AWS Direct Connect Logical & Resilient Connectivity
AWS Direct Connect: Logical Connectivity
Once Physical Connection is in place, now you Must create a Virtual Interface to use your AWS Direct Connection. Logical Connectivity talks about following types.
- Virtual Interface
- Direct Connect Gateway
- Hosted Virtual Interface
A Virtual Interface is required, for BGP peering between AWS Device and Customer Router. A VIF is a configuration having 802.1Q VLAN associated to it and have options for associated BGP Session. AWS Direct Connect supports two type of VIFs:
- Public VIF
- Private VIF
These both type of VIF requires below configuration parameters.
- Type: Public VIF or Private VIF
- VIF Name: Any name Client want to use
- VIF Owner: Your AWS Account or Another AWS Account
- VLAN: Select Any VLAN ID. Same VLAN ID cannot be reused for different VIFs.
- Address family: IPv4 or IPv6.
- BGP ASN: Choose your own private ASN (64512-65535). for Public VIF, you must Own that public ASN.
Pubic Virtual Interfaces:
Public Virtual Interfaces is used to reach all AWS public IP address for the region in which your AWS Direct connect connection is associated and are capable to receive BGP announcement for all AWS Public Global IPs.
Via Public VIF you can access all AWS Public Services like Amazon S3, Amazon Dynamo DB, Amazon SQS, and AWS Public End Points used to provide AWS managed VPN Service. When we create Public VIF we must specify Public IP address for both Amazon Router peer IP and your Router Peer IP.
You should also specify IP address prefixes; you announce to AWS over this VIF. While Doing this AWS will verify that you are owner of these IP prefixes and you are authorized to announce them.
The number of Prefixes that AWS will announce will vary by region to region. AWS will accept up to 1000 prefixes from you. AWS does not re-advertise customer prefixes to other customer that have been received over other AWS Direct Connect Public VIFs.
Private Virtual Interfaces:
With the help of this Private VIF, you can be able to reach resources that are provisioned in your VPC via their private IP address. This private VIF is associated to VGW in your VPC to enable private connectivity. With Private VIF you can access resources like EC2 Instances, Amazon RDS, Amazon redshift in your VPC.
As soon as BGP will form Neighbourship, Your Peer Router will receive all CIDR prefixes associated in your VPC. Client is able to announce up to 100 Prefixes to AWS over Private VIF including a default Route.
Direct Connect Gateway:
It is used to combine Private VIF with multiple VGWs in the local or remote region. This Function is used to connect from an AWS Direct Connect location in one geographical Zone to an AWS region in different geographical Zone. We can use single Private VIF to access Multiple VPCs in multiple region.
Client Router will establish a single BGP session with Direct Connect gateway and will receive prefixes from all associated VPC. Via private VIFs and VGW.
Hosted virtual Interfaces:
When you create any public VIF or private VIF, you will get an option to choose VIF owner. Now When you choose any other AWS account, that VIF becomes Hosted VIF. The recipient of Hosted VIF must choose to accept it. And if this private VIF, you have to choose the VGW, to which you will associate it.
AWS Direct Connect: Resilient Connectivity
Each AWS direct connection location has diverse and resilient connectivity to associated regions. When we architecture any AWS design, it is very much necessary to plan for maximum 50 percentage usage of available bandwidth, such that any failover to secondary path can carry full load.