A price per port-hour of $0.30 and a data transfer per GB of $0.02 will be applied. So, the cost for 1TB data transfer would be $216 for the port charges and $20 for data transfer. The total cost is $236 per month.
aws direct connect

Q. What is AWS Direct Connect?

AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS cloud services.

Q. Why should I connect my on-premises environment to AWS using Direct Connect?

AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS cloud services. AWS Direct Connect enables customers to have low latency, secure and private connections to AWS for workloads which require higher speed or lower latency than the internet.
Q. Can I use Direct Connect to securely connect my data center to AWS?
AWS Direct Connect does not involve the Internet; instead, it uses dedicated, private network connections between your intranet and Amazon VPC. Customers can also implement additional security controls by encrypting the traffic that rides the direct connections using similar protocols like SSL, HTTPs and SSH.
Q. How can I get started with AWS Direct Connect?

Use the AWS Direct Connect tab on the AWS Management Console to create a new connection. Then you will change the region to the region you wish to use. When requesting a connection, you will be asked to select the AWS Direct Connect location you wish to use, the number of ports, and the port speed. You will also have the opportunity to request to have an APN Partner contact you if you need assistance extending your office or data center network to the AWS Direct Connect location.

Q. Can I use AWS Direct Connect if my network is present at an AWS Direct Connect location?

Yes, If you have equipment located in the AWS Direct Connect location, you will basically order your direct connection on the AWS Management Console and also request a cross connection to your equipment. To learn more about how to set this up please use this link.

Q. Can I use AWS Direct Connect if my network is not present at an AWS Direct Connect location?

Yes. APN Partners supporting AWS Direct Connect can help you extend your preexisting data center or office network to an AWS Direct Connect location. Please see APN Partners for more information.

Q. What connection speeds are supported by AWS Direct Connect?
1Gbps and 10Gbps ports are available. Speeds of 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, and 500Mbps can be ordered from any APN partners supporting AWS Direct Connect.

Getting Started with AWS Direct Connect
You can set up an AWS Direct Connect connection in one of the following ways:

At an AWS Direct Connect location.

Through a member of the AWS Partner Network (APN) or a network carrier.

Through a hosted connection provided by a member of the APN.

A partner in the APN can help you establish network circuits between an AWS Direct Connect location and your data center, office, or colocation environment, or provide colocation space within the same facility as the AWS Direct Connect location. For more information, see http://aws.amazon.com/directconnect/partners. If you don’t have equipment hosted in the same facility as AWS Direct Connect, you can use a network provider to connect to AWS Direct Connect. The provider does not have to be a member of the APN to connect you.

Before you begin, verify that your equipment meets the specifications set out in Network Requirements.

Topics

Step 1: Sign Up for AWS
Step 2: Submit AWS Direct Connect Connection Request
Step 3: Download the LOA-CFA
Step 4: (Optional) Configure Redundant Connections
Step 5: Create a Virtual Interface
Step 6: Download Router Configuration
Step 7: Verify Your Virtual Interface
Step 1: Sign Up for AWS
To use AWS Direct Connect, you need an AWS account if you don’t already have one.

To sign up for an AWS account

Open https://aws.amazon.com/, and then choose Create an AWS Account.

Note

This might be unavailable in your browser if you previously signed into the AWS Management Console. In that case, choose Sign in to a different account, and then choose Create a new AWS account.

Follow the online instructions.

Part of the sign-up procedure involves receiving a phone call and entering a PIN using the phone keypad.

Step 2: Submit AWS Direct Connect Connection Request
You can submit a connection request using the AWS Direct Connect console. Before you begin, ensure that you have the following information:

The port speed that you require: 1 Gbps or 10 Gbps. You cannot change the port speed after you’ve created the connection request.

The AWS Direct Connect location to which to connect.

If you require a port speed less than 1 Gbps, you cannot request a connection using the console. Instead, contact an APN partner, who will create a hosted connection for you. The hosted connection appears in your AWS Direct Connect console, and must be accepted before use. Skip the following procedure and go to Accept Your Hosted Connection.

To create a new AWS Direct Connect connection

Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

In the navigation bar, select the region in which to connect to AWS Direct Connect. For more information, see Regions and Endpoints.

On the Welcome to AWS Direct Connect screen, choose Get Started with Direct Connect.

create_connection

For Connection Name, enter a name for the connection.

For LAG Association, specify whether the connection is standalone, or if it should be associated with a link aggregation group (LAG) in your account. If you associate the connection with a LAG, select the LAG ID. The connection is created with the same port speed and location as specified in the LAG. For more information, see Link Aggregation Groups.

For Location, select the appropriate AWS Direct Connect location.

Note

If you don’t have equipment at an AWS Direct Connect location, choose contact one of our partners.

Select the appropriate port speed, and then choose Create.

Your connection is listed on the Connections pane of the AWS Direct Connect console.

For more information about creating and working with AWS Direct Connect connections, see Connections.

Accept Your Hosted Connection
If you requested a sub-1G connection from your selected partner, they create a hosted connection for you. You must accept it in the AWS Direct Connect console before you can create a virtual interface.

To accept a hosted connection

Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

If necessary, select the region in which the hosted connection resides. For more information, see Regions and Endpoints.

In the navigation pane, choose Connections.

In the Connections pane, select the hosted connection.

accept_hosted_connection

accept_hosted_connection

Select I understand that Direct Connect port charges apply once I click “Accept This Connection”, and then choose Accept Connection.

Go to Step 4 to continue setting up your AWS Direct Connect connection.

Step 3: Download the LOA-CFA
AWS makes a Letter of Authorization and Connecting Facility Assignment (LOA-CFA) available to you to download, or emails you with a request for more information after you’ve created the connection request. If you receive a request for more information, you must respond within 7 days or the connection is deleted. The LOA-CFA is the authorization to connect to AWS, and is required by the colocation provider or your network provider to establish the cross-network connection (cross-connect).

To download the LOA-CFA

Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

In the navigation pane, choose Connections.

Choose Actions, Download LOA-CFA.

Note

If the link is not enabled, the LOA-CFA is not yet available for you to download. Check your email for a request for more information. If it’s still unavailable, or you haven’t received an email after 72 hours, contact AWS Support.

In the dialog box, optionally enter the name of your provider to have it to appear with your company name as the requester in the LOA-CFA. Choose Download. The LOA-CFA is downloaded to your computer as a PDF file.

After you’ve downloaded the LOA-CFA, do one of the following:

If you’re working with a network provider, send the LOA-CFA to your network provider so that they can order a cross connect for you. You cannot order a cross connect for yourself in the AWS Direct Connect location if you do not have equipment there. Your network provider does this for you.

If you have equipment at the AWS Direct Connect location, contact the colocation provider to request a cross-network connection. For more information , see Requesting Cross Connects at AWS Direct Connect Locations. You must be a customer of the colocation provider, and you must present them with the LOA-CFA that authorizes the connection to the AWS router, as well as the necessary information to connect to your network.

The LOA-CFA expires after 90 days. To refresh the LOA-CFA with a new issue date, you can download it again from the AWS Direct Connect console. If you do not take any action, we delete the connection.

Note

Port-hour billing starts 90 days after you created the connection, or after the connection between your router and the AWS router is established, whichever comes first. For more information, see AWS Direct Connect Pricing.

Step 4: (Optional) Configure Redundant Connections
To provide for failover, we recommend that you request and configure two dedicated connections to AWS, as shown in the following figure. These connections can terminate on one or two routers in your network.redundant_connection

There are different configuration choices available when you provision two dedicated connections:

Active/Active (BGP multipath). This is the default configuration, where both connections are active. AWS Direct Connect supports multipathing to multiple virtual interfaces within the same location, and traffic is load-shared between interfaces based on flow. If one connection becomes unavailable, all traffic is routed through the other connection.

Active/Passive (failover). One connection is handling traffic, and the other is on standby. If the active connection becomes unavailable, all traffic is routed through the passive connection. You need to prepend the AS path to the routes on one of your links for that to be the passive link.

How you configure the connections doesn’t affect redundancy, but it does affect the policies that determine how your data is routed over both connections. We recommend that you configure both connections as active.

If you use a VPN connection for redundancy, ensure that you implement a health check and failover mechanism, and check your route table routing.

Step 5: Create a Virtual Interface
After you have placed an order for an AWS Direct Connect connection, you must create a virtual interface to begin using it. You can create a private virtual interface to connect to your VPC, or you can create a public virtual interface to connect to AWS services that aren’t in a VPC.

Before you begin, ensure that you have the following information:

A unique virtual local area network (VLAN) tag that’s not in use on the AWS Direct Connect connection for another virtual interface. The number must be between 1 and 4094.

A public or private Border Gateway Protocol (BGP) Autonomous System Number (ASN). If you are using a public ASN, you must own it. If you are using a private ASN, it must be in the 64512 to 65535 range.

(Public virtual interface): For an IPv4 BGP peering session, unique public IPv4 addresses (/30) that you own for each side of the BGP peering connection, and a unique IPv4 CIDR range to announce via AWS Direct Connect.

(Private virtual interface): The virtual private gateway to connect to. For more information, see Adding a Hardware Virtual Private Gateway to Your VPC in the Amazon VPC User Guide.

For more information, see Prerequisites for Virtual Interfaces.

Note

A sub-1G connection only supports one virtual interface.

To provision a public virtual interface to non-VPC services

Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

In the Connections pane, select the connection to use, and then choose Actions, Create Virtual Interface.

In the Create a Virtual Interface pane, choose Public.create_virtual_interface_public

In the Define Your New Public Virtual Interface dialog box, do the following:

For Connection, select an existing physical connection on which to create the virtual interface.

For Virtual Interface Name, enter a name for the virtual interface.

For Virtual Interface Owner, select the My AWS Account option if the virtual interface is for your AWS account ID.

For VLAN, enter the VLAN number.

If you’re configuring an IPv4 BGP peer, choose IPv4 and do the following:

For Your router peer IP, enter the IPv4 CIDR destination address to which Amazon should send traffic.

For Amazon router peer IP, enter the IPv4 CIDR address to use to send traffic to Amazon.

If you’re configuring an IPv6 BGP peer, choose IPv6. The peer IPv6 addresses are automatically assigned from Amazon’s pool of IPv6 addresses. You cannot specify custom IPv6 addresses.

For BGP ASN, enter the Border Gateway Protocol (BGP) Autonomous System Number (ASN) of your gateway.

Select the Auto-generate BGP key check box to have Amazon generate a BGP key.

To provide your own BGP key, clear the Auto-generate BGP key check box. For BGP Authentication Key, enter your BGP MD5 key.

For Prefixes you want to advertise, enter the IPv4 CIDR destination addresses (separated by commas) to which traffic should be routed over the virtual interface.

Choose Continue, and then download your router configuration. For more information, see Step 6: Download Router Configuration.

When you create a private virtual interface to a VPC, you need a private virtual interface for each VPC to which to connect. For example, you need three private virtual interfaces to connect to three VPCs.

To provision a private virtual interface to a VPC

Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

In the navigation pane, choose Connections, select the connection to use, and choose Actions, Create Virtual Interface.

In the Create a Virtual Interface pane, select Private.create_virtual_interface_private

Under Define Your New Private Virtual Interface, do the following and choose Continue:

For Virtual Interface Name, enter a name for the virtual interface.

For Virtual Interface Owner, select the My AWS Account option if the virtual interface is for your AWS account.

For Connection To, choose Virtual Private Gateway and select the virtual private gateway to which to connect.

For VLAN, enter the ID number for your virtual local area network (VLAN).

If you’re configuring an IPv4 BGP peer, choose IPv4, and do the following:

To have AWS generate your router IP address and Amazon IP address, select Auto-generate peer IPs.

To specify these IP addresses yourself, clear the Auto-generate peer IPs check box. For Your router peer IP, enter the destination IPv4 CIDR address to which Amazon should send traffic. For Amazon router peer IP, enter the IPv4 CIDR address to use to send traffic to AWS.

If you’re configuring an IPv6 BGP peer, choose IPv6. The peer IPv6 addresses are automatically assigned from Amazon’s pool of IPv6 addresses. You cannot specify custom IPv6 addresses.

For BGP ASN, enter the Border Gateway Protocol (BGP) Autonomous System Number (ASN) of your gateway.

To have AWS generate a BGP key, select the Auto-generate BGP key check box.

To provide your own BGP key, clear the Auto-generate BGP key check box. For BGP Authentication Key, enter your BGP MD5 key.

Download your router configuration. For more information, see Step 6: Download Router Configuration.

Note

If you use the VPC wizard to create a VPC, route propagation is automatically enabled for you. With route propagation, routes are automatically populated to the route tables in your VPC. If you choose, you can disable route propagation. For more information, see Enable Route Propagation in Your Route Table in the Amazon VPC User Guide.

Step 6: Download Router Configuration
After you have created a virtual interface for your AWS Direct Connect connection, you can download the router configuration file.

To download router configuration

Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

In the Virtual Interfaces pane, select the virtual interface you created and then choose Actions, Download Router Configuration.

In the Download Router Configuration dialog box, do the following:

For Vendor, select the manufacturer of your router.

For Platform, select the model of your router.

For Software, select the software version for your router.

Choose Download, and then use the appropriate configuration for your router to ensure that you can connect to AWS Direct Connect.

For example configuration files, see Example Router Configuration Files.

Step 7: Verify Your Virtual Interface
After you have established virtual interfaces to the AWS Cloud or to Amazon VPC, you can verify your AWS Direct Connect connection using the following procedures.

To verify your virtual interface connection to the AWS Cloud

Run traceroute and verify that the AWS Direct Connect identifier is in the network trace.

To verify your virtual interface connection to Amazon VPC

Using a pingable AMI, such as an Amazon Linux AMI, launch an EC2 instance into the VPC that is attached to your virtual private gateway. The Amazon Linux AMIs are available in the Quick Start tab when you use the instance launch wizard in the Amazon EC2 console. For more information, see Launch an Instance in the Amazon EC2 User Guide for Linux Instances. Ensure that the security group that’s associated with the instance includes a rule permitting inbound ICMP traffic (for the ping request).

After the instance is running, get its private IPv4 address (for example, 10.0.0.4). The Amazon EC2 console displays the address as part of the instance details.

Ping the private IPv4 address and get a response.

Thanks!!!

#TeamZeedup

Leave A Comment

Your email address will not be published. Required fields are marked *