AWS Solution Architect Professional (SAP-C02) Review Material – Direct Connect

Leave a Comment / Uncategorized / By

Overview

  • Establish a dedicated connection from an on-premises network to one or more VPCs.
  • Uses industry-standard 802.1Q VLANs to connect to Amazon VPC using private IP addresses. The VLANs are configured using virtual interfaces (VIFs)
  • Three (3) Types of VIFs:
    1. Public virtual interface – Establish connectivity between AWS public endpoints and your data center, office, or colocation environment.
    2. Private virtual interface – Establish private connectivity between Amazon VPC resources and your data center, office, or colocation environment. The use of private VIFs is shown in the following figure.
    3. Transit virtual interface – Establish private connectivity between AWS Transit Gateway and your data center, office, or colocation environment. 
  • Can access any AWS Region from any of Direct Connect locations (except China). 
  • Two (2) types of connection:
    1. Dedicated connections
      • A physical ethernet connection is associated with a single customer.
      • You can order port speeds of 1, 10, or 100 Gbps.
      • You can use a link aggregation group (LAG) to aggregate multiple connections at a single AWS Direct Connect endpoint
    2. Hosted connections
      • A physical ethernet connection is provisioned by an AWS Direct Connect Partner and shared with you.
      • You can order port speeds between 50 Mbps and 10 Gbps.
      • Capacity on demand.
  • Gateways:
    1. Direct Connect Gateway:
      • Connects to:
        • Right Side:
          • Direct Connect Router in a Region
        • Left Side:
          • Transit Gateway (multiple VPCs in the same Region) via Transit VIF [ DC Router -> Transit VIF -> DC GW -> TGW ]
          • Virtual Private Gateway (multiple VPCs in different Regions) via Private VIF [ DC Router -> Private VIF -> DC GW -> VP GW ]
          • AWS Cloud WAN core network
    2. Transit Gateway:
      • Connects to multiple VPCs in the same region.
      • Connects to:
        • Right Side:
          • Direct Connect Gateway
          • S2S VPN (Public VIF)
        • Left Side:
          • VPC via DC GW (same Region) [ DC Router -> Transit VIF -> DC GW -> TGW -> VPC ]
          • VPC via S2S VPN (same Region) [ DC Router -> Public VIF -> S2S VPN -> TGW -> VPC ]
    3. Virtual Private Gateway:
      • Connects to only 1 VPC
      • Connects to:
        • Right Side:
          • Direct Connect Gateway (Private/Public VIF)
          • S2S VPN (Public VIF)
        • Left Side:
          • VPC via DC GW (multiple regions) [ DC Router -> Private VIF -> DC GW -> VP GW -> VPC ]
          • VPC via S2S VPN (multiple regions) [ DC Router -> Public VIF -> S2S VPN -> VP GW -> VPC ]

Architecture

Basic Architecture:

  • Private VIF is used for connecting to a specific VPC within a single region

AWS Direct Connect + AWS Transit Gateway

  • Requires a Transit VIF, which connects to a Direct Connect Gateway
  • Direct Connect Gateway connects to the Transit Gateway via Transit Gateway Association.
  • It can be used to connect to multiple regions.
  • Use Transit VIF when you want to connect multiple VPCs across different AWS Regions and on-premises networks through a single Direct Connect connection

AWS Direct Connect + AWS Site-to-Site VPN

  • It requires a Public VIF to connect to an S2S VPN.
  • Can be used to connect to multiple regions.

AWS Direct Connect + AWS Transit Gateway + AWS Site-to-Site VPN

  • It requires a Public VIF to connect to an S2S VPN.
  • S2S VPN connects directly to a Transit Gateway

Direct Connect SiteLink

  • SiteLink is a feature of AWS Direct Connect that makes it possible to send data from one Direct Connect location to another, bypassing AWS Regions

Leave a Comment

Your email address will not be published. Required fields are marked *