AWS recently announced the Direct Connect Gateway. It is a super useful service aimed at making it easier to set up dedicated connectivity between Direct Connect and globally distributed VPCs. Below we take a look at what it is and what you can do with it.
1. What is AWS Direct Connect Gateway?
AWS Direct Connect Gateway is a service built on top of the AWS Direct Connect. It allows AWS Direct Connect users to connect multiple VPCs in the same or different AWS regions to their Direct Connect connection.
2. Why did AWS launch the Direct Connect Gateway?
AWS Direct Connect was born out of the need for establishing dedicated connectivity to AWS from on-premise or enterprise data centres.
However, connecting from a single Direct Connect location to multiple AWS regions wasn’t so straightforward.
The Direct Connect Gateway makes this easier and reduces management over head in the process.
3. What does the Direct Connect Gateway do?
With the AWS Direct Connect Gateway creating connections from a single Direct Connect to multiple VPCs in different AWS regions is pretty straight forward.
4. How does the Direct Connect Gateway work?
The Direct Connect Gateway sits between the Direct Connect locations and customer VPCs.
VPCs distributed across regions are connected to the Direct Connect Gateway via a Virtual private Gateway.
Direct Connect Gateways are in turn connected to AWS Direct Connect connection over a virtual private interface.
5. How is it different to Direct Connect?
Before the introduction of the AWS DirectConnect Gateway AWS users could only provision local VIFs. This meant that there was no way to connect multiple AWS regions or VPCs to a remote Direct Connect connection.
Connecting multiple AWS VPCs to the same Direct Connect Gateway becomes possible with the AWS Direct Connect Gateway. The Direct Connect Gateway can be connected to multiple VGWs at the same time. It also connects to the AWS Direct Connect through a single Virtual Private Interface.
What had to be done with multiple VIFs before, can now be done using a single VIF, with the AWS Direct Connect Gateway.
As Jeff Bar points out in this blog post, this leads to significant reductions in administrative overhead as well as reducing the load on network devices.
6. What can I not do with the AWS Direct Connect Gateway?
With this new announcement AWS has made it super easy to setup connectivity between both local and remote VPCs and the Direct Connect. However, considering that this is the first iteration of the product it still has some shortcomings:
- The AWS DirectConnect Gateway cannot be used to connect to a VPC in China.
- It does not support connections to VPCs in other AWS accounts.
- Direct VPC to VPC communication is also not possible.
- This is also true for direct VIF to VIF communication.
- The Direct Connect Gateway only allows communication between VGWs and VIFs. In the picture below the red lines represent communication which is not allowed via the Direct Connect Gateway.
7. How can I setup direct VPC to VPC communication across AWS regions?
Want to setup a full-mesh or Transit VPC network on AWS? Sign-up today and get started in 5 minutes.