AWS Direct Connect: Your dedicated network connection to AWS

AWS Direct Connect: Your dedicated
network connection to AWS
Krishnan Kannan, Lead
BD-Direct connect,
AISPL
29th June 2017

Agenda
VPC –What is Amazon VPC
What is Direct Connect ?
Definition, of Direct connect
why use direct connect-Business benefits of using DX
DX Locations and DX partners
Type of Direct Connect Offering
Direct connect Use cases
Direct connect process
Ordering direct connect via DX partners
Sample DX Architecture
Q&A

Objective of today’s session
• Direct connect service overview
• India direct connect location
• Direct connect partners
• Use case for Direct connect
• Provisioning direct connect by DX partners

AWS Global Infrastructure
16 Regions – 42 Availability Zones – 87 Edge Locations
Region & Number of Availability Zones
AWS GovCloud (2) EU
Ireland (3)
US West Frankfurt (2)
Oregon (3) London (2)
Northern California (3)
Asia Pacific
US East Singapore (2)
N. Virginia (5), Ohio (3) Sydney (3), Tokyo (3),
Seoul (2), Mumbai (2)
Canada
Central (2) China
Beijing (2)
South America
São Paulo (3)
Announced Regions
Paris, Ningxia, Stockholm, Hong Kong
US govt cloud(US-East)

Account
Support
Support
Managed
Services
Professional
Services
Partner
Ecosystem
Training &
Certification
Solution
Architects
Account
Management
Security &
Pricing
ReportsTechnical
Acct.
Management
Marketplace
Business
Applications
DevOps
Tools
Business
Intelligence
Security
Networking
Database &
Storage
SaaS
Subscription
s
Operating
Systems
Mobile
Build, Test,
Monitor
Apps
Push
NotificationsBuild,
Deploy,
Manage
APIsDevice
Testing
Identity
Enterprise
Application
s
Document
Sharing
Email &
Calendaring
Hosted
Desktops
Application
Streaming
Backup
Game
Developme
nt
3D Game
Engine
Multi-player
Backends
Mgmt.
Tools
Monitoring
Auditing
Service
Catalog
Server
Managemen
t
Configuratio
n Tracking
Optimization
Resource
Templates
Automation
Analytics
Query Large
Data Sets
Elasticsearc
h
Business
Analytics
Hadoop/Spar
k
Real-time
Data
Streaming
Orchestratio
n Workflows
Managed
Search
Managed
ETL
Artificial
Intelligence
Voice & Text
Chatbots
Machine
Learning
Text-to-
Speech
Image
Analysis
IoT
Rules
Engine
Local
Compute and
Sync
Device
Shadows
Device
Gateway
Registry
Hybrid
Devices &
Edge
Systems
Data
Integration
Integrated
Networking
Resource
Managemen
t
VMware on
AWS
Identity
Federation
Migration
Application
Discovery
Application
Migration
Database
Migration
Server
Migration
Data
Migration
Infrastructure Regions
Availability
Zones
Points of
Presence
Compute Containers
Event-driven
Computing
Virtual
Machines
Simple
Servers
Auto Scaling Batch
Web
Applications
Storage
Object
Storage
Archive
Block
Storage
Managed
File Storage
Exabyte-
scale Data
Transport
Database MariaDB
Data
Warehousin
g
NoSQLAurora MySQL Oracle SQL ServerPostgreSQL
Application
Services
Transcoding
Step
Functions
Messaging
Security
Certificate
Managemen
t
Web App.
Firewall
Identity &
Access
Key Storage
&
Managemen
t
DDoS
Protection
Application
Analysis
Active
Directory
Dev Tools
Private Git
Repositories
Continuous
Delivery
Build, Test,
and Debug
Deployment
Networking
Isolated
Resources
Dedicated
Connections
Load
Balancing
Scalable
DNS
Global CDN
The
AWS
Platfor
m

What is VPC?
“Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically
isolated section of the Amazon Web Services (AWS) cloud where you can
launch AWS resources in a virtual network that you define’’.
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically
isolated section of the Amazon Web Services (AWS) cloud where you can
launch AWS resources in a virtual network that you define. You have
complete control over your virtual networking environment, including
selection of your own IP address range, creation of subnets, and
configuration of route tables and network gateways. You can use both
IPv4 and IPv6 in your VPC for secure and easy access to resources and
applications.”

Amazon VPC
Availability Zone
Virtual Private Cloud
AWS Cloud
Public Subnet
Internet
Availability Zone
Private Subnet
Availability Zone
VPN Only Subnet
Application Servers
Web Server Web Server
NAT
Corporate
Network
RR
Database Servers

Corporate Network
Internet
ISP 2
(BGP)
FIREWALL
Internet
ISP 1
Internet
ISP 3
OSPF
Router
Public IP
Router
BGP
Inside GRE Tunnels
Over IPSEC
FIREWALL
Internet
ISP 4
Internet
ISP 5
OSPF
.1
Wireless Controller
Backup GRE Tunnels
Router

Intro to AWS Direct Connect (DX)
• Offered since 2011
• Private connection, separate from Internet
• Consistent network experience
• Connect through one of 60 locations
• Each connection connects into 1 AWS Region
• Multiple options for each AWS Region

What is AWS Direct Connect?
“AWS Direct Connect makes it easy to establish a dedicated network
connection from your premises to AWS.
Using AWS Direct Connect, you can establish private connectivity
between AWS and your datacenter, office, or colocation environment,
which in many cases can reduce your network costs, increase
bandwidth throughput, and provide a more consistent network
experience than Internet-based connections.”

What is AWS Direct Connect?
Customer Data Center
AWS Cloud
1 Gbps
10 Gbps
Amazon SES Amazon Glacier
Elastic Beanstalk SQS
HDFS Amazon Redshift EC2
Direct
Connect
Co location

AWS Direct Connect
• Dedicated, private connection into AWS
• Create private (VPC) or public virtual interfaces to AWS
• Reduced data-out rates (data-in still free)
• Consistent network performance
• Option for redundant connections
• Multiple AWS accounts can share a connection
• Uses BGP to exchange routing information over a VLAN
• We have a unique setup in India where GPX DC is mapped
presently to Singapore as well as Mumbai region.
• Multiple “public” and ‘’Private’ ’virtual interfaces are allowed
from a single DX Connection

Oregon
N. California
AWS Direct Connect (DX) in the United States
SuperNAP
Equinix SE
CoreSite LA
N. Virginia
CoreSite NY
Equinix DC
CoreSite SV
OhioEquinix CH
QTS Chicago
Equinix DA
CoreSite VA
Equinix LA
Equinix SV
TierPoint
EdgeConneX
Pittock Block

Frankfurt
AWS Direct Connect (DX) in Europe and Asia Pacific
Digital RealtyEircom Interxion Frankfurt
Sydney
Ireland
Tokyo
Singapore
Equinix OS
Beijing
Equinix TY
Equinix FR
Equinix SY
Global Switch
Equinix SG
CIDS
Sinnet
Eqinix LDInterxion
Interxion Madrid
Interxion Stockholm
Equinix AM
Global Switch
Mumbai
GPXSify Rabale
Seoul
KINX
Telehouse

Why should use AWS direct connect
–Business benefits

Why use AWS Direct Connect?
Reduces your bandwidth
costs
• Consistent cost at
$0.045/ GB for data leaving
AP-South1(Mumbai) via GPX
(Mumbai) over Direct
Connect
• Internet Data Transfer cost is
$0.10.93/ GB up to 10TB
leaving AP-South1(Mumbai)
• Costs vary between regions.
• Prices examples ( 12th Aug
2016
$0.000
$0.050
$0.100
$0.150
First 10TB
Next 40TB
Next
100TB Next
350TB
Internet
Direct connect

• Consistent network performance
– With AWS Direct Connect, you choose the data that utilizes the
dedicated connection and how that data is routed. Doing so can
provide a more consistent network experience over Internet-based
connections.

• Elastic
– AWS Direct Connect makes it easy to meet your needs. AWS Direct Connect provides
private lines, and you can easily provision multiple connections if you need more
capacity.

Service Benefits - Summary
 Reduced Network Transfer Costs
 Improved Application Performance with
Predictable Metrics
 Transferring Large Data Sets
 Security and Compliance
 Hybrid Cloud Architectures
 Private Data Center Expansion
 Alternative to Internet based IPSEC VPN

Direct Connect -Current Available Locations(60)
AWS Direct
Connect
Where can I
“Direct Connect?”
https://aws.amazon.com/directconnect/details/

DX Partners Providing Service in APAC

AWS Direct connect (DX) locations in India
• GPX – Launched in January 2016.It connects to
AWS Singapore and Mumbai region.
• Sify Rabale, Navi Mumbai is the 2nd DX location
in India connecting to AWS Mumbai region. This
location went live on 6th September 2016.

DX Partners Providing Service in APAC
https://aws.amazon.com/directconnect/partners/

GPX DC Location in Mumbai
• GPX DC is located at Boomerang , Andheri East, Mumbai.
• Asia’s first and India’s only Uptime Institute design certified DC
service provider
• India’s most network-rich Data Center with an ecosystem
comprised of Telco’s (over 12 Telecom Service Providers of
India), ISP’s(25+), content service providers, hosting
companies, and cloud service providers

Sify India
Core
Global Core
Network
AWS Mumbai
Region
AWS Global Regions
Customer Office /
DC / VPN Network
• Australia
• Singapore
• Japan
• Germany
• UK
• Brazil
• US – 5 Cities
GCC Services to AWS Global Locations
is enabled Via a strategic Partnership
with Verizon .
Sify has Multiple Resilient NNIs with
Verizon to provide optimal reach for
customers in India to Almost all AWS
DX Regions Globally

‹#›
GLOBAL CONNECTIVITY
CONNECTIVITY TO AWS DIRECT CONNECT ACROSS CONTINENTS
Europe
Amsterdam x 3 London x 3
Frankfurt x 5 Paris x 2United States
Ashburn AWS
San Jose AWS
Just a cross connection away to cloud service providers through our
private connectivity solutions
APAC
Mumbai AWS
Singapore AWS
Tokyo AWS
Sydney AWS
Beijing AWS
Europe
Frankfurt AWS
London AWS
Dublin AWS

Other DX partners who are getting on-boarded
• Airtel
• Vodafone
• Spectranet
• Reliance –GCX(Global cloud exchange)
• Reliance Jio

Type of Direct Connect offerings
• Dedicated Full Port Connection–1G and 10G
• Hosted Interconnect – sub-1G speeds
(50,100,200,300,400,500Mbps) which is being
offered via a DX partner-GPX,TCL,
Airtel,Sify,Vodafone,GCX etc.

Why AWS DX services is an important service
• Only other option to get connected to AWS Singapore and AWS
Mumbai region apart from connections over IPSEC over VPN.
• Consistent latency that are required for certain applications.
• Real time data feeds.
• Working with large data sets.
• Help’s organization achieve compliance-One of the services that are
listed as part of PCI-DSS compliance and HIPPA compliant.
• Customers can start deploying higher capacity links due to lower
last mile cost.
https://aws.amazon.com/directconnect/faqs/

Archival and Backup
EU-West-1
Amazon S3
Amazon EMR
Premises
DX Facility
Amazon Redshift
Amazon
Glacier
Amazon
EC2

Big Data
EU-West-1
Amazon S3
Amazon EMR
Premises
DX Facility
Amazon Redshift
Amazon
Glacier
Amazon
EC2

Custom Appliances
EU-West-1
Amazon S3
Amazon EMR
Premises
DX Facility
Amazon Redshift
Amazon
Glacier
Amazon
EC2

Video and Voice
EU-West-1
Amazon S3
Amazon EMR
Premises
DX Facility
Amazon Redshift
Amazon
Glacier
Amazon
EC2

Other use cases
• DR in AWS–Primary DC is in-premise
• Group level access using multiple AWS ID- Eg:
enterprises accessing group ERP
• Migration to AWS India region from present
Singapore region.
• Media content delivery – Content aggregation
on AWS storage
• ERP and CRM access-SAP/Oracle and
Microsoft

Examples of Customers using Direct Connect
Connecting to Legacy
Infrastructure
Integration via Level3 for
Partners & Suppliers
VPC Separation and
dedicated connectivity
Remote Data Feeds Data Replication & HA

AWS Direct Connect
Letter of Authorization and Connecting Facility Assignment
Please consider this letter as notification for connecting facility assignment for the purpose of
establishing or augmenting connectivity between the parties identified above. This document authorizes
a connection to the ports indicated above. All charges for the physical connection are the sole
responsibility of company.
For location specific information on requesting a cross-connect, visit the "Requesting Cross-Connects"
section of the user guide:
http://docs.aws.amazon.com/DirectConnect/latest/UserGuide/Colocation.html
The requester(s) use of AWS services will be governed by the terms of the AWS Customer Agreement
(available at http://aws.amazon.com/agreement), or a separate agreement between the requester(s)
and AWS.
EXPIRATION NOTICE The authorized connectivity must be completed within 90 days of this LOA-CFA's
issue date or this LOA-CFA will expire.
* Amazon Corporate LLC is a subsidiary of Amazon.com, Inc.
Issue Date .
Oct 13, 2016
Issued By* .
Amazon Web Services Spain S.L.
Facility - Meet Me Room .
Interxion MAD2 – MAD2.211
Customer Demarcation/ZSide .
Rack: R77B1.R99B09
Patch Panel: PP2:SOUTH
Strands: 40818
Requested By .
Company requesting name
Issued To .
Interxion, Madrid, ESP
Connection ID ..
MAD50_Test
Optic and Connector Types ..
1000BASE-LX Single Mode Fiber (SMF)
Lucent Connector (LC)
Letter of Authorization and Connecting Facility Assignment
Please consider this letter as notification for connecting facility assignment for the purpose of
establishing or augmenting connectivity between the parties identified above. This document authorizes
a connection to the ports indicated above. All charges for the physical connection are the sole
responsibility of company.
For location specific information on requesting a cross-connect, visit the "Requesting Cross-Connects"
section of the user guide:
http://docs.aws.amazon.com/DirectConnect/latest/UserGuide/Colocation.html
The requester(s) use of AWS services will be governed by the terms of the AWS Customer Agreement
(available at http://aws.amazon.com/agreement), or a separate agreement between the requester(s)
and AWS.
EXPIRATION NOTICE The authorized connectivity must be completed within 90 days of this LOA-CFA's
issue date or this LOA-CFA will expire.
* Amazon Corporate LLC is a subsidiary of Amazon.com, Inc.
Issue Date .
Oct 13, 2016
Issued By* .
Amazon Web Services Spain S.L.
Facility - Meet Me Room .
Interxion MAD2 – MAD2.211
Customer Demarcation/ZSide .
Rack: R77B1.R99B09
Patch Panel: PP2:SOUTH
Strands: 40818
Requested By .
Company requesting name
Issued To .
Interxion, Madrid, ESP
Connection ID ..
MAD50_Test
Optic and Connector Types ..
1000BASE-LX Single Mode Fiber (SMF)
Lucent Connector (LC)
Letter of Authorization
and Connecting
Facility Assignment

Complete the Cross Connect
AWS will send you an email within 72 hours with a letter of authorization and
connecting facility assignment (LOA-CFA).

Ordering Process via a Partner
(50, 100, 200, 300, 400, 500Mb/s)

Partner ordering process
• Select your Partner from http://aws.amazon.com/directconnect/partners
• Order connectivity from your Partner to your environment at the appropriate bandwidth
• Provide your AWS Account number to the Partner
• The partner will install the relevant circuits/connectivity and then provision you a “Hosted
Port” capable of supporting a single “Virtual Interface” at the desired bandwidth.
• Multiple hosted ports can be provided – each at different bandwidths, each supporting a
single “Virtual Interface”

Accepting the Hosted Connection

Things to remember
• All DX locations are at 3rd party data centers, so
your customer has to work with /at least/ one
other company to connect to AWS
– Could be just the Data Center :
– Could be a Network Provider :
– Could be multiple Network Providers AND the Data Center

• A Virtual Interface is…
– Public If you want to use public services (S3, EC2 Classic, IPSEC
VPN etc..)
– Private if you want to use VPC
…..Things to remember

Customer Router Hardware Requirements
AWS Direct Connect requires layer 2 single
mode fiber, 1000BASE-LX (1310nm) for
Gigabit Ethernet, or 10GBASE-LR (1310nm)
for 10 Gigabit Ethernet.
Support 802.1Q VLANs across this
connection.
Support Border Gateway Protocol (BGP) and
BGP MD5 authentication.
Optional support for bidirectional Forwarding
Detection (BFD).

Appendix - Example Architectures

DX with Single Router Single Port
Private Virtual Interface 2
Public Virtual InterfacePublic Virtual Interface
Virtual Interface 1
Private
Virtual Interface 1
Direct Connect
Connection
VGW VPC 1 VGW VPC 2

DX with Single Router Dual Ports
Direct Connect
Connections
Interface 1
Private Virtual
Interface 1
VGW VPC 1 VGW VPC 2

DX with Dual Routers Dual Ports
Interface 1
Private Virtual
Interface 1
Direct Connect
Connections
VGW VPC 1 VGW VPC 2

Dual DX Locations with Single Routers
Private Virtual
Interface 1
Private Virtual
Interface 1
DX Physical
Connection
Interface 1
Private Virtual
Interface 1
Direct Connect
Connection
VGW VPC 1 VGW VPC 2

Dual DX Locations with Dual Routers
Direct Connect
Connections
Interface 1
Private Virtual
Interface 1
Direct Connect
Connections
Private Virtual
Interface 1
Private Virtual
Interface 1
VGW VPC 1 VGW VPC 2

VPC to VPC over Direct Connect

VPC to VPC over Direct Connect v2

Public and Private Virtual Interfaces
• 802.1Q VLAN
• eBGP Session
• Note: Max Prefixes on the AWS peer : 100
• Private Virtual Interface – Access to VPC
• Note: Not VPC Endpoints or transitive via VPC Peering
• Public Virtual Interface – Access to non-VPC Services

How to Delegate VI to Another Account.
Step 1.

Delegate Virtual Interface to Another Account.
Step 2.

1) Customer router in colo
CORP
Internet
AWS Direct
Connect
Routers
Customer
Router
Colocation
DX Location
`
VPC
VPC
VPC

2) Partner-built circuit
CORP
Internet
AWS Direct
Connect
Routers
DX Location
VPC
VPC
VPC

3) Service provider network
CORP
Internet
AWS Direct
Connect
Routers
DX Location
VPC
VPC
VPC

3) Service provider network
CORP
Internet
AWS Direct
Connect
Routers
DX Location
Service Provider
Network
VPC
VPC
VPC

DX physical connectivity considerations
AWS account that owns the DX port?
Adding/removing virtual interfaces?
Routing ownership?
End-to-end costs?

Direct Connect – physical connectivity
1) Customer presence in the same DX location
2) Circuit between customer data center and DX location
3) Service provider network extending to DX location

Customer’s AWS account, interface control, routing. Cost: port + data transfer

Same as #1; add circuit cost. Sub 1-Gig can create only 1 virtual interface

Same as #1; add circuit cost. Sub 1-Gig can create only 1 virtual interface
Depends on provider’s offering

Direct Connect cost considerations
Port hour + data transfer
Data in $0; data out differs by region
Factor in circuit costs
Calculate data center Internet costs (VPN)

Direct Connect (DX)
Cost
Performance
Flexibility
Resiliency
• 16 AWS regions, 60 POPs worldwide
• LOA provided within up to 72 hours
• Lead time of circuit build-out could take
weeks
• Port hours
• Data out transfer
• Service provider circuit / MPLS
• Colo cage (if applicable)
2 x DX in 2 locations + VPN
2 x DX in 2 separate locations
2 x DX in 1 DX location
DX + VPN
DX
• 1 Gbps or 10 Gbps ports
• 100, 200, 300, 400 or 500 Mbps
ports available through partners
• Equal-cost multipath via BGP means
2x10 G = 20 Gbps

• Thanks and have a nice day
– Krishnan Kannan : Kaykrish@amazon.com

AWS Direct Connect: Your dedicated network connection to AWS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AWS Direct Connect: Your dedicated network connection to AWS

Similar to AWS Direct Connect: Your dedicated network connection to AWS (20)

Recently uploaded

Recently uploaded (20)

AWS Direct Connect: Your dedicated network connection to AWS