Prerequisites Maximum resiliency High resiliency Development and test Classic Failover test

Amazon Direct Connect Resiliency Toolkit

Amazon offers customers the ability to achieve highly resilient network connections between Amazon Virtual Private Cloud (Amazon VPC) and their on-premises infrastructure. The Amazon Direct Connect Resiliency Toolkit provides a connection wizard with multiple resiliency models. These models help you to determine, and then place an order for the number of dedicated connections to achieve your SLA objective. You select a resiliency model, and then the Amazon Direct Connect Resiliency Toolkit guides you through the dedicated connection ordering process. The resiliency models are designed to ensure that you have the appropriate number of dedicated connections in multiple locations.

The Amazon Direct Connect Resiliency Toolkit has the following benefits:

Provides guidance on how you determine and then order the appropriate redundant Amazon Direct Connect dedicated connections.
Ensures that the redundant dedicated connections have the same speed.
Automatically configures the dedicated connection names.
Automatically approves your dedicated connections when you have an existing Amazon account and you select a known Amazon Direct Connect Partner. The Letter of Authority (LOA) is available for immediate download.
Automatically creates a support ticket for the dedicated connection approval when you are a new Amazon customer, or you select an unknown (Other) partner.
Provides an order summary for your dedicated connections, with the SLA that you can achieve and the port-hour cost for the ordered dedicated connections.
Creates link aggregation groups (LAGs), and adds the appropriate number of dedicated connections to the LAGs when you choose a speed other than 1 Gbps, 10 Gbps, 100 Gbps, or 400 Gbps.
Provides a LAG summary with the dedicated connection SLA that you can achieve, and the total port-hour cost for each ordered dedicated connection as part of the LAG.
Prevents you from terminating the dedicated connections on the same Amazon Direct Connect device.
Provides a way for you to test your configuration for resiliency. You work with Amazon to bring down the BGP peering session in order to verify that traffic routes to one of your redundant virtual interfaces. For more information, see Amazon Direct Connect Failover Test.
Provides Amazon CloudWatch metrics for connections and virtual interfaces. For more information, see Monitor Amazon Direct Connect resources.

The following resiliency models are available in the Amazon Direct Connect Resiliency Toolkit:

Maximum Resiliency: This model provides you a way to order dedicated connections to achieve an SLA of 99.99%. It requires you to meet all of the requirements for achieving the SLA that are specified in the Amazon Direct Connect Service Level Agreement.
High Resiliency: This model provides you a way to order dedicated connections to achieve an SLA of 99.9%. It requires you to meet all of the requirements for achieving the SLA that are specified in the Amazon Direct Connect Service Level Agreement.
Development and Test: This model provides you a way to achieve development and test resiliency for non-critical workloads, by using separate connections that terminate on separate devices in one location.
Classic. This model is intended for users that have existing connections and want to add additional connections. This model does not provide an SLA.

The best practice is to use the Connection wizard in the Amazon Direct Connect Resiliency Toolkit to order the dedicated connections to achieve your SLA objective.

After you select the resiliency model, the Amazon Direct Connect Resiliency Toolkit steps you through the following procedures:

Selecting the number of dedicated connections
Selecting the connection capacity, and the dedicated connection location
Ordering the dedicated connections
Verifying that the dedicated connections are ready to use
Downloading your Letter of Authority (LOA-CFA) for each dedicated connection
Verifying that your configuration meets your resiliency requirements

Prerequisites

Amazon Direct Connect supports the following port speeds over single-mode fiber: 1000BASE-LX (1310 nm) transceiver for 1 gigabit Ethernet, a 10GBASE-LR (1310 nm) transceiver for 10 gigabit, a 100GBASE-LR4 for 100 gigabit Ethernet, or a 400GBASE-LR4 for 400 Gbps Ethernet.

You can set up an Amazon Direct Connect connection in one of the following ways:

Model	Bandwidth	Method
Dedicated connection	1 Gbps, 10 Gbps, 100 Gbps, and 400 Gbps	Work with an Amazon Direct Connect Partner or a network provider to connect a router from your data center, office, or colocation environment to an Amazon Direct Connect location. The network provider does not have to be an Amazon Direct Connect Partner to connect you to a dedicated connection. Amazon Direct Connect dedicated connections support these port speeds over single-mode fiber: 1 Gbps: 1000BASE-LX (1310 nm), 10 Gbps: 10GBASE-LR (1310 nm), 100Gbps: 100GBASE-LR4, or 400GBASE-LR4 for 400 Gbps Ethernet.
Hosted connection	50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps, and 25 Gbps.	Work with a partner in the Amazon Direct Connect Partner Program to connect a router from your data center, office, or colocation environment to an Amazon Direct Connect location. Only certain partners provide higher capacity connections.

Model

Bandwidth

Method

Dedicated connection

1 Gbps, 10 Gbps, 100 Gbps, and 400 Gbps

Work with an Amazon Direct Connect Partner or a network provider to connect a router from your data center, office, or colocation environment to an Amazon Direct Connect location. The network provider does not have to be an Amazon Direct Connect Partner to connect you to a dedicated connection. Amazon Direct Connect dedicated connections support these port speeds over single-mode fiber: 1 Gbps: 1000BASE-LX (1310 nm), 10 Gbps: 10GBASE-LR (1310 nm), 100Gbps: 100GBASE-LR4, or 400GBASE-LR4 for 400 Gbps Ethernet.

Hosted connection

50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps, and 25 Gbps.

Work with a partner in the Amazon Direct Connect Partner Program to connect a router from your data center, office, or colocation environment to an Amazon Direct Connect location.

Only certain partners provide higher capacity connections.

For connections to Amazon Direct Connect with bandwidths of 1 Gbps or higher, ensure that your network meets the following requirements:

Your network must use single-mode fiber with a 1000BASE-LX (1310 nm) transceiver for 1 gigabit Ethernet, a 10GBASE-LR (1310 nm) transceiver for 10 gigabit, a 100GBASE-LR4 for 100 gigabit Ethernet, or a 400GBASE-LR4 for 400 Gbps Ethernet.
Depending on the Amazon Direct Connect endpoint serving your connection, on-premises device auto-negotiation might need to be enabled or disabled for any dedicated connection. If a virtual interface remains down when a Direct Connect connection is up, see Troubleshooting layer 2 (data link) issues.
802.1Q VLAN encapsulation must be supported across the entire connection, including intermediate devices.
Your device must support Border Gateway Protocol (BGP) and BGP MD5 authentication.
(Optional) You can configure Bidirectional Forwarding Detection (BFD) on your network. Asynchronous BFD is automatically enabled for each Amazon Direct Connect virtual interface. It's automatically enabled for Direct Connect virtual interfaces, but does not take effect until you configure it on your router. For more information, see Enable BFD for a Direct Connect connection.

Make sure you have the following information before you begin your configuration:

The resiliency model that you want to use.
The speed, location, and partner for all of your connections.

You only need the speed for one connection.

Maximum resiliency

You can achieve maximum resiliency for critical workloads by using separate connections that terminate on separate devices in more than one location (as shown in the following figure). This model provides resiliency against device, connectivity, and complete location failures. The following figure shows both connections from each customer data center going to the same Amazon Direct Connect locations. You can optionally have each connection from a customer data center going to different locations.

For the procedure for using the Amazon Direct Connect Resiliency Toolkit to configure a maximum resiliency model, see Configure maximum resiliency.

High resiliency

You can achieve high resiliency for critical workloads by using two single connections to multiple locations (as shown in the following figure). This model provides resiliency against connectivity failures caused by a fiber cut or a device failure. It also helps prevent a complete location failure.

For the procedure for using the Amazon Direct Connect Resiliency Toolkit to configure a high resiliency model, see Configure high resiliency.

Development and test

You can achieve development and test resiliency for non-critical workloads by using separate connections that terminate on separate devices in one location (as shown in the following figure). This model provides resiliency against device failure, but does not provide resiliency against location failure.

For the procedure for using the Amazon Direct Connect Resiliency Toolkit to configure a maximum resiliency model, see Configure development and test resiliency.

Classic

Select Classic when you have existing connections.

The following procedures demonstrate the common scenarios to get set up with an Amazon Direct Connect connection.

Prerequisites

For connections to Amazon Direct Connect with port speeds of 1 Gbps or higher, ensure that your network meets the following requirements:

Your network must use single-mode fiber with a 1000BASE-LX (1310 nm) transceiver for 1 gigabit Ethernet, a 10GBASE-LR (1310 nm) transceiver for 10 gigabit, a 100GBASE-LR4 for 100 gigabit Ethernet, or a 400GBASE-LR4 for 400 Gbps Ethernet.
Depending on the Amazon Direct Connect endpoint serving your connection, on-premises device auto-negotiation might need to be enabled or disabled for any dedicated connection. If a virtual interface remains down when a Direct Connect connection is up, see Troubleshooting layer 2 (data link) issues.
802.1Q VLAN encapsulation must be supported across the entire connection, including intermediate devices.
Your device must support Border Gateway Protocol (BGP) and BGP MD5 authentication.
(Optional) You can configure Bidirectional Forwarding Detection (BFD) on your network. Asynchronous BFD is automatically enabled for each Amazon Direct Connect virtual interface. It's automatically enabled for Direct Connect virtual interfaces, but does not take effect until you configure it on your router. For more information, see Enable BFD for a Direct Connect connection.

For the procedure for using the Amazon Direct Connect Resiliency Toolkit to configure a Classic connection, see Configure a Classic connection.

Amazon Direct Connect FailoverTest

Use the Amazon Direct Connect Resiliency Toolkit to verify traffic routes and that those routes meet your resiliency requirements.

For the procedures for using the Amazon Direct Connect Resiliency Toolkit to perform failover tests, see Direct Connect failover test.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Private virtual interface routing example

Configure maximum resiliency