Getting started with AWS Direct Connect
AWS Direct Connect provides direct Layer 3 network connectivity to the AWS global network. With the help of partner-provided colocation facilities — also called Direct Connect locations — you can establish connections to all AWS Regions,* AWS Local Zones, and other Direct Connect locations.**
Direct Connect connections don’t use the public internet. Instead, they provide direct connections that can provide greater reliability, faster and more consistent speeds, and higher security.
Key concepts
- Direct Connect creates Layer 3 network connectivity between your on-premises network and the AWS global network through a connectivity provider partner. Partner offerings include various connectivity types at OSI Layer 1 through Layer 3, including dark fiber, wavelength, metro Ethernet, or MPLS.
- All Direct Connect locations* connect to all AWS Regions,* including AWS GovCloud, AWS Local Zones, and other Direct Connect locations.**
- Dynamic routing is done using the industry-standard Border Gateway Protocol (BGP).
- You must review and select a resiliency option to ensure you use the right approach for your resiliency needs. The option you choose affects your connection uptime Service Level Agreement (SLA).
Connectivity is provided using a cross connect between a device owned by AWS and either a customer- or partner-owned device.
If you are connecting from your premises, you can work with an AWS Partner supporting Direct Connect or a network carrier of your choice. AWS does not establish cross connects on your behalf. If you work with an AWS Direct Connect partner to establish a dedicated physical connection to an AWS Direct Connect location, you need to provide the Letter of Authorization – Connecting Facility Assignment (LOA–CFA) to that partner to act on your behalf.
AWS Direct Connect partners have passed additional validation from the AWS Service Delivery Program and are ready to help you access AWS Direct Connect. If you engaged a non-partner network provider you will either need them to contract with the facilities provider so that they can act on your behalf, or you will need to contract directly with the facilities provider to request the cross connect.
If you already have equipment located in the AWS Direct Connect location, you will need to contact the facilities provider to complete the cross connect. AWS equipment within an AWS Direct Connect location is located within a cage exclusive to AWS. Connections within the facility are made using a cross connect. As a security measure, no equipment from outside AWS is allowed in the AWS cage.
As you deploy, there are two choices to make. First, you must choose a physical connection type. Options are:
- Dedicated connection: Exclusive access to the cross connect, offering bandwidth options of 1 Gbps, 10 Gbps, 100 Gbps and 400 Gbps (depending on what is available at your Direct Connect location). Creation of multiple logical virtual interfaces per physical connection is possible, as well as use of MACsec (IEEE 802.1AE) encryption at select Direct Connect locations.
- Hosted connection: Shared access to the cross connect with guaranteed bandwidth of 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps,*** 2 Gbps,*** 5 Gbps,*** 10 Gbps and *** 25 Gbps.
Next, you must choose a virtual connection type:
- Transit virtual interface: A transit virtual interface should be used to access one or more AWS Transit Gateways associated with Direct Connect gateways. You can use transit virtual interfaces with any AWS Direct Connect dedicated or hosted connection of any speed.
- Public virtual interface: A public virtual interface can access AWS public services using public IP addresses.
- Private virtual interface: A private virtual interface should be used to access an Amazon VPC using private IP addresses.
* Except China
** Available at select AWS Direct Connect locations
*** These capacities are available from select AWS Direct Connect Partners
Step 1: Select your Direct Connect locations
Decide on your AWS Direct Connect locations, how many connections you would like to use, and the port size. Multiple ports can be simultaneously used for increased bandwidth or redundancy.
Step 2: Choose your physical connection type
Choose between a dedicated connection or a hosted connection. A dedicated connection provides you exclusive access to the cross connect and offers multiple virtual interfaces. With a hosted connection, partners share the cross connect with multiple customers and provide only a single virtual interface.
Step 3: Set up your logical virtual interfaces
Set up one or multiple logical virtual interfaces (VIF) over your physical connection:
- Transit virtual interfaces provide access to one or more AWS Transit Gateways.
- Public virtual interfaces allow access to AWS public services using public IP addresses.
- Private virtual interfaces provide access to Amazon VPC using private IP addresses.