What is the Direct Connect product trying to solve?

We have seen IPSEC Site-to-Site VPN, a nice extension to that is Direct Connect offering. In IPSEC VPN, we connected to AWS VPC securely over the internet, in Direct Connect we have a cable termination onto our Data Center premises which directly connects to AWS Infrastructure and no internet service providers are needed for this to happen.

AWS Direct Connect - Image Credits: :https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Advantages:

• Bypasses Internet and thereby secure
• Low Latency to AWS services
• Consistent Performance with up to speeds of 1/10/100 and support for jumbo frames > 9k

What are my building blocks?

• We basically start with a Connection, pretty much self-explanatory

• A Connection has the below requirements

  Requirement	Comment
  Connection Type	Fibre
  Fibre Type	Single-Mode
  Transceiver	1000BASE-LX for1Gbps. 10GBASE-LR for 10Gbps 100GBASE-LR4 for 100Gbps
  802.1Q VLAN	All through the path must be supported
  Protocol	BGP with MD5 authentication
  Optional Protocol	BFD for faster protocol convergence
  MTU	1522 or 9023

Ref: https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

Functional Building Block?

Ref:https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.htmlSo, once we have a connection setup, everything revolves around VIF - Virtual Interface.

Direct Connect can be divided into two parts

1. Public VIF - we are speaking about public IP addresses routable on the internet.
   1. Enables access to Amazon public service offering only not the entire internet - S3, EC2, Amazon.com
   2. AWS does not re-advertise customer-owned public prefixes
2. Private VIF
   1. Enables access to VPC
3. Transit VIF
   1. Enables access to Transit Gateway with Direct Connect Gateway
4. Hosted VIF
   1. If you want to use a Direct Connect connection with another AWS account then its called hosted VIF.
   2. Hosted VIF can function as Public/Private/Transit VIF

SiteLink - Optional but highly effective service.

Ref: https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-direct-connect-sitelink/

Requirement - Direct Connect Gateway - Global and Highly available AWS Service

• SiteLink is an optional service which helps to connect and route traffic between two direct connect locations bypassing AWS Regions.
• You do not need to have any AWS resources in regions to enable this feature.

AWS Site Link - Image Credit - https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-direct-connect-sitelink/

In the next post, I shall discuss more about Direct Connect Gateway and certification points.

[https://www.notion.so/Direct-Connect-a61557d18e784e778b4500197168454c] - public share url