I discussed Azure ExpressRoute via Equinix Cloud Exchange (ECX) in my previous blog. In this post I am going to focus on AWS Direct Connect which ECX also provides. This means you can share the same physical link (1GBps or 10GBps) between Azure and AWS!
ECX also provides connectivity service to AWS for connection speed less than 1GBps. AWS Direct Connect provides dedicated, private connectivity between your WAN or datacenter and AWS services such as AWS Virtual Private Cloud (VPC) and AWS Elastic Compute Cloud (EC2).
AWS Direct Connect via Equinix Cloud Exchange is Exchange (IXP) provider based allowing us to extend our infrastructure that is:
- Private: The connection is dedicated bypassing the public Internet which means better performance, increases security, consistent throughput and enables hybrid cloud use cases (Even hybrid with Azure when both connectivity using Equinix Cloud Exchange)
- Redundant: If we configure a second AWS Direct Connect connection, traffic will failover to the second link automatically. Enabling Bidirectional Forwarding Detection (BFD) is recommended when configuring your connections to ensure fast detection and failover. AWS does not offer any SLA at the time of writing
- High Speed and Flexible: ECX provides a flexible range of speeds: 50, 100, 200, 300, 400 and 500MBps.
The only tagging mechanism supported by AWS Direct Connect is 802.1Q (Dot1Q). AWS always uses 802.1Q (Dot1Q) on the Z-side of ECX.
ECX pre-requisites for AWS Direct Connect
The pre-requisites for connecting to AWS via ECX:
- Physical ports on ECX. Two physical ports on two separate ECX chassis is required if redundancy is required.
- Virtual Circuit on ECX. Two virtual circuits are also required for redundancy
Buy-side (A-side) Dot1Q and AWS Direct Connect
The following diagram illustrates the network setup required for AWS Direct Connect using Dot1Q ports on ECX:
The Dot1Q VLAN tag on the A-side is assigned by the buyer (A-side). The Dot1Q VLAN tag on the seller side (Z-side) is assigned by AWS.
There are a few steps needing to be noted when configuring AWS Direct Connect via ECX:
- We need our AWS Account ID to request ECX Virtual Circuits (VC)s
- Create separate Virtual Interfaces (VI)s for Public and Private Peering on AWS Management Console. We need two ECX VCs and two AWS VIs for redundancy Private or Public Peering.
- We can accept the Virtual Connection either from ECX Portal after requesting the VCs or on AWS Management Console.
- Configure our on-premises edge routers for BGP sessions. We can download the router configuration which we can use to configure our BGP sessions from AWS Management Console
- Attach the AWS Virtual Gateway (VGW) to the Route Table associated with our VPC
- Verify the connectivity.
Please refer to the AWS Direct Connect User Guide on how to configure edge routers for BGP sessions. Once we have configured the above we will need to make sure any firewall rules are modified so that traffic can be routed correctly.
I hope you’ve found this post useful – please leave any comments or questions below!
Read more from me on the Kloud Blog or on my own blog at www.wasita.net.
Reblogged this on wasita.net.
I presume this article is written for the dedicated 1gb or 10gb links.
I ask this as the process is different when using the sub 1gb accounts from AWS.
Can you clarify is a sub 1gb connection can be split across multiple VPCs. With my talks with AWS and reading the documentation it seems that it is a 1-to-1 mapping.
Hi Chad, You will have options for 1GB or 10GB link which can be split across multiple cloud providers available via Equinix Cloud Exchange such as AWS, Azure and IBM. You need to order 2 VCs for your Redundant Private Peering DirectConnect and another 2 VCs for your Redundant Public Peering if you wish to route via DirectConnect to AWS Public Services. Absolutely you can share this physical 1GB to your multiple VPC / AWS tenant
Thank you for the article, you helped me a lot.
Thanks for the article! Question – we need 1.5g to aws across our ecx ports. Would I create 4 virtual circuits in the ecx portal at 400m each, then do 4 separate bgp peering sessions between our router and aws? Is it ecmp at that point? What am i missing?
Thanks!!