Amazon Direct Connect Resiliency Toolkit
Amazon offers customers the ability to achieve highly resilient network connections between Amazon Virtual Private Cloud (Amazon VPC) and their on-premises infrastructure. The Amazon Direct Connect Resiliency Toolkit provides a connection wizard with multiple resiliency models. These models help you to determine, and then place an order for the number of dedicated connections to achieve your SLA objective. You select a resiliency model, and then the Amazon Direct Connect Resiliency Toolkit guides you through the dedicated connection ordering process. The resiliency models are designed to ensure that you have the appropriate number of dedicated connections in multiple locations.
The Amazon Direct Connect Resiliency Toolkit has the following benefits:
-
Provides guidance on how you determine and then order the appropriate redundant Amazon Direct Connect dedicated connections.
-
Ensures that the redundant dedicated connections have the same speed.
-
Automatically configures the dedicated connection names.
-
Automatically approves your dedicated connections when you have an existing Amazon account and you select a known Amazon Direct Connect Partner. The Letter of Authority (LOA) is available for immediate download.
-
Automatically creates a support ticket for the dedicated connection approval when you are a new Amazon customer, or you select an unknown (Other) partner.
-
Provides an order summary for your dedicated connections, with the SLA that you can achieve and the port-hour cost for the ordered dedicated connections.
-
Creates link aggregation groups (LAGs), and adds the appropriate number of dedicated connections to the LAGs when you choose a speed other than 1 Gbps, 10 Gbps, 100 Gbps, or 400 Gbps.
-
Provides a LAG summary with the dedicated connection SLA that you can achieve, and the total port-hour cost for each ordered dedicated connection as part of the LAG.
-
Prevents you from terminating the dedicated connections on the same Amazon Direct Connect device.
-
Provides a way for you to test your configuration for resiliency. You work with Amazon to bring down the BGP peering session in order to verify that traffic routes to one of your redundant virtual interfaces. For more information, see Amazon Direct Connect Failover Test.
-
Provides Amazon CloudWatch metrics for connections and virtual interfaces. For more information, see Monitor Amazon Direct Connect resources.
The following resiliency models are available in the Amazon Direct Connect Resiliency Toolkit:
-
Maximum Resiliency: This model provides you a way to order dedicated connections to achieve an SLA of 99.99%. It requires you to meet all of the requirements for achieving the SLA that are specified in the Amazon Direct Connect Service Level Agreement
. -
High Resiliency: This model provides you a way to order dedicated connections to achieve an SLA of 99.9%. It requires you to meet all of the requirements for achieving the SLA that are specified in the Amazon Direct Connect Service Level Agreement
. -
Development and Test: This model provides you a way to achieve development and test resiliency for non-critical workloads, by using separate connections that terminate on separate devices in one location.
-
Classic. This model is intended for users that have existing connections and want to add additional connections. This model does not provide an SLA.
The best practice is to use the Connection wizard in the Amazon Direct Connect Resiliency Toolkit to order the dedicated connections to achieve your SLA objective.
After you select the resiliency model, the Amazon Direct Connect Resiliency Toolkit steps you through the following procedures:
-
Selecting the number of dedicated connections
-
Selecting the connection capacity, and the dedicated connection location
-
Ordering the dedicated connections
-
Verifying that the dedicated connections are ready to use
-
Downloading your Letter of Authority (LOA-CFA) for each dedicated connection
-
Verifying that your configuration meets your resiliency requirements
Prerequisites
Amazon Direct Connect supports the following port speeds over single-mode fiber: 1000BASE-LX (1310 nm) transceiver for 1 gigabit Ethernet, a 10GBASE-LR (1310 nm) transceiver for 10 gigabit, a 100GBASE-LR4 for 100 gigabit Ethernet, or a 400GBASE-LR4 for 400 Gbps Ethernet.
You can set up an Amazon Direct Connect connection in one of the following ways:
Model | Bandwidth | Method |
---|---|---|
Dedicated connection | 1 Gbps, 10 Gbps, 100 Gbps, and 400 Gbps |
Work with an Amazon Direct Connect Partner or a network provider to connect a
router from your data center, office, or colocation environment to
an Amazon Direct Connect location. The network provider does not have to be an
Amazon Direct Connect Partner |
Hosted connection | 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps, and 25 Gbps. |
Work with a partner in the Amazon Direct Connect Partner Program Only certain partners provide higher capacity connections. |
For connections to Amazon Direct Connect with bandwidths of 1 Gbps or higher, ensure that your network meets the following requirements:
-
Your network must use single-mode fiber with a 1000BASE-LX (1310 nm) transceiver for 1 gigabit Ethernet, a 10GBASE-LR (1310 nm) transceiver for 10 gigabit, a 100GBASE-LR4 for 100 gigabit Ethernet, or a 400GBASE-LR4 for 400 Gbps Ethernet.
-
Auto-negotiation for a port must be disabled for a connection with a port speed of more than 1 Gbps. However, depending on the Amazon Direct Connect endpoint serving your connection, auto-negotiation might need to be enabled or disabled for 1 Gbps connections. If your virtual interface remains down, see Troubleshooting layer 2 (data link) issues.
-
802.1Q VLAN encapsulation must be supported across the entire connection, including intermediate devices.
-
Your device must support Border Gateway Protocol (BGP) and BGP MD5 authentication.
-
(Optional) You can configure Bidirectional Forwarding Detection (BFD) on your network. Asynchronous BFD is automatically enabled for each Amazon Direct Connect virtual interface. It's automatically enabled for Direct Connect virtual interfaces, but does not take effect until you configure it on your router. For more information, see Enable BFD for a Direct Connect connection
.
Make sure you have the following information before you begin your configuration:
-
The resiliency model that you want to use.
-
The speed, location, and partner for all of your connections.
You only need the speed for one connection.
Maximum resiliency
You can achieve maximum resiliency for critical workloads by using separate connections that terminate on separate devices in more than one location (as shown in the following figure). This model provides resiliency against device, connectivity, and complete location failures. The following figure shows both connections from each customer data center going to the same Amazon Direct Connect locations. You can optionally have each connection from a customer data center going to different locations.
For the procedure for using the Amazon Direct Connect Resiliency Toolkit to configure a maximum resiliency model, see Configure maximum resiliency.
High resiliency
You can achieve high resiliency for critical workloads by using two single connections to multiple locations (as shown in the following figure). This model provides resiliency against connectivity failures caused by a fiber cut or a device failure. It also helps prevent a complete location failure.
For the procedure for using the Amazon Direct Connect Resiliency Toolkit to configure a high resiliency model, see Configure high resiliency.
Development and test
You can achieve development and test resiliency for non-critical workloads by using separate connections that terminate on separate devices in one location (as shown in the following figure). This model provides resiliency against device failure, but does not provide resiliency against location failure.
For the procedure for using the Amazon Direct Connect Resiliency Toolkit to configure a maximum resiliency model, see Configure development and test resiliency.
Classic
Select Classic when you have existing connections.
The following procedures demonstrate the common scenarios to get set up with an Amazon Direct Connect connection.
Prerequisites
For connections to Amazon Direct Connect with port speeds of 1 Gbps or higher, ensure that your network meets the following requirements:
-
Your network must use single-mode fiber with a 1000BASE-LX (1310 nm) transceiver for 1 gigabit Ethernet, a 10GBASE-LR (1310 nm) transceiver for 10 gigabit, a 100GBASE-LR4 for 100 gigabit Ethernet, or a 400GBASE-LR4 for 400 Gbps Ethernet.
-
Auto-negotiation for a port must be disabled for a connection with a port speed of more than 1 Gbps. However, depending on the Amazon Direct Connect endpoint serving your connection, auto-negotiation might need to be enabled or disabled for 1 Gbps connections. If your virtual interface remains down, see Troubleshooting layer 2 (data link) issues.
-
802.1Q VLAN encapsulation must be supported across the entire connection, including intermediate devices.
-
Your device must support Border Gateway Protocol (BGP) and BGP MD5 authentication.
-
(Optional) You can configure Bidirectional Forwarding Detection (BFD) on your network. Asynchronous BFD is automatically enabled for each Amazon Direct Connect virtual interface. It's automatically enabled for Direct Connect virtual interfaces, but does not take effect until you configure it on your router. For more information, see Enable BFD for a Direct Connect connection
.
For the procedure for using the Amazon Direct Connect Resiliency Toolkit to configure a Classic connection, see Configure a Classic connection.
Amazon Direct Connect FailoverTest
Use the Amazon Direct Connect Resiliency Toolkit to verify traffic routes and that those routes meet your resiliency requirements.
For the procedures for using the Amazon Direct Connect Resiliency Toolkit to perform failover tests, see Failover Test.