AWS Direct Connect

Cloud connectivity guide: On Demand

Amazon Direct Connect

AWS Direct Connect provides private and reliable network connectivity to the AWS cloud across a dedicated private connection – allowing customers to bypass the public internet.

There are two Direct Connect offerings available via the Colt On Demand platform – hosted connections and dedicated ports.

Hosted connections enable dedicated layer 2 connectivity to the AWS cloud across existing interconnects between the Colt and AWS networks meaning that connectivity to the AWS cloud can be established immediately. Hosted connections are always based on a single BGP (IP) peering per connection.
Dedicated ports allow customers to establish multiple BGP peerings across the same AWS port. On Demand circuit connections can be established in near real time, but a physical cross connect is required between the AWS Direct Connect port and the Colt network.

Each peering is configured via the AWS Console to support one of the following AWS Virtual Interface types:

Private VIF – access to one or more Virtual Private Clouds, using private IP addresses

Public VIF – access to public AWS services (such as S3), using public IP addresses

Transit VIF – access to an AWS Transit Gateway

Transit VIFs require a bandwidth of 1Gbps or above. Transit VIFs are available across the majority of Colt’s Direct Connect PoP locations in Europe and Asia.

AWS handover Existing interconnect New port and fibre cross connect
Delivery experience Near real time, via On Demand automation Multiple days for physical fibre build
AWS bandwidths 50M – 10Gbps 1Gbps/10Gbps
BGP peering / Virtual Interface Single BGP peering / VIF per hosted connection Multiple BGP peerings / VIFs per port
Multiple VPC support via Direct Connect Gateway Yes Yes
AWS Transit Gateway support Yes (bandwidths of 1Gbps and above) Yes
Bandwidth changes on On Demand circuit (flexing, BW Boost, permenant upgrade) Yes – up to host connection speed (e.g. 1Gbps) Yes – up to dedicated port speed

Amazon Direct Connect hosted ports

To To create a new AWS hosted connection, customers will need their AWS account number, the AWS Region they wish to connect to (e.g. EU Ireland, EU London or EU Frankfurt), the AWS Direct Connect PoP and bandwidth.

Each AWS Direct Connect PoP is linked to a parent region (e.g. EU Dublin) – but customers can establish inter region connectivity via AWS’s Direct Connect Gateway feature. For example, a hosted port in Dublin can be used to connect to the EU Frankfurt region.

AWS support bandwidths between 50Mbps and 10Gbps on hosted connections. Please note that the AWS Transit Gateway feature is only supported on bandwidths of 1Gbps or greater.To enable this, customers must first create an AWS hosted port via the Colt On Demand platform. Hosted ports are handed over on a shared NNI and are available immediately after the incoming connection is accepted in the AWS console, after which the On Demand cloud port request is completed.

Connections to Amazon hosted ports

Connections to AWS hosted ports are based on a 1:1 circuit connection to hosted port mapping. The cloud B end configuration is always based on single 802.1Q VLAN* – this is automatically configured when the default “Cloud VLAN” option is selected. * The Ethertype is 8100, although this is not visible to customers

The standard VLAN modes apply at the customer A end port, which are summarised in the below table:

Application
Open port Circuit occupies whole A end port Port based handover, all traffic on the customer port is mapped to the AWS hosted port
Add VLAN Customer uses single tagged VLAN to map traffic to AWS VLAN added on egress, towards customer (in translation mode). VLAN can be S-VLAN (88a8) or C-VLAN (8100). Standard H&S config.

Amazon hosted configuration

The below diagram summarises the configuration.

AWS-Hosted-Configuration

Amazon Hosted Customer Journey

The customer journey to establish end to end connectivity to an AWS hosted port is illustrated below:

AWS Hosted Customer Journey

Amazon Direct Connect dedicated ports

AWS dedicated ports support multiple BGP peerings with AWS, each peering being based on a single AWS Virtual Interface (VIF) which can be configured to support a private, public or transit VIF.

Dedicated ports are the best AWS Direct Connect solution where a customer needs to establish multiple peerings with AWS at the same physical Direct Connect location.

AWS dedicated2

AWS dedicated ports (via cloud port page)

Customers will need to first request a dedicated port via the AWS subscription, taking care to select the correct AWS region and Direct Connect PoP. A Letter of Authority (LOA) is then generated within the AWS console which should be uploaded to the On Demand portal using the button provided.

*IMPORTANT – it is important that the customer selects the correct AWS region and Direct Connect PoP location within the AWS Console.*

Similar to hosted ports, each AWS Direct Connect PoP are linked to a primary region – but customers can now access multiple regions via AWS’s the Direct Connect Gateway feature.

1Gbps and 10Gbps dedicated ports are supported on the On Demand platform.

Once the request has been placed, Colt’s delivery team will arrange for the cross connect between the 1Gbps or 10Gbps Colt On Demand port and the Amazon router using the information provided within the LOA. The typical lead time for the cross connect is 10 working days.

Connections to AWS Direct Connect dedicated ports

AWS dedicated ports are based on a standard port model, which means that single or multiple circuit connections can be routed to a single AWS dedicated port.

Amazon only support 802.1Q VLANs, which means that customers are restricted to the C-VLAN option (i.e. an 8100 Ethertype) at the AWS end of the circuit Connection. AWS do not support QinQ VLAN tagging.

The standard port VLAN modes apply at the customer A end site.

Under the dedicated port model, Amazon do not impose any bandwidth on VLANs – they are dynamically scaled.

The following VLAN modes apply at the AWS B end (i.e. dedicated port end), summarised in the below table:

Application
Open port AWS dedicated port mapped to a single circuit connection Port based handover, all AWS VLANs are passed transparently across the Colt network to the B end port Customer is responsible for allocating VLANs via the AWS Console (Filter VLAN option at A end site not supported)
Filter VLAN AWS dedicated port is mapped to multiple circuit connections (1 VLAN/VPC per circuit) A single VLAN is filtered at ingress to the Colt network, supporting a single VPC against each circuit connection. Customer is responsible for allocating VLANs via the AWS Console (Open port option at A end site not supported)
Add VLAN AWS dedicated port is mapped to multiple circuit connections (1 VLAN/VPC per circuit) Allows multiple circuit connections, each circuit connection to a single AWS VLAN /VPC

Amazon dedicated port configuration

The below diagram summarises the configuration:

AWS dedicated 1

Amazon dedicated port customer journey

The customer journey to establish end to end connectivity to an AWS dedicated port is illustrated below. Note that the LOA must be requested for the correct AWS Region and AWS Direct Connect PoP associated with that region.

AWS Dedicated Ports Customer Journey

Amazon dedicated ports in Asia Pacific (and other locations)

Where an AWS location does not appear under the cloud port page (for example AWS locations in Asia Pacific, the USA and some European locations),  customers can request a standard On Demand port in the required data centre and request a standard cross connect via the OD portal.

Under this option, customers are required to attach the AWS LOA to the cross connect order when requested.

Unsure about network security?

If you want to connect to the cloud, but are concerned about your connection being a part of the public internet, why not try Dedicated Cloud Access, which brings all of the same functionality as a traditional cloud connect, but on a private connection.