Ref: https://learn.cantrill.io/courses/1820301/lectures/42307217

• Summary:
• Contents:

DX - Basic Concepts

• 🔧  Physical connection into an AWS region
  • Physical → standard Ethernet fiber-optic cable (currently 1, 10 or 100Gbps)
• Connection: Business premises → DX location → AWS region (see architecture diagram)
  • 💡 DX location = intermediate location, usually regional large data center
• 🔧 1 DX connection = 1 NW port allocation in DX router at DX location
  • ‼️ AWS doesn't connect anything for you!
    • AWS just gives you an allocated & authorized physical port, up to you how to connect to it! (directly, via 3rd-party comms provider…)
  • Billing: DX port hourly cost & AWS-outbound data transfer (inbound data is free)
• Features
  • Provisioning time includes:
    • Time for AWS to allocate port
    • Time to connect to port at DX location
    • Time to connect business NW to DX location (if not connected already)
    • …💡 Can take weeks or months to lay down cables → slow provisioning!
  • Cables → no built-in resilience → System goes down easily if cable gets cut!
    • If desired, must design resilience with multiple DX connections
  • High performance: low & consistent latency + high speeds
    • Unlike VPN, no data transit across internet
    • No built-in encryption → no encryption overhead
  • Creates Virtual Interfaces (VIFs)
    • Transit VIFs → Integration with Transit GW
    • Public VIFs → Access AWS public services (SQS, S3…)
    • Private VIFs → Access AWS private services in VPCs (EC2/RDS instances…)
      • ❗ They connect into VGWs attached to VPCs
    • ‼️ NO INTERNET access!! → internet access requires proxy/other NW appliance

DX - Architecture

Diagram: https://github.com/acantril/aws-sa-associate-saac03/blob/main/1900-HYBRID_ENVIRONMENTS_AND_MIGRATION/00_LEARNINGAIDS/DirectConnect-1.png

• Business on-prem router must be DX-capable router
• DX location = (usually) regional large data center (DC), i.e. major metro DC
  • ‼️ NOT an AWS-owned building!! Other businesses share this space!
    • AWS just rents some space (where it places AWS DX routers)
  • If customer is large organization, might rent actual space here → Customer DX router
  • If customer is smaller organization, might have to connect with 3rd-party communications partner → Partner DX router
  • 🔧 Once port is allocated, customer must physically connect AWS DX router with Customer/Partner DX router at DX location! → Cross-connect
    • MACsec Cross-connect → single L2 (datalink) connection (single hop)
    • Customer/Partner DX router then connects to business on-prem router directly
• AWS region connected with multiple resilient high-speed NW connections to DX locations
  • ❗ AWS region IS owned by AWS (AWS-owned infrastructure)
  • AWS region could be (or not) in same facilities as DX location