AWS Direct Connect provides private connectivity to your VPC over a dedicated physical connection. Direct Connect circuits can be either 1 Gbps, 10 Gbps, or 100 Gbps. You can request multiple Direct Connect circuits. Direct Connect can reduce network costs because transfer charges are often less expensive than Internet transfer charges.
Multiple virtual interfaces (VIFs) can be configured for a Direct Connect circuit. A Direct Connect public VIF is used to connect to public AWS resources such as S3. A Direct Connect private VIF is used to connect to resources within a VPC.
Your Direct Connect circuit can be terminated at a Direct Connect gateway. A Direct Connect gateway can be created in any region. An AWS Direct Connect gateway allows you to create connections from a single Direct Connect to multiple VPCs in different AWS regions.
A Direct Connect VIF can be used to establish a dedicated physical connection to a virtual private gateway. You can then use your CGW to establish an IPsec VPN connection to the virtual private gateway. This provides you with the low latency and dedicated throughput of Direct Connect while still allowing a secure end-to-end IPsec VPN connection.
A dedicated connection is dedicated to a single customer and supports speeds of 1, 10, or 100 Gbps. Hosted connections are sourced from an AWS Direct Connect partner. Hosted connections support many different speeds but support only a single VIF.
Some questions on the exam require you to differentiate between public and private VIFs. Remember that public VIFs are only for public AWS resources like S3.
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. A company currently accesses sensitive data in an S3 bucket over the Internet. Which option would allow you to access this data over Direct Connect instead?
A. Configure an AWS private VIF and allow routes to AWS public resources to be learned via BGP.
B. Configure an AWS public VIF and allow routes to AWS public resources to be learned via BGP.
C. Configure an AWS private VIF and configure static summary routes to AWS public resources.
D. Configure an AWS public VIF and configure static summary routes to AWS public resources.
2. What is the primary benefit of Direct Connect versus a managed site-to-site VPN?
A. Increased redundancy and resiliency
B. Support of the BGP routing protocol
C. Additional support for DNS option sets
D. Higher bandwidth and more predictable throughput
1. Answer: B is correct. A public virtual interface can access all AWS public services over Direct Connect. Routes to public prefixes are learned via BGP route advertisements.
2. Answer: D is correct. The maximum bandwidth of a VPN is 1.25 Gbps, and performance over the Internet is unpredictable. Direct Connect supports speeds up to 100 Gbps and traffic flows over the AWS backbone network.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
