The AWS Direct Connect gateway simplifies your Direct Connect architecture. Traditionally with Direct Connect, a separate connection would need to be established from your data center to each AWS region you wanted to connect to. If you needed to connect to two different regions, for example, since DX is a regional service, you would traditionally require two separate direct connections, one for each region. The gateway allows connections to global VPCs from a single DX connection location.
The Direct Connect gateway expands the private VIF capabilities over the standard DX interconnect capabilities. The Direct Connect gateway allows connections to global VPCs from a single DX connection location. Up to 500 VPC connections are supported from a single Direct Connect gateway. The Direct Connect gateway connects your AWS Direct Connect over a virtual interface to one or many VPCs in single or many accounts in any region. Note that while Direct Connect using private VIFs is a regional service, the gateway extends this to all AWS regions from a single connection. Figure 6.21 shows the basic architecture of the Direct Connect gateway.
FIGURE 6.21 Direct Connect gateway
The service is enabled by creating a private VIF and associating it with a Direct Connect gateway, instead of a virtual private gateway, set up in any region. In the AWS cloud, the virtual gateways can now be associated with any VPC in any region. The VPCs connect to the gateway, which is associated with the private VIF that is routed to and from your internal network. However, inter-VPC communications through the same Direct Connect gateway are not allowed; the VPCs are routed to your internal network but do not get routed between each other via your data center router. Hairpinning inter-VPC routes through your on-premises router is not supported. Each DX gateway supports a private VIF connection and 10 virtual gateways per connection. So, 1 DX can have up to 50 private VIFs, which equal 50 DX gateways for up to 500 VPCs that can be connected.
To associate VPCs from different regions to a single DX facility, a private VIF is associated with a DX gateway in any region. This is the connection from your on-premises router to the DX gateway service. After this step has been completed, you can now associate virtual gateways that are attached to VPCs in any region in the world instead of the single region architecture prior to this implementation of your Direct Connect gateway. This allows all VPCs connected to the Direct Connect gateway to connect through the private VIF and into your on-premises network.
The Direct Connect gateway supports cross-account connections that allow you to associate VPCs from different accounts to the same DX gateway in a shared services account. All VPC IP address blocks must be unique and nonoverlapping. This service supports private VIF connections only and not public interfaces.
For the steps on creating a Direct Connect connection to a VPC using a Direct Connect gateway, refer to the AWS online documentation located at these locations:
https://docs.aws.amazon.com/directconnect/latest/UserGuide/create-vif.html#create-private-vif
https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html
https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
