AWS Direct Connect

Cloud connectivity guide: On Demand

Amazon Web Services Direct Connect

AWS Direct Connect provides private and reliable network connectivity to the AWS cloud across a dedicated private connection – allowing customers to bypass the public internet.

There are two Direct Connect offerings available via the Colt On Demand platform – hosted connections and dedicated ports.

Hosted connections enable dedicated layer 2 connectivity to the AWS cloud across existing interconnects between the Colt and AWS networks meaning that connectivity to the AWS cloud can be established immediately. Hosted connections are always based on a single BGP (IP) peering per connection.
Dedicated ports allow customers to establish multiple BGP peerings across the same AWS port. On Demand circuit connections can be established in near real time, but a physical cross connect is required between the AWS Direct Connect dedicated port and the Colt network.

Each peering is configured via the AWS Console to support one of the following AWS Virtual Interface types:

Private VIF – access to one or more Virtual Private Clouds, using private IP addresses

Public VIF – access to public AWS services (such as S3), using public IP addresses

Transit VIF – access to an AWS Transit Gateway

Transit VIFs are available across the majority of Colt’s Direct Connect PoP locations in Europe and Asia.

AWS handover Existing interconnect New port and fibre cross connect
Delivery experience Near real time, via On Demand automation Multiple days for physical fibre build
AWS bandwidths 50Mbps – 10Gbps 1Gbps/10Gbps
BGP peering / Virtual Interface Single BGP peering / VIF per hosted connection Multiple BGP peerings / VIFs per port
Multiple VPC support via Direct Connect Gateway Yes Yes
AWS Transit Gateway support Yes Yes
Bandwidth changes on On Demand circuit (flexing, BW Boost, permenant upgrade) Yes – up to host connection speed (e.g. 1Gbps) Yes – up to dedicated port speed

AWS Direct Connect hosted ports

To create a new AWS Direct Connect hosted connection, customers will need their AWS account number, the AWS Region they wish to connect to (e.g. EU Ireland, EU London or EU Frankfurt), the AWS Direct Connect PoP and bandwidth.

Each AWS Direct Connect PoP is linked to a parent region (e.g. EU Dublin) – but customers can establish inter region connectivity via AWS’s Direct Connect Gateway feature. For example, a hosted port in Dublin can be used to connect to the EU Frankfurt region.

AWS Direct Connect supports bandwidths between 50Mbps and 10Gbps on hosted connections. To enable this, customers must first create an AWS Direct Connect hosted port via the Colt On Demand platform. Hosted ports are handed over on a shared NNI and are available immediately after the incoming connection is accepted in the AWS console, after which the On Demand cloud port request is completed.

Connections to AWS Direct Connect hosted ports

Connections to AWS Direct Connect hosted ports are based on a 1:1 circuit connection to hosted port mapping. The cloud B end configuration is always based on single 802.1Q VLAN* – this is automatically configured when the default “Cloud VLAN” option is selected. * The Ethertype is 8100, although this is not visible to customers

The standard VLAN modes apply at the customer A end port, which are summarised in the below table:

Application
Open port Circuit occupies whole A end port Port based handover, all traffic on the customer port is mapped to the AWS hosted port
Add VLAN Customer uses single tagged VLAN to map traffic to AWS VLAN added on egress, towards customer (in translation mode). VLAN can be S-VLAN (88a8) or C-VLAN (8100). Standard H&S config.

AWS Direct Connect hosted configuration

The below diagram summarises the configuration.

The Colt On Demand connection provides layer 2 (Ethernet) connectivity between the A end customer premises and the B end cloud PoP. The customer is responsible for establishing layer 3 peering between their on-premises router and the AWS cloud.

Each hosted port supports a SINGLE BGP peering. Multiple peerings require multiple hosted ports.

AWS e-e

AWS Direct Connect Hosted Customer Journey

The customer journey to establish end to end connectivity to an AWS hosted port is illustrated below:

AWS steps

AWS Direct Connect dedicated ports

AWS dedicated ports support multiple BGP peerings with AWS, each peering being based on a single AWS Virtual Interface (VIF) which can be configured to support a private, public or transit VIF.

Dedicated ports are the best AWS Direct Connect solution where a customer needs to establish multiple peerings with AWS at the same physical Direct Connect location.

AWS dedicated ports (via cloud port page)

Customers will need to first request a dedicated port via the AWS subscription, taking care to select the correct AWS region and Direct Connect PoP. A Letter of Authority (LOA) is then generated within the AWS console which should be uploaded to the On Demand portal using the button provided.

*IMPORTANT – it is important that the customer selects the correct AWS region and Direct Connect PoP location within the AWS Console.*

Similar to hosted ports, each AWS Direct Connect PoP are linked to a primary region – but customers can now access multiple regions via the AWS Direct Connect Gateway feature.

1Gbps, 10Gbps & 100Gbps dedicated ports are supported on the On Demand platform.

Once the request has been placed, Colt’s delivery team will arrange for the cross connect between the 1/10/100Gbps Colt On Demand port and the AWS router using the information provided within the LOA. The typical lead time for the cross connect is 5 working days.

Connections to AWS Direct Connect dedicated ports

AWS Direct Connect dedicated ports are based on a standard port model, which means that single or multiple circuit connections can be routed to a single AWS dedicated port.

AWS only support 802.1Q VLANs, which means that customers are restricted to the C-VLAN option (i.e. an 8100 Ethertype) at the AWS end of the circuit Connection. AWS do not support QinQ VLAN tagging.

The standard port VLAN modes apply at the customer A end site.

Under the dedicated port model, AWS do not impose any bandwidth on VLANs – they are dynamically scaled.

The following VLAN modes apply at the AWS B end (i.e. dedicated port end), summarised in the below table:

Application
Open port AWS dedicated port mapped to a single circuit connection Port based handover, all AWS VLANs are passed transparently across the Colt network to the B end port Customer is responsible for allocating VLANs via the AWS Console (Filter VLAN option at A end site not supported)
Filter VLAN AWS dedicated port is mapped to multiple circuit connections (1 VLAN/VPC per circuit) A single VLAN is filtered at ingress to the Colt network, supporting a single VPC against each circuit connection. Customer is responsible for allocating VLANs via the AWS Console (Open port option at A end site not supported)
Add VLAN AWS dedicated port is mapped to multiple circuit connections (1 VLAN/VPC per circuit) Allows multiple circuit connections, each circuit connection to a single AWS VLAN /VPC

AWS Direct Connect dedicated port configuration

The below diagram summarises the configuration. Each On Demand circuit connection can be configured to support multiple AWS peerings, by setting the A and B ends to "Open Port" mode (transparent) and configuring multiple 802.1Q VLANs on the customer router and AWS cloud - each VLAN mapped to a single layer 3 / BGP peering:

AWS e-e dedicated

Dedicated ports can also be configured to support multiple circuit connections, each assigned a single VLAN on the dedicated cloud port at the B end cloud PoP location.

AWS Direct Connect dedicated port customer journey

The customer journey to establish end to end connectivity to an AWS dedicated port is illustrated below. Note that the LOA must be requested for the correct AWS Region and AWS Direct Connect PoP associated with that region.

AWS steps dedicated

Unsure about network security?

If you want to connect to the cloud, but are concerned about your connection being a part of the public internet, why not try Dedicated Cloud Access, which brings all of the same functionality as a traditional cloud connect, but on a private connection.

GC1-Home-Landing Page-01
Want to learn more about On Demand?
A guide to On Demand

Colt On Demand supports point to point connections between data centres and enterprise offices, private connections to the public cloud and internet connectivity. Visit the On Demand solution page to discover more about On Demand and how it can help you find the right pathway for your business.