This document provides a summary of a presentation on using AWS Direct Connect for cloud architecture. The presentation covered:
- An overview of AWS Direct Connect, which provides dedicated connectivity between on-premises networks and AWS.
- Reasons for using Direct Connect, including reduced bandwidth costs, consistent network performance, and elasticity.
- Technical details on Direct Connect locations and partners that can provide connections.
- Recommendations for architecting for failure tolerance and security.
- A use case of storage provider Zadara using Direct Connect for cross-region replication and bandwidth.
4. What is AWS Direct Connect?
Amazon SES
HDFS
Amazon Redshift
Amazon Glacier
Direct
Connect
EC2
Virtual Private Cloud
AWS Cloud
Elastic Beanstalk
Corporate Data Center
SQS
1 Gbps
10 Gbps
5. Why use AWS Direct Connect?
Reduces your
bandwidth costs
•
•
Consistent cost at $0.02 /
GB for data leaving USEast-1.
Costs vary between
regions
$0.150
$0.100
$0.050
$0.000
First 10TB
Direct Connect
Internet
Next 40TB
Next
100TB
Next
350TB
6. Why use AWS Direct Connect?
•
Consistent network performance
–
With AWS Direct Connect, you choose the data that utilizes the
dedicated connection and how that data is routed. Doing so can
provide a more consistent network experience over Internet-based
connections.
7. Why use AWS Direct Connect?
•
Elastic
–
AWS Direct Connect makes it easy to meet your needs. AWS Direct Connect provides
private lines, and you can easily provision multiple connections if you need more capacity.
14. AWS Direct Connect Facilities
AWS Direct Connect Location
AWS Region
CoreSite 32 Avenue of the Americas, NY
US East (Virginia)
CoreSite One Wilshire & 900 North Alameda, LA
US West (Northern California)
Equinix DC1 - DC6 & DC10 - DC11
US East (Virginia)
Equinix SV1 & SV5
US West (Northern California)
Equinix SE2 & SE3
US West (Oregon)
Equinix SG2
Asia Pacific (Singapore)
Equinix SY3
Asia Pacific (Sydney)
Equinix TY2
Asia Pacific (Tokyo)
Eircom, Clonshaugh
EU West (Ireland)
TelecityGroup, London Docklands’
EU West (Ireland)
Terremark NAP do Brasil
South America (Sao Paulo)
15.
16. AWS Direct Connect Partners
•
•
•
You are not required to use an AWS Direct Connect partner.
Any network provider that can reach the AWS Direct Connect facility can
provide service, so long as the handoff to AWS is Ethernet and meets the
technical requirements.
For a complete list, go to http://aws.amazon.com/directconnect/partners
19. Application Sensitivity to Network Performance
Required
BW
Elasticity
Sensitivity to
Errors
Latency
Sensitivity
Email
Voice (TDM)
Voice (IP)
Web Browsing (non-critical)
Web Browsing (SaaS)
Video Conferencing
Telepresence
Remote Workers
Streaming Media
Storage Area Networks
Server Virtualization (WAN)
Unified Communications
Very Low
Very High
Jitter
Sensitivity
20. Network Needs of Virtualization Activities
Quality of Service
Sensitivity
Data Storage Migration
Virtual Machine Migration
Data Storage Update
Distributed v-App
Inter VM-traffic
= Bandwidth per Flow
Flow Duration
22. Latency Effect on VMM
Completion Time
• VM size: 2 GB
• Memory churn: 10 MBps
Pause Time (secs)
RTT latency (msec)
Bandwidth Effect on VMM Pause
Time
Client-Server Business App
Development Workload
Retail Web Server w/ 600 Users
100
Source: Ciena
Completion Time (secs)
Completion Time (secs)
Network Performance Impact on VMM Completion
Loss Effect on VMM
Completion Time
• 10 msec RTT latency
• 20 msec RTT latency
• VM size: 2 GB
• Memory churn: 100 MBps
Loss %
32 %
increase
24 %
increase
23. Not All Networks Are Created Equal
Public Internet
Private Network
High-Performance
Private Network
26. Level 3 Helps Enable the Cloud
Build Clouds
Connect to Clouds
Building blocks on which many of the
world’s most ubiquitous cloud services
and private networks run
Local-to-global connectivity and
portfolio of network, security and
optimization services to help
enterprises connect private, public
and hybrid clouds
Virtual Private Networks
Dedicated Private Networks
Security Solutions
Application Performance Solutions
Internet Services
Colocation & Data Center
Professional Services
Deliver over the Cloud
Communication and media delivery
services built into our network to
help enterprises collaborate, move,
store and protect critical information
Contact Center Services
Carrier Cloud Voice
Voice Complete
Video Cloud
Cloud Content Exchange
CDN, Storage
Dynamic Enterprise Compute
27. Level 3 Cloud Connect Solutions
A private network ecosystem for enterprises and government to connect with leading cloud and data center providers around the world
Improved Performance
Deliver cloud-based
mission critical applications
more quickly and without
interruption with Level 3’s
highly redundant fiber
network, low latency offers,
and class of service
guarantees.
Greater Security
Entrust your business’s
proprietary information to
the cloud with Level 3’s
private network and
comprehensive portfolio of
security services.
Ultimate Flexibility
Choose the cloud services
that meet your business
needs (without forcing you
into an outmoded
technology or restrictive
service bundle). Tap into
bandwidth dynamically,
pay only for what you
consume.
Global Connectivity
Connect offices
around the world to
the local cloud and
data center resources
needed to run
mission critical
applications.
Reduced Costs
Turn up new
connections and scale
bandwidth quickly and
efficiently. Minimize upfront capital
expenditures and lower
your cost per unit by
utilizing shared
infrastructure.
31. Complete the Cross Connect
AWS will send you an email within 72 hours with a letter of authorization and
connecting facility assignment (LOA-CFA).
32. Amazon Virtual Private Cloud
You need the following information:
• A new, unused VLAN tag that you
select
• A public or private BGP ASN. If
you are using a public ASN you
must own it. If you are using a
private ASN, it must be in the
65000 range.
• The VPC Virtual Private Gateway
(VGW) ID.
• ID Number of your Virtual Local
Area Network.
33. AWS Public Services
You need the following information:
•
•
A new, unused VLAN tag that you
select.
A public or private BGP ASN. If you
are using a public ASN you must
own it. If you are using a private
ASN, it must be in the 65000 range.
38. Design for Failure
•
Active-Active (BGP multipath). Network traffic is load
balanced across both connections. If one connection
becomes unavailable, all traffic is routed through the other.
This is the default configuration.
AWS
DynamoDB
AWS Cloud
•
Active-Passive (failover). One connection is handling
traffic, and the other is on standby. If the active connection
becomes unavailable, all traffic is routed through the
passive connection.
41. Design for Security
Amazon SQS
Users
Amazon RDS DB Instance
Availability Zone
Private Connection
Direct to Amazon VPC
Amazon
Elastic
Transcoder
Amazon RDS DB Standby
(Multi-AZ)
Availability Zone
AWS Virtual Private Cloud
Corporate Data Center
Region
42. Design for Security
VPN (IPSEC)
Amazon SQS
VPN Gateway
Amazon RDS DB Instance
Availability Zone
Users
Additional Security
via IPSEC VPN
Amazon
Elastic
Transcoder
Amazon RDS DB Standby
(Multi-AZ)
Availability Zone
AWS Virtual Private Cloud
Corporate Data Center
Region
43. Design for Security
VPN (IPSEC)
Amazon SQS
Users
VPN Gateway
Amazon RDS DB Instance
Availability Zone
Monitor your network
traffic in and out
Amazon
Elastic
Transcoder
Amazon RDS DB Standby
(Multi-AZ)
Availability Zone
AWS Virtual Private Cloud
IDS
Corporate Data Center
Region
46. Zadara via AWS Direct Connect
Availability Zone X
Availability Zone Y
Availability Zone X
AWS Region A
AWS Region N
AWS
Direct
Connect
AWS
Direct
Connect
San Jose
& N. Va.
Availability Zone Y
Tokyo
Secure remote replication
Dublin
Zadara Cloud A
L.A.*
*coming soon
Zadara Cloud N
47. Zadara/AWS Direct Connect Factoids
• 100Gb of combined dedicated bandwidth
– 4x10Gb lanes in East
– 2x10Gb at other locations (US West 1, EU West 1 and AP Northeast 1)
– Each region is Active/Active for high availability
•
•
•
•
•
Total separation among customers, via VLANs
Maintained zero downtime in 2 years
Moved ~225TB in October
Exceeding 50 VIFs per lane
Thanks to VIF API, onboarding new users in 5 minutes