How do I set up an Active/Active or Active/Passive Direct Connect connection to AWS from a private or transit virtual interface?

Last updated: 2021-05-12

How do I set up an Active/Active or Active/Passive AWS Direct Connect connection to AWS from a private or transit virtual interface?

Resolution

Scenarios with connections in the same Region

Scenario 1:

  • Both connections are in the same Region and same colocation.
  • The same prefixes are advertised with the same Border Gateway Protocol (BGP) attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections.

Scenario 2:

  • Both connections are in the same Region but in different colocations facilities.
  • The same prefixes are advertised with the same BGP attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from AWS to the on-premises location might not be load balanced.

Scenarios with connections in different Regions

Scenario 1:

  • Connection A (virtual interface VIF-A) is in Region 1.
  • Connection B (virtual interface VIF-B) is in Region 2.
  • Both virtual interfaces connect to a virtual private cloud (VPC) in Region 1 using a Direct Connect gateway.
  • Both virtual interfaces advertise the same prefixes with the same BGP attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from the VPC to the on-premises location prefers connection A because it's in the same Region as the VPC.

Scenario 2:

  • Connection A (virtual interface VIF-A) is in Region 1.
  • Connection B (virtual interface VIF-B) is in Region 2.
  • Both virtual interfaces connect to a VPC in Region 3 using a Direct Connect gateway.
  • Both virtual interfaces advertise the same prefixes with the same BGP attributes (such as AS Path and MED) from the on-premises location.

Egress traffic from AWS to the on-premises location is load balance based on flow (Active/Active) across both Direct Connect connections.

Methods for more predictable routing

For more predictable routing than what's possible in the scenarios previously described, use the following methods.

For Active/Passive configuration of Direct Connect connections:

  • Apply the local preference BGP community tag. Set a higher preference to the advertised prefixes for the primary or active connection. Then, set a medium or lower preference for the passive connection.
  • AS Path prepend using a shorter AS path on the active connection and a longer AS path on the passive connection.
    Note: AS Path prepending can't be used to configure Active/Passive connections in environments similar to scenario 1 of "Scenarios with connections in different Regions".
  • Advertise the most specific route using BGP on the active connection.

For Active/Active configuration of Direct Connect connections, advertise the prefixes on both Direct Connect connections with the same local preference BGP community tag.


Did this article help?


Do you need billing or technical support?