I recently wrote about the AWS Direct Connect Gateway. The AWS Direct Connect Gateway is a new addition to the AWS connectivity space, which already includes AWS Direct Connect and a Managed VPN service. In this blog post we will explore all three and take a look at the different use-cases that they are aimed at.
AWS Direct Connect
AWS Direct Connect is a service aimed at allowing enterprise customers easy access to their AWS environment. Enterprises can leverage the AWS Direct Connect to establish private connectivity to the AWS global network from their data centers, office locations or co-location environments.
AWS Direct Connect supports two bandwidth levels: 1 G and 10 G. higher bandwidth levels can be provisioned by having multiple 10 G interfaces connected in tandem.
Lower bandwidth levels of 50 M, 100 M, 200 M, 300 M, 400 M and 500 M can only be provisioned through an AWS partner supporting AWS Direct Connect.
There are two aspects of Direct Connect pricing: the per hour port fee and the data transfer pricing. Port fees depend on the port speed selected.
Data transfer pricing is split into two heads: data transfer in and data transfer out. Data transfer in is free in for all port fees and direct connect locations.
Data transfer out is priced differently depending on AWS region and the direct connect location. Case in point data transfer out from us east-1 to CoreSite DE1, Denver, CO is priced at $0.020/GB, where as data transfer out from AWS Singapore to the same site is prices at $0.090/GB.
AWS Direct Connect can be used as a replacement for a VPN connection over the public internet, to connect customer networks with AWS. The Direct Connect is likely to provide a more reliable level of performance however it is significantly more expensive as compared to a VPN.
As mentioned earlier, VPNs can also be leveraged to connect on-premise networks or office locations with AWS. VPNs on AWS come in three flavours: hardware only, software only and a mix of hardware/software.
The hardware only VPN uses a hardware VPN device to connect the virtual private gateway on the AWS end to a customer VPN gateway on the customers end, via IPsec VPN tuneels.
Hardware only VPNs include both the AWS managed AWS VPN solution and the AWS VPN CloudHub. The AWS managed VPN solution can be deployed inc cases where there is only one customer network to be connected to.
Cloudhub comes into play where multiple networks have to be connected to AWS. CloudHub is arranged in a classic hub and spoke topology where all traffic flows through a central hub VPC.
The managed VPN solution is charged on the basis of VPN connection hours. A VPN connection hour counts as every hour that the VPN connection is up and running. Each VPN connection hour is charged at $0.05. this holds true for all AWS regions except the Tokyo region which is priced at $0.048.
Software only VPNs can also be provisioned to manage both ends of the VPN network. VPN appliances that run on EC2 instances are used to create VPN connections between the remote network and the AWS VPC.
AWS VPN while being a lower cost option for connectivity between AWS and on-premise networks, can be limited by the amount of bandwidth it can pass.
AWS Direct Connect Gateway
AWS Direct Connect gateway is a relatively new service from AWS. Direct Connect allowed AWS users to connect their on-premise infrastructure to AWS. However connecting from a single Direct Connect location to multiple AWS VPCs wasn’t so straight forward.
AWS Direct Connect gateway is aimed at making it easier to connect from a single Direct Connect location to multiple AWS regions or VPCs.
The Direct Connect Gateway is connected to multiple AWS VPCs in different AWS regions via Virtual private Gateways. The Direct Connect Gateway is in turn connected to the Direct Connect via a virtual private interface. This allows multiple VPCs to be connected to the customer network via one virtual private interface.
Looking to directly connect VPCs in different AWS regions? Download the Managed VPN whitepaper to learn how to deploy IPsec VPN connectivity between VPCs in different AWS regions