AWS Partner Network (APN) Blog
East-West traffic routing between AWS Local Zones using Megaport’s Network-as-a-Service (NaaS)
By Harsha Sanku, Senior Solutions Architect – Amazon Web Services
Leonardo Solano, Principal Solutions Architect – Amazon Web Services
Kevin Dresser, Solutions Architect Strategic Alliances – Megaport
As more customers adopt AWS Local Zones, east-west network traffic routing between different AWS Local Zones has become a common topic for customers seeking resiliency similar to multi-availability zone (AZ) deployments. Using Megaport’s Network-as-a-Service (NaaS) can enable this.
AWS Local Zones are a type of infrastructure deployment that places compute, storage, database, and other select AWS services closer to large population and industry centers. In December 2019, AWS announced the launch of Local Zones in Los Angeles, California. Over time, Local Zones expanded to other metropolitan areas in the United States and around the world.
In June 2022, AWS announced AWS Direct Connect (DX) support for all AWS Local Zones in the United States. AWS DX support for Local Zones enables network traffic to take the shortest path between AWS DX points of presence (PoPs) and Local Zones, helping to deliver applications that require single-digit millisecond latency to reach end-users or on-premises resources more efficiently.
Customers in a metropolitan area can access compute, storage, database, and other select AWS services from the nearest AWS Local Zone that meets their latency requirements. As AWS Global Infrastructure continues to expand with Local Zones, customers with latency-sensitive applications can design and deploy highly available architectures running between two different Local Zones.
Network connectivity patterns between two Local Zones in the same metropolitan area can differ. The two Local Zones in Los Angeles are not only connected to the parent region but also interconnected with each other, enabling customers to design failover solutions between them. In contrast, other Local Zones in the same metropolitan areas are solely connected to the respective parent region and do not interconnect with one another.
Designing workloads for high availability using two Local Zones that are not interconnected with each other can introduce additional latency, as traffic must route through the parent Region of the Local Zones. However, east-west traffic routing between the Local Zones can be facilitated using a third-party network solution from Megaport.
Megaport is an AWS Networking Competency Partner and a network-as-a-service (NaaS) provider, transforming how businesses connect to the AWS Cloud. Megaport is also the first AWS Direct Connect delivery partner to receive the AWS Outposts Ready specialization. In an earlier blog, Integrating Edge Solutions with AWS Outposts Rack, AWS Local Zones, and Megaport, we discussed architectural patterns for interconnecting an AWS Local Zones and an Outposts rack for an east-west network path.
This blog post will discuss designing and implementing an east-west network path between two Local Zones using a Megaport Cloud Router (MCR). The MCR enables customers to create highly available architectures for their latency-sensitive applications by routing traffic between two Local Zones without having to traverse through the parent region.
Optimizing east-west traffic between AWS Local Zones using Megaport
Megaport offers advanced connectivity options for hybrid cloud environments, facilitating global access to AWS Cloud services. It also offers a co-location solution for AWS Outposts, enabling customers to deploy an AWS Outposts rack in a Megaport location. Customers have access to over 100 data center operators and more than 800 locations globally.
This solution focuses on two Megaport networking services: Megaport Cloud Router (MCR) and Virtual Cross Connects (VXC).
MCR is a virtual routing platform that offers managed layer 3 connectivity over the Megaport private network. It enables customers to connect services at the cloud edge without needing customer edge (CE) router hardware, allowing routing between cloud environments without tromboning or hairpinning traffic back to on-premises environments.
Virtual Cross Connects (VXCs) are layer 2 virtual Ethernet connections that offer private, flexible, and on-demand connections between any location on the Megaport network. Customers can scale Direct Connect bandwidth from 1 Mbps to 10 Gbps, allowing them to tailor their network to their specific requirements. The integration of Application Programming Interface (API) between AWS and Megaport, along with pre-deployed AWS Peering and Interconnect infrastructure at more than 55 locations globally, enables customers to configure and deploy Megaport VXCs that enable AWS Direct Connect Hosted or Dedicated connections in just minutes.
An MCR should be deployed in a Megaport point of presence (PoP) close to both Local Zones to create an east-west traffic path between them. Additionally, two independent VXCs should be deployed, each linked to the DX gateway assigned to its respective Local Zone. The MCR serves as the central hub, directing traffic between the Local Zones through the VXCs, DX Private virtual interfaces (VIFs), and DX gateways. The use of separate DX gateways allows for unique Border Gateway Protocol (BGP) Autonomous System Number (ASN) to be defined for each Local Zone, enabling the deployment of BGP prefixes from the CIDRs of the VPCs in each Local Zone. Furthermore, Message Digest 5 (MD5) authentication can be enabled between two eBGP neighbors to enhance security.
Figure 1 illustrates the east-west connectivity between the subnets in the Dallas and Houston Local Zones using Megaport’s NaaS services that include Megaport Cloud Router (MCR) and Virtual Cross Connects (VCXs).
Figure 1: Enabling east-west traffic between Local Zones using Megaport.
Critical design considerations for connecting the Dallas and Houston Local Zones, as shown in Figure 1, include:
- Deploying an MCR in Equinix DA1 Dallas or other Megaport MCR-enabled locations in the Dallas metro area, including Cologix, CyrusOne, or Digital Realty, that is adjacent to your Local Zones.
- For redundancy, dual MCRs many be used for resilient east-west network connectivity.
- Ensure a Megaport VCX is deployed in both Dallas and Houston, providing AWS Private VIF connections via the respective DX gateways, which are associated with the Virtual Private Gateway’s (VGW) VPC. Also consider enabling encryption in transit for these VXCs.
- The MCR will act as a BGP neighbor and establish peering with each DX gateway over the respective DX Private VIFs.
- This setup enables a low-latency east-west path between both the Local Zones, reducing round-trip latency by 10x, from 80ms to 8ms, compared to routing through the Local Zone’s parent region, us-east-1 in this case in North Virginia.
Ordering and Deployment
Megaport services required for this solution can be ordered and deployed on demand via the Megaport self-service portal. . Understanding throughput requirements is essential when creating an MCR or deploying VXCs, as large data transfers may require higher bandwidth. An MCR can be deployed in one of four tiers: 1 Gbps, 2.5 Gbps, 5 Gbps, and 10 Gbps. Multiple MCRs can be deployed to increase the aggregate throughput or to enable path diversity and redundancy. The MCR should be deployed first, followed by the VXCs.
After deploying the MCR, on-demand VXC connections can be created through the Megaport portal. Creating a VXC requires an AWS Account ID, a DX gateway (with a unique BGP ASN) associated with a Virtual Gateway (VGW), which is associated with the Local Zone’s VPC. The closest MCR-enabled AWS DX location to the Local Zone(s) should be selected, with the bandwidth for the VXC aligned with the deployed MCR’s throughput.
Initiating VXC deployment from the Megaport portal provisions a new Direct Connect connection, which must be accepted in the AWS Direct Connect console. A Private VIF should then be created and associated with a DX gateway, followed by BGP configuration to establish peering between the DX gateway and the Megaport MCR. For detailed instructions, refer to the tutorial on creating a hosted connection.
Once setup is complete, Megaport’s Alice tool can validate advertised IP Prefixes, BGP Peers, and ASNs through the Megaport’s ‘looking glass’ feature. The routes learned from each Local Zone VPC can subsequently be viewed in the MCR route tables.
Conclusion
Local Zones enable customers to leverage essential cloud services, such as compute, storage, database, and other select AWS services at the edge. This allows them to run applications that require single-digit millisecond latency to reach on-premises resources efficiently
A high-performance east-west network connectivity between two AWS Local Zones can be established using Megaport’s MCR and VXC services. The east-west connectivity enables customers to design and deploy resilient architectures to address high availability and business continuity use cases. Megaport’s integration with AWS Cloud enables on-premises, co-location facilities, and data centers to establish connectivity to Amazon VPCs via AWS Direct Connect in just a few minutes. Megaport’s MCR capabilities are available in 26 countries, in major metro locations closer to AWS Direct Connect locations.
AWS and Megaport have partnered to provide various hybrid edge connectivity solutions leveraging Megaport’s NaaS services to connect AWS Outposts and AWS Local Zones to data centers.
Megaport’s connectivity specialists offer design and support services to AWS users globally. Contact Megaport to optimize your AWS setup.
Megaport – AWS Partner Spotlight
Megaport is an AWS Competency Partner and global network as a service provider, transforming the way businesses connect to the AWS Cloud.