All Collections
Knowledge Base
DE-CIX DirectCLOUD Advanced Topics
AWS Configuration - Part 1
AWS Configuration - Part 1

Configuration of the DirectConnect service in the AWS Portal

D
Written by DE-CIX Consulting Team
Updated over a week ago

After creating the DirectCLOUD connection on the DE-CIX side, it is time to configure the network in AWS to finalize the setup.

Amazon Web Services Logo, symbol, meaning, history, PNG, brand

Before entering in details, we need to understand some concepts from the AWS cloud to configure the services there:

VIF - What is a VIF?

The DX (Direct Connect) connexions are only layer two circuits - VLANs.
They don´t directly support IP traffic. (We can´t access any resources)

This is why we have VIFs - Virtual Interfaces.


VIFs provide layer three connectivity for inbound and outbound IP traffic.

(Thanks to the VIFs, we can access the resources in the cloud)

There are three different types of VIFs:

  • Private VIF: Private VIFs allow us to connect to private AWS networks, in other words, to VPCs, but it has some limitations.

  • Public VIF: allow us to connect to the public zone, where all public AWS Services are. These services are accessed through the internet, for example, S3.
    With the Public VIF, we can privately access all of them.

Public Virtual Interface (VIF) only advertising the AWS Prefixes on the same region - Sai Sci Tech

  • Transit VIF: Similar to the Private VIF, it allows us to connect to the private zone to our VPCs, but it also helps to bypass and transit data from one VPC to another in combination with a specific gateway (transit gateway)

Because a VIF alone does nothing, we need a Gateway to make it work, and there are different configurations.


Private VIF

  • Private VIF + Virtual Private Gateway (VGW) - LEGACY

  • Private VIF + VGW + Direct Connect Gateway (DX Gateway) :
    Recommended Setup for a simple hybrid architecture

    This setup allows us to interconnect between different VPCs, in different regions.


    There are some limitations using this method. you can´t send traffic:

    • From one associated VPC to another, it is only possible from the customer to the VPC

    • From one connected VIF to another (only a single VIF is allowed per session)

    • From a connected VIF through a VPN connection using an associated VGW

Transit VIF

  • Transit VIF + Direct Connect Gateway (DX Gateway) + Transit Gateway

  • The DX Gateway with the Transit VIF interconnects Transit Gateways (instead of VGW: Virtual Private Gateways)

    • Transit Gateways provide a hub and spoke design for connecting VPCs and on-premises networks:

A diagram depicting hub-and-spoke design with AWS Transit Gateway

Thanks to the transit gateway, the traffic can flow from point to point, from one associated VPC to another, and can be paired with different networking solutions such as VPN, transit gateway peering...

Now that we have these concepts in mind let´s create the Recommended Setup in the second part of the tutorial

Did this answer your question?