What is Amazon Direct Connect? - Amazon Direct Connect
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

What is Amazon Direct Connect?

Amazon Direct Connect links your internal network to an Amazon Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an Amazon Direct Connect router. With this connection, you can create virtual interfaces directly to public Amazon services (for example, to Amazon S3) or to Amazon VPC, bypassing internet service providers in your network path. An Amazon Direct Connect location provides access to Amazon in the Region with which it is associated. You can use a single connection in a public Region or Amazon GovCloud (US) to access public Amazon services in all other public Regions.

The following diagram shows a high-level overview of how Amazon Direct Connect interfaces with your network.

Amazon Direct Connect

Amazon Direct Connect components

The following are the key components that you use for Direct Connect:

Connections

Create a connection in an Amazon Direct Connect location to establish a network connection from your premises to an Amazon Region. For more information, see Amazon Direct Connect dedicated and hosted connections.

Virtual interfaces

Create a virtual interface to enable access to Amazon services. A public virtual interface enables access to public services, such as Amazon S3. A private virtual interface enables access to your VPC. The types of supported interfaces are described below in Supported Direct Connect virtual interface types. For more details about the supported interfaces, see Amazon Direct Connect virtual interfaces and hosted virtual interfaces and Prerequisites for virtual interfaces.

Network requirements

To use Amazon Direct Connect in an Amazon Direct Connect location, your network must meet one of the following conditions:

  • Your network is colocated with an existing Amazon Direct Connect location. For more information about available Amazon Direct Connect locations, see Amazon Direct Connect Product Details.

  • You are working with an Amazon Direct Connect partner who is a member of the Amazon Partner Network (APN). For information, see APN Partners Supporting Amazon Direct Connect.

  • You are working with an independent service provider to connect to Amazon Direct Connect.

In addition, your network must meet the following conditions:

  • Your network must use single-mode fiber with a 1000BASE-LX (1310 nm) transceiver for 1 gigabit Ethernet, a 10GBASE-LR (1310 nm) transceiver for 10 gigabit, a 100GBASE-LR4 for 100 gigabit Ethernet, or a 400GBASE-LR4 for 400 Gbps Ethernet.

  • Auto-negotiation for a port must be disabled for a connection with a port speed of more than 1 Gbps. However, depending on the Amazon Direct Connect endpoint serving your connection, auto-negotiation might need to be enabled or disabled for 1 Gbps connections. If your virtual interface remains down, see Troubleshooting layer 2 (data link) issues.

  • 802.1Q VLAN encapsulation must be supported across the entire connection, including intermediate devices.

  • Your device must support Border Gateway Protocol (BGP) and BGP MD5 authentication.

  • (Optional) You can configure Bidirectional Forwarding Detection (BFD) on your network. Asynchronous BFD is automatically enabled for each Amazon Direct Connect virtual interface. It's automatically enabled for Direct Connect virtual interfaces, but does not take effect until you configure it on your router. For more information, see Enable BFD for a Direct Connect connection.

Amazon Direct Connect supports both the IPv4 and IPv6 communication protocols. IPv6 addresses provided by public Amazon services are accessible through Amazon Direct Connect public virtual interfaces.

Amazon Direct Connect supports an Ethernet frame size of 1522 or 9023 bytes (14 bytes Ethernet header + 4 bytes VLAN tag + bytes for the IP datagram + 4 bytes FCS) at the link layer. You can set the MTU of your private virtual interfaces. For more information, see MTUs for private virtual interfaces or transit virtual interfaces.

Supported Direct Connect virtual interface types

Amazon Direct Connect supports the following three virtual interface (VIF) types:

  • Private virtual interface

    This type of interface is used to access an Amazon Virtual Private Cloud (VPC) using private IP addresses. With a private virtual interface you can

    • Connect directly to a single VPC per private virtual interface to access those resources using private IPs in the same Region.

    • Connect a private virtual interface to a Direct Connect gateway to access multiple virtual private gateways across any account and Amazon Region (except the Amazon China Regions).

  • Public virtual interface

    This type of virtual interface is used to access all Amazon public services using public IP addresses. With a public virtual interface you can connect to all Amazon public IP addresses and services globally.

  • Transit virtual interface

    This type of interface is used to access one or more Amazon VPC Transit Gateways associated with Direct Connect gateways. With a transit virtual interface you connect multiple Amazon VPC Transit Gateways across multiple accounts and Amazon Web Services Regions (except the Amazon China Regions).

    Note

    There are limits to the number of different types of associations between a Direct Connect gateway and a virtual interface. For more information about specific limits, see the Direct Connect quotas page.

For more information about virtual interfaces, see Amazon Direct Connect virtual interfaces and hosted virtual interfaces.

Pricing for Direct Connect

Amazon Direct Connect has two billing elements: port hours and outbound data transfer. Port hour pricing is determined by capacity and connection type (dedicated connection or hosted connection).

Data Transfer Out charges for private interfaces and transit virtual interfaces are allocated to the Amazon account responsible for the Data Transfer. There are no additional charges to use a multi-account Amazon Direct Connect gateway.

For publicly addressable Amazon resources (for example, Amazon S3 buckets, Classic EC2 instances, or EC2 traffic that goes through an internet gateway), if the outbound traffic is destined for public prefixes owned by the same Amazon payer account and actively advertised to Amazon through an Amazon Direct Connect public virtual Interface, the Data Transfer Out (DTO) usage is metered toward the resource owner at Amazon Direct Connect data transfer rate.

For more information, see Amazon Direct Connect Pricing.

Amazon Direct Connect maintenance

Amazon Direct Connect is a fully managed service where periodically, Direct Connect performs maintenance activities on a hardware fleet that supports the service. Direct Connect connections are provisioned on standalone hardware devices that enables you to create highly resilient network connections between Amazon Virtual Private Cloud and your on-premises infrastructure. This capability enables you to access your Amazon resources in a reliable, scalable, and cost-effective way. For more information, see Amazon Direct Connect Resiliency Recommendations.

There are two types of Direct Connect maintenance: planned and emergency maintenance:

  • Planned maintenance. Planned maintenance is scheduled in advance to improve availability and deliver new features. This type of maintenance is scheduled during a maintenance window where we provide three notifications: 14-calendar-day, 7-calendar day, and 1-calendar day.

    Note

    Calendar days include non-business days and local holidays.

  • Emergency maintenance. Emergency maintenance is initiated on critical basis due to a service impacting failure that requires immediate action from Amazon to restore services. This type of maintenance isn't planned in advance. Impacted customers are notified of emergency maintenance up to 60-minutes prior to the maintenance.

We recommend that you follow the Amazon Direct Connect Resiliency Recommendations so that you can gracefully and proactively shift traffic to your redundant Direct connect connection during maintenance. We also recommend that you proactively test the resiliency of your redundant connections on a regular basis to validate that failover works as intended. Using the Amazon Direct Connect Failover Test functionality, you can verify that your traffic routes through one of your redundant virtual interfaces.

For guidance around eligibility criteria to initiate a request for planned maintenance cancellation, see How do I cancel a Direct Connect maintenance event?.

Note

Emergency maintenance requests can't be canceled as Amazon must act immediately to restore service.

For more information about maintenance events, see Maintenance events in the Amazon Direct Connect FAQs.