AWS Direct Connect (DX) is a dedicated connection service that helps you connect your on-premise data center to the AWS Cloud. This route has a higher speed than a VPN and the transmission cost is also cheaper.
In Vietnam, small and medium enterprises may not have the need to use AWS DX and there are popular VPN connections with a limit of 1.25Gbps. But for large enterprises with a lot of workloads on AWS Cloud in terms of syncing, processing, and transferring big data, these private connections are very important for the performance and reliability of the solution. France.
Key benefits of using AWS Direct Connect
- Low latency & jitter – This is a private transmission line with low latency and less errors. This connection does not go through the public internet, but through the private infrastructure of AWS and AWS Partner.
- Dedicated bandwidth & consistency – Unlike other connection types, DX provides a stable connection that is often suitable for organizations that need to transmit large amounts of data and forecast.
- Lower Internet Service Provider bandwidth – Because DX runs through its own infrastructure, it will not affect ISP bandwidth, thereby reducing transmission costs for ISPs.
- Lower than VPN price rate – AWS DX has a cheaper rate than VPN. Often a responsive design will always include a combination of AWS DX and AWS VPN. DX will be used for high bandwidth production or data transmission lines, and VPN for management or backup related lines.
Architecture using AWS Direct Connect
The picture above is a typical architecture when using AWS DX, including 03 main components:
- AWS Cloud (left block) – can be in any region in AWS.
- AWS Direct Connect Location (middle block) – AWS Partner provides AWS DX services in the host country. For example, Vietnam currently has CMC Telecom providing AWS DX as hosted.
- Customer network (right block): describe the data center or head office of a business in Vietnam, for example.
To make an AWS DX connection, the following conditions are required:
- BGP (Border Gateway Protocol) needs to be used at both ends of the DX Connection.
- Customer Router needs to support BGP and 802.1Q
- The connections from on-premises to AWS Cloud are called virtual private interfaces (VIFs), and there are two types of VIFs:
- Private VIF: Connect from on-premise to AWS VPC. Each VPC needs a corresponding Private VIF.
- Public VIF: Connects from on-premises to public endpoints like S3. public VIF can connect to any Region. For example: You connect public VIF to S3 in Singapore, if you access S3 Bucket in Tokyo for example, you will still access it in AWS Backbone, not over the internet. This helps to increase security and reduce latency in use.
Note that data transferred out is still charged when leaving the AWS Region.
What is 802.1Q?
802.1Q is a standard protocol or mechanism for dividing connections when sharing a physical line. In the example above, we see that the connection between the customer site and the aws partner has a common physical path, which is optical fiber. We need to divide this path including different VIF paths so that the logical connection shares a physical isolated link.
- Public / Private VIF per dedicated DX Connect: 50
- Active DX connection per region: 10
What is Border Gateway Protocol (BGP) used for?
802.1Q is used to split the physical connection between onpremise and aws cloud into logical paths called VIFs. BGP is used in routing between Autonomous Systems, or ASs.
- AS are autonomous systems for example on-premise system and aws cloud are two autonomous systems.
- Each AS system requires a unique AS number called ASN .
- The BGP connection is TCP running at port 179.
- With Transit AS . support