3005-AWS-Direct Connect

AWS Direct Connect Setup
1
© Sonata Software Ltd, 2019. Confidential.
Platform Architecture Led Management (PALM) Framework
VPC
Subnet Storage
Block (EBS)
Object Storage (S3)
Route Table CloudWatch Inspector AMI Athena CodeCommit
Account Creation File Storage (EFS, FSx) RDS
Users EC2 Instance DMS
Security Group Volume Snapshot Elastic Search CodeBuild
AWS Organizations Roles DynamoDB CloudTrail GuardDuty Service SMS
AWS Backup
NACL
RDS Backup CodeDeploy
AD Lambda Key Management Kinesis
Policies Object Storage Elasticache Trusted Advisor Cloud Endure
Service DR Setup
SSO ELB/ALB /NLB (S3) Cloud Pipeline
MFA Elastic Beanstalk Amazon Timestream Config EMR
WAF & Shield
CloudShell
Nat Gateway AWS Auto Scaling Amazon Redshift
EC2 Image Builder Amazon Keyspaces AWS Firewall
Manager CodeStar
IGW
CloudFormation AWS Glue
Security Hub CodeArtifact
VPC Flow Logs
System Manager Data Pipeline
CloudFront
Route53
Transit Gateway
Site-to-Site VPN
Direct Connect
Gateway
Management
Network Compute Security & Developer
Account IAM Storage DB & Backup & DR Analytics Migration
(VPC) (EC2) Compliance Tools
Governance
Object Storage (S3
2
Prerequisites for Direct Connect
Sl.no Prerequisites Options Customer Input / Example
1 AWS Account setup refer AWS Account setup SOP
Example : User : test or

2 AWS login credentials IAM User creation with necessary privileges (Refer IAM user SOP) test@sonatasoftware.com
Passowrd : 12345
Example : Asia Pacific (Mumbai) ap-south-1
in AWS Console from right side top corner, you can find the Region names from
3 AWS Region name (select the Region, according to your
drop-down list.
requirement )
FQDN is the fully qualified domain name of your website. It must be the same as what users www.Soanta.com
4 Common Name or FQDN
type in the web browser.
5 Organization Name (e.g., company) The full legal name of your organization, including suffixes such as LLC, Corp, etc. SonataNAP, LLC
6 Organizational Unit Name The division in your organization that deals with this certificate. NOC
7 Locality Name (e.g., city) The city in which your organization is located. Sonata
8 State/Region/Province (full name) The state or region in which your organization is located. Sonata
9 Country Code (2 letter code) The country in which your organization is located. Always entered as a two-letter ISO code. U.S.
10 Email Address Email address used to contact the site’s webmaster. sitewebmaster@Sonata.com
An encoded text block similar to the private key. See

11 Public Key An automatically-created key that’s generated with the CSR and goes into the certificate.
an example of a private key below.
3
Prerequisites for Public Virtual Interface
Sl.no Prerequisites Options Customer Input / Example
1 Connection Select an existing physical connection on which you wish to create a virtual interface. SonataNAP Connection
2 Virtual Interface Name Enter a name for your virtual interface. SonataNAP Virtual Interface
3 Virtual Interface Owner My AWS Account or Another AWS Account My AWS Account
The ID number VLAN. The value must be between 1, and 4094 and it mustn’t already
VLAN be in use in your office. Avoid using 1, as this is typically used by management. VLAN
4 200
(i.e., virtual local area network) is required for data transfer in the AWS Direct Connect network.
If collocating, your provider will supply the VLAN.
5 Address Family IPv4 or IPv6. If you opt to configure an IPv6 BGB peer, select IPv6. The IPv6 addresses IPv4
are automatically assigned from the AWS pool of IPv6 addresses. IPv6 addresses cann
ot be custom specified.
Your router peer IP and Amazon router peer
6 IP address
IP
Enter your gateway’s Border Gateway Protocol (BGP) Autonomous System Number
7 BGP ASN (ASN). 65000
Check the Auto-generate BGP key checkbox to have AWS generate a BGP MD-5 key.
8 Auto-generate BGP key Enable or Disable
9 Prefixes you want to advertise prefixes
4
Prerequisites for Private Virtual Interface
Sl.no Prerequisites Options Customer Input /
Example
1 Connection Select an existing physical connection on which you wish to create a virtual interface. SonataNAP Connection
2 Virtual Interface Name Enter a name for your virtual interface. SonataNAP Virtual Interface
3 Virtual Interface Owner My AWS Account or Another AWS Account My AWS Account
Direct Connect gateway - Select DCG or Create a new DCG

4 Connection To
Virtual Private Gateway - select VPG
The ID number VLAN. The value must be between 1, and 4094 and it mustn’t already be in use in your
VLAN office. Avoid using 1, as this is typically used by management. VLAN is required for data transfer in the
5 (i.e., virtual local area network) AWS Direct Connect network. 200
If collocating, your provider will supply the VLAN.
IPv4 or IPv6. If you opt to configure an IPv6 BGB peer, select IPv6. The IPv6 addresses are auto
6 Address Family matically assigned from the AWS pool of IPv6 addresses. IPv6 addresses cannot be custom spec IPv4
ified.
On the other hand, you can specify IPv4 addresses.
Enter your gateway’s Border Gateway Protocol (BGP) Autonomous System Number (ASN).
7 BGP ASN 65000
Check the Auto-generate BGP key checkbox to have AWS generate a BGP MD-5 key.
8 Auto-generate peer IPs Enable or Disable
9 Auto-generate BGP key Enable or Disable
5
Overview of Amazon Direct Connect
 AWS Direct connect links your internal network to an AWS Direct Connect location over a
standard 1gigabit or 10 gigabit Ethernet fiber –option cable. One end the cable is
connected to your route, the other to an AWS Direct Connect route. It is a Network and
Content Delivery Service
 The following diagram shows how AWS Direct Connect interfaces with your network.
6
Prerequisites for AWS Direct Connect
 For Connections to AWS Direct Connect with port Speeds of 1Gbps or higher, ensure that
your network meets the following requirements.
 Your network must use single mode fiber with a 1000BASE-LX (1310nm) transceiver for
1gigabit ethernet, or a10GBASE-LR (1310nm) transceiver for 10 gigabit Ethernet
 Auto-negotiation for the port must be disabled. Port speed and full-duplex mode must be
configured manually.
 802.1Q VLAN encapsulation must be supported across the entire connection, including
intermediate devices.
 Your device must support border Gateway protocol (BGP) and BGP MD5 authentication
 (Optional) You can Configure Bidirectional Forwarding Detection (BFD) on your network.
Asynchronous BFD is automatically enabled for AWS Direct Connect virtual interfaces, but
will not take effect until you Configure it on your router.
7
Use Case of AWS Direct Connect
Working with Large Data Sets:
With AWS Direct Connect ,you can transfer your business Critical data directly from your datacentre
office, or colocation environment into and from AWS bypassing your internet service provider and
removing network congestion. Further ,AWS Direct Connects simple pay-as-you-go pricing, and no
minimum commitment means you pay only for the network ports you use and the data you transfer over
the Connection, which can greatly reduce your networking costs.
Real-time Data Feeds :
Application that use real-time data feeds can also benefit from using AWS Direct Connect. for example,
applications such as Voice and Video perform best when network latency remains constant. Network
latency over the internet can vary given that the internet is constantly changing how data gets from
point A to B with AWS Direct Connect, you control how your data routed ,which can provide a more
consistent network experience over internet-based connections
Hybrid Environments :
Aws Direct Connect can help you build hybrid environment that satisfy regulatory requirements
requiring the use of private connectivity. Hybrid environment allows you to combine the elasticity and
economic benefits of AWS with the ability to utilize other infrastructure that you already own.
8
Getting Started with AWS Direct Connect
Create an AWS Direct Connection

Use the AWS Direct Connect management console to create an AWS Direct Connection. Navigate to
Connections and opt to create a Create Connection. A new dialog box displays the necessary fields.
9
Create an AWS Direct Connection
 After you have created a connection, you should receive a confirmation message as seen in the image below:
 The connection is in a “requested” state. The AWS Direct Connect staff is reviewing your request and will then supply a letter of authorization. Once
available, you need to download LOA and send it to your network provider who is establishing the connection for you.
 It may take up to three (3) business days to process the request.
10
Download the Letter of Authorization and Connecting Facility
Assignment (LOA-CFA)
 After filling a request for a connection, AWS will process the application. It
may take up to 72-hours for Amazon to review the request and provision a
connection port. Amazon may request additional information via email.
Respond within seven business day or the connection will be terminated.
 Once the request has been accepted, download the Letter of Authorization
and Connecting Facility Assignment. Simply put, this is Amazon giving you
permission to establish and use the connection.
 To download the LOA-CFA, log into your AWS Direct Connect account,
navigate to Connections, and select the newly created connection.
Choose Actions > Download LOA-CFA.
11
Download the Letter of Authorization and Connecting Facility
Assignment (LOA-CFA)
Note:
 If the link is unavailable, it means the letter of authorization is still not available. Check your email. If 72- hours have
passed and you still haven’t received an email, contact AWS support.
 An optional step is to enter the name of your network provider. It will appear with your organization’s name as the
requester of the LOA-CFA. Download the letter of authorization. It will be downloaded as a PDF file.
Requesting Cross-Connect
 After you have downloaded your letter of authorization, request a cross-connect connection. If you have equipment
at the AWS Direct Connect location, contact your designated provider to establish a cross-connect connection. For
example, if you have equipment at SonataNAP, Sonata, you would send an email to sales@Sonata.com.
 For a comprehensive list of AWS providers, refer to Amazon AWS documentation.
 Cross-connect must be established within 90 days of granting the LOA-CFA. After 90 days, the letter of authorization
expires. If the LOA-CFA expires, download it again from the AWS Direct Connect console and resend this to your
network provider.
12
Hosted Connections
 For speeds less than 1 Gbps, you cannot use the AWS console to request a connection. Instead, hire an
AWS Direct Connect partner to create a hosted connection for you.
Accept a Hosted Connection
 If an AWS partner creates a hosted connection for you, you only need to accept the connection after creating an AWS
account.
 Log into your AWS account at https://console.aws.amazon.com/directconnect/ and select the region in which the
connection is located. Choose Connections, find the hosted connection, and select it.
 Accept the connection to activate it. After activating your connection, the next step would be to create
a virtual interface.
13
Virtual Interface
 Once your connection’s state goes from "requested" to "available", you can create a virtual interface.
Virtual interfaces are a prerequisite before using AWS Direct Connect. Bear in mind that you can create
multiple virtual interfaces on a single AWS connection.
 First, you need to be aware of the two types of virtual interfaces. Namely, there are public virtual
interfaces, which are used to connect to public AWS resources. And then, there are private virtual
interfaces that are used to connect to your instance of Amazon VPC. If an organization wants to
communicate with several VPC instances, it should utilize a single virtual interface per VPC.
 Before you establish a virtual interface, make sure you have the necessary information. Also, take into
account that sub-1G connections are limited to a single virtual interface.
14
How to Create a Public Virtual Interface
1. Log into your AWS account at https://console.aws.amazon.com/directconnect/.
2. Navigate to Connections, select the connection you intend to use and select Actions > Create Virtual Interface.
3. Make sure to select Public as the appropriate option for your virtual interface.
15
How to Create a Public Virtual Interface
• In the Define Your New Public Virtual Interface, provide the information collected
from prerequisites like Connections, Virtual Interface name, Virtual Interface
Owner, VLAN, Address family, Your router peer IP, Amazon router peer IP.
• BGP ASN, Auto generate BGP key, Prefixes you want ro advertise and then
select Continue.
16
How to Create a Private Virtual Interface
If connecting to SonataNAP’s AWS Direct Connect endpoint, you will need to configure all
virtual interface options except for the VLAN (i.e., virtual local area network) field. SonataNAP
provides the VLAN Number. This number will be between 1 and 4094, and it must comply
with the Ethernet 802.1Q connection standard.
To create a private virtual interface, you need a public or private ASN and the VPC virtual
private gateway (VPG) ID.
To begin the process of creating a private virtual interface:
Navigate to https://console.aws.amazon.com/directconnect/and log into your AWS account.
Choose Connections, select the connection to use and select Actions > Create Virtual
Interface.
Select the appropriate Virtual Interface type. In this case, click Private.
17
18
• In the Define Your New Public Virtual Interface, provide the information
collected from prerequisites like Connections, Virtual Interface name,
Virtual Interface Owner, VLAN, Address family, Auto-generate peer IPs.
• Connection to Direct Connect Gateway or Virtual Privae Gateway
• BGP ASN, Auto generate BGP key, and then select Continue.
19
Direct Connect Gateways
Direct Connect gateways can group private virtual interfaces and virtual private
gateways that belong to a single AWS account. Use Direct Connect gateways to connect
your AWS Direct Connect connection to a VPC in the same or different region. You do
so by associating the Direct Connect gateway with the virtual private gateway of a VPC.
To create a Direct Connect Gateway:
Log into your AWS account at https://console.aws.amazon.com/directconnect/.
Select Direct Connect Gateways > Create Direct Connect Gateway.
Provide the necessary information.
20
Direct Connect Gateways
Field Description Example
A descriptive name that will help you identify the AWS Gateway for PhoenixNAP
Name
gateway. AWS
Provide the ASN for the AWS side of the BGP session. For
Amazon Side 16-bit ASN, the value must be between 64,512 to 65,534. For
65000
ASN 32-bit ASN, the value must range from 4,200,000,000 to
4,294,967,294.
AWS Direct Connect gateways have certain limitations
 Multiple VPCs associated with a single Direct Connect gateway cannot communicate directly.
 Multiple virtual interfaces that are associated with a single Direct Connect gateway cannot communicate
directly.
 A virtual interface associated with a Direct Connect gateway and a virtual private gateway associated
with that same Direct Connect gateway cannot communicate directly.
 A virtual private gateway may only be associated with a single Direct Connect gateway.
 A virtual private gateway associated with a Direct Connect gateway must be attached to a VPC.
 Currently, Direct Connect gateway cannot be used to connect to a VPC in the China region.
21
Create a Virtual Private Gateway in VPC – AWS Settings
Create a virtual private gateway and attach it to the VPC that contains the EC2 VMs you are trying
to connect to. To create a VPG and attach it to a VPC:
 Log into your AWS account and select Virtual Private Gateways > Create Virtual Private Gateway.
 Enter a name for your VPG which will create a tag containing a key of Name and the value you
have entered. If you intend to use the default AWS ASN, don’t change the ASN default selection.
To type in a value, select Custom ASN and enter a value. It should be between 64512 and 65534
or 4200000000 and 4294967294.
 Select Create Virtual Private Gateway.
 Select the newly created VPG. Click Actions > Attach to VPC.
 Select the desired VPC and click Yes, Attach.
Microsoft Word
Document
22
Associate the Virtual Private Gateway with an AWS Direct Connect
Gateway
Associate the new VPG with the DCG you created earlier. To do so, you need to
be in the same region in which the virtual private gateway is located. The same
applies to the disassociation of VPGs. The VPG must be attached to a VPC.
Log in to your AWS Direct Connect console at
https://console.aws.amazon.com/directconnect/ .
Select the region in which your VPG is located.
Select the Direct Connect Gateway drop-down, and click your desired Direct
Connect gateway.
Click Actions > Associate Virtual Private Gateway.
Find and select the desired virtual private gateway, and select Associate.
If you want to check all your virtual private gateways in all regions associated with a
single Direct Connect gateway, select Virtual Gateway Associations. This will list
any existing associations.
23
Thank You
For any clarifications, please get back to
Product Support
productsupport@sonata-software.com

3005-AWS-Direct Connect

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3005-AWS-Direct Connect

Uploaded by

Copyright:

Available Formats

AWS Direct Connect Setup

1 AWS Account setup refer AWS Account setup SOP

Example : User : test or

An encoded text block similar to the private key. See

8 Auto-generate BGP key Enable or Disable

9 Prefixes you want to advertise prefixes

Direct Connect gateway - Select DCG or Create a new DCG

If collocating, your provider will supply the VLAN.

8 Auto-generate peer IPs Enable or Disable

9 Auto-generate BGP key Enable or Disable

Create an AWS Direct Connection

You might also like