{"id":2797,"date":"2019-06-08T00:21:12","date_gmt":"2019-06-07T22:21:12","guid":{"rendered":"http:\/\/miro.borodziuk.eu\/?p=2797"},"modified":"2019-09-02T22:32:29","modified_gmt":"2019-09-02T20:32:29","slug":"direct-connect","status":"publish","type":"post","link":"http:\/\/miro.borodziuk.eu\/index.php\/2019\/06\/08\/direct-connect\/","title":{"rendered":"Direct Connect"},"content":{"rendered":"<p>A Direct Connect (DX) is a physical connection between your network and AWS either directly via a cross-connect and customer router at a DX location or via a DX partner.<\/p>\n<p><!--more--><\/p>\n<p><strong>Dedicated Connections<\/strong> are direct via AWS and use single-mode fiber, running either 1 Gbps using 1000Base-LX or 10 Gbps using 10GBASE-LR.<\/p>\n<p>Virtual interfaces (VIFs) run on top of a DX. <strong>Public VIF<\/strong>s can access AWS <strong>public services<\/strong> such as <strong>S3<\/strong> only. <strong>Private<\/strong> VIFs are used to connect into <strong>VPC<\/strong>s. DX is <strong>not<\/strong> highly available or encrypted.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2992 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/DirectConnect2.jpg\" alt=\"\" width=\"669\" height=\"519\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/DirectConnect2.jpg 669w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/DirectConnect2-300x233.jpg 300w\" sizes=\"(max-width: 669px) 100vw, 669px\" \/><\/p>\n<p>Dedicated link from your internal network to AWS:<\/p>\n<ul>\n<li>Dedicated throughput<\/li>\n<li>Provide more consistent network performance<\/li>\n<li>Reduce bandwidth costs<\/li>\n<li>Private connection to AWS<\/li>\n<li>Elasticity and scaling &#8211; provision multiple 1 Gbps and 10 Gbps connections<\/li>\n<\/ul>\n<p>For dedicated connections, DX require single-mode fiber:<\/p>\n<ul>\n<li>1 Gbps: 1000BASE-LX (1310nm)<\/li>\n<li>10 Gbps: 10GBASE-LR (1310nm)<\/li>\n<\/ul>\n<p>Best Practice:<\/p>\n<ul>\n<li>Using a private peered connection might not need extra security<\/li>\n<li>Check your organization&#8217;s requirements<\/li>\n<li>VPC networking (subnets, security groups, NACLs)<\/li>\n<li>Avoid VPN hardware that can&#8217;t support high data transfer rates (&gt;4 Gbps)<\/li>\n<li>Note: Direct Connect (DX) is not highly available by default. It is recommended to use multiple DX connections in different AWS regions.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-2798 aligncenter\" src=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/DirectConnect.jpg\" alt=\"\" width=\"638\" height=\"349\" srcset=\"http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/DirectConnect.jpg 638w, http:\/\/miro.borodziuk.eu\/wp-content\/uploads\/DirectConnect-300x164.jpg 300w\" sizes=\"(max-width: 638px) 100vw, 638px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>Choosing between Direct Connect (DX) and VPC VPN is a critical part of any connectivity-based exam questions.<\/p>\n<p><span style=\"color: #999999;\">VPN<\/span><\/p>\n<ul>\n<li>Urgent need \u2014 can be deployed in minutes<\/li>\n<li>Cost constrained \u2014 cheap and economical<\/li>\n<li>Low end or consumer hardware \u2014 DX requires BGP<\/li>\n<li>Encryption required<\/li>\n<li>Flexibility to change locations<\/li>\n<li>Highly available options available<\/li>\n<li>Short-term connectivity (DX generally has physical minimums due to the physical transit connections required) \u2014 not applicable if you are in a DX location because then it&#8217;s almost on demand<\/li>\n<\/ul>\n<p><span style=\"color: #999999;\">Direct Connect<\/span><\/p>\n<ul>\n<li>Higher throughput<\/li>\n<li>Consistent performance (throughput)<\/li>\n<li>Consistent low latency<\/li>\n<li>Large amounts of data \u2014 cheaper than VPN for higher volume<\/li>\n<li>No contention with existing internet connection<\/li>\n<\/ul>\n<p><span style=\"color: #999999;\">Both<\/span><\/p>\n<ul>\n<li>VPN as a cheaper HA option for DX<\/li>\n<li>VPN as an additional layer of HA (in addition to two DX)<\/li>\n<li>If some form of connectivity is needed immediately, provides it before the DX connection is live<\/li>\n<li>Can be used to add encryption over the top of a DX (public VIF VPN)<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>A Direct Connect (DX) is a physical connection between your network and AWS either directly via a cross-connect and customer router at a DX location or via a DX partner.<\/p>\n","protected":false},"author":1,"featured_media":2995,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[78],"tags":[],"_links":{"self":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2797"}],"collection":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/comments?post=2797"}],"version-history":[{"count":4,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2797\/revisions"}],"predecessor-version":[{"id":2994,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/2797\/revisions\/2994"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media\/2995"}],"wp:attachment":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media?parent=2797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/categories?post=2797"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/tags?post=2797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}