I discussed Azure ExpressRoute via Equinix Cloud Exchange (ECX) in my previous blog. In this post I am going to focus on AWS Direct Connect which ECX also provides. This means you can share the same physical link (1GBps or 10GBps) between Azure and AWS!
ECX also provides connectivity service to AWS for connection speed less than 1GBps. AWS Direct Connect provides dedicated, private connectivity between your WAN or datacenter and AWS services such as AWS Virtual Private Cloud (VPC) and AWS Elastic Compute Cloud (EC2).
AWS Direct Connect via Equinix Cloud Exchange is Exchange (IXP) provider based allowing us to extend our infrastructure that is:
- Private: The connection is dedicated bypassing the public Internet which means better performance, increases security, consistent throughput and enables hybrid cloud use cases (Even hybrid with Azure when both connectivity using Equinix Cloud Exchange)
- Redundant: If we configure a second AWS Direct Connect connection, traffic will failover to the second link automatically. Enabling Bidirectional Forwarding Detection (BFD) is recommended when configuring your connections to ensure fast detection and failover. AWS does not offer any SLA at the time of writing
- High Speed and Flexible: ECX provides a flexible range of speeds: 50, 100, 200, 300, 400 and 500MBps.
The only tagging mechanism supported by AWS Direct Connect is 802.1Q (Dot1Q). AWS always uses 802.1Q (Dot1Q) on the Z-side of ECX.
ECX pre-requisites for AWS Direct Connect
The pre-requisites for connecting to AWS via ECX:
- Physical ports on ECX. Two physical ports on two separate ECX chassis is required if redundancy is required.
- Virtual Circuit on ECX. Two virtual circuits are also required for redundancy
Buy-side (A-side) Dot1Q and AWS Direct Connect
The following diagram illustrates the network setup required for AWS Direct Connect using Dot1Q ports on ECX:
The Dot1Q VLAN tag on the A-side is assigned by the buyer (A-side). The Dot1Q VLAN tag on the seller side (Z-side) is assigned by AWS.
There are a few steps needing to be noted when configuring AWS Direct Connect via ECX:
- We need our AWS Account ID to request ECX Virtual Circuits (VC)s
- Create separate Virtual Interfaces (VI)s for Public and Private Peering on AWS Management Console. We need two ECX VCs and two AWS VIs for redundancy Private or Public Peering.
- We can accept the Virtual Connection either from ECX Portal after requesting the VCs or on AWS Management Console.
- Configure our on-premises edge routers for BGP sessions. We can download the router configuration which we can use to configure our BGP sessions from AWS Management Console
- Attach the AWS Virtual Gateway (VGW) to the Route Table associated with our VPC
- Verify the connectivity.
Please refer to the AWS Direct Connect User Guide on how to configure edge routers for BGP sessions. Once we have configured the above we will need to make sure any firewall rules are modified so that traffic can be routed correctly.
I hope you’ve found this post useful – please leave any comments or questions below!