Configuring Physical Network Requirements for AWS Hybrid Connectivity

This guide covers the essential Layer 1 and Layer 2 requirements for establishing robust, high-performance physical connections between on-premises environments and the AWS Cloud, primarily focusing on AWS Direct Connect (DX) and physical redundancy.

Learning Objectives

After studying this guide, you should be able to:

• Identify the physical hardware requirements (Layer 1) for AWS Direct Connect.
• Explain the Letter of Authorization - Connecting Facility Assignment (LOA-CFA) process.
• Configure Layer 2 settings including VLANs and Link Aggregation Groups (LAG).
• Determine the appropriate Maximum Transmission Unit (MTU) for hybrid traffic.
• Differentiate between Dedicated and Hosted connection models.

Key Terms & Glossary

• LOA-CFA: Letter of Authorization - Connecting Facility Assignment. A document provided by AWS that gives you permission to connect your equipment to the AWS port in a colocation facility.
• Colocation Facility: A third-party data center (e.g., Equinix) where AWS has hardware to facilitate Direct Connect.
• Cross-connect: The physical fiber cable connecting your router to the AWS router within the colocation facility.
• VIF (Virtual Interface): A logical configuration required to access AWS services (Public, Private, or Transit).
• ASN (Autonomous System Number): A unique identifier for a network used in BGP routing. AWS uses 64512–65534 for private ASNs.
• 802.1Q: The networking standard that supports Virtual LANs (VLANs) on an Ethernet network.

The "Big Idea"

Hybrid connectivity is not just about software; it starts with physics. To achieve the low latency and consistent throughput required for enterprise workloads, AWS allows you to bypass the public internet. This requires a formal physical handoff in a neutral data center, effectively making the AWS backbone a high-speed extension of your private local area network (LAN).

Formula / Concept Box

Hierarchical Outline

1. Physical Layer (Layer 1)
   • Colocation: Selecting a Direct Connect location.
   • Ordering: Requesting a connection via the AWS Console.
   • Provisioning: Receiving and providing the LOA-CFA to the facility provider.
2. Data Link Layer (Layer 2)
   • VLANs: Creating Virtual Interfaces (VIFs) to segment traffic.
   • LAG (Link Aggregation): Combining multiple physical ports for higher bandwidth and failover.
   • CDP/LLDP: Disabling these protocols on the customer-side router (unsupported by AWS).
3. Logical Layer (Layer 3 Readiness)
   • BGP Peering: Configuring the ASN and MD5 authentication key.
   • IP Addressing: Assigning /30 or /31 subnets for the peering point.

Visual Anchors

The Direct Connect Provisioning Workflow

Physical Connection Architecture

\begin{tikzpicture}[node distance=2cm, every node/.style={draw, thick, rectangle, text centered, minimum width=2.5cm}] \node (onprem) {On-Prem Router}; \node (patch) [right of=onprem, xshift=2cm] {Patch Panel}; \node (awsport) [right of=patch, xshift=2cm] {AWS DX Router};

\end{tikzpicture}

Definition-Example Pairs

• Term: Link Aggregation Group (LAG)
  • Definition: A logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple physical Direct Connect connections.
  • Example: A financial firm requires 20 Gbps of throughput. They order two 10 Gbps Dedicated Connections at the same location and group them into a single LAG for 20 Gbps of active/active capacity.
• Term: Jumbo Frames
  • Definition: Ethernet frames with more than 1500 bytes of payload, used to increase throughput and reduce CPU overhead.
  • Example: When migrating large databases from on-premises to RDS, enabling an MTU of 9001 on the Private VIF allows fewer packets to be sent, speeding up the transfer.

Worked Examples

Scenario: Configuring a Private VIF

Goal: Connect a local data center to a VPC in the us-east-1 region.

1. Requirement Gathering:
   • On-premises ASN: 65000.
   • VLAN ID: 100.
   • VPC CIDR: 10.0.0.0/16.
2. AWS Console Action: Navigate to Direct Connect > Virtual Interfaces > Create Virtual Interface.
3. VIF Type: Select Private.
4. Configuration:
   • VLAN: Enter 100.
   • BGP ASN: Enter 65000.
   • Addressing: Choose IPv4 and let AWS auto-assign the /30 peering addresses or provide your own (e.g., 169.254.0.1/30).
5. Validation: Check the BGP status in the console. It should change from down to up once the on-premises router is configured with the matching MD5 key.

Checkpoint Questions

1. What document is required for a colocation provider to complete the physical cross-connect?
2. True or False: Direct Connect supports single-mode fiber and multi-mode fiber.
3. Which MTU size should be used for traffic traversing the Public Internet via VPN if you want to avoid fragmentation?
4. What is the maximum number of physical connections typically allowed in a LAG?

[!TIP] Answers: 1. LOA-CFA; 2. False (Single-mode only); 3. 1500 bytes (standard); 4. 10 connections.

Muddy Points & Cross-Refs

• Public vs. Private VIFs: A common point of confusion is that a Public VIF is for accessing public AWS endpoints (S3, EC2 APIs) over the dedicated connection, NOT for accessing the public internet.
• Direct Connect Gateway (DXGW): If you need to connect to multiple VPCs across different regions, you must associate your VIF with a Direct Connect Gateway.
• Redundancy: A single Direct Connect connection is a single point of failure. High availability requires two connections, preferably in different colocation facilities (locations).

Comparison Tables

Dedicated vs. Hosted Connections

Connectivity Comparison