Direct Connect supports jumbo frames on the customer interconnect point from 1,522 to 9,023 bytes (14 bytes Ethernet header + 4 bytes VLAN tag + bytes for the IP datagram + 4 bytes FCS) at the OSI link layer 2. Jumbo frame support allows for a more efficient transmission of frames over an Ethernet network by reducing the amount of framing overhead relative to the size of data in the frame. Jumbo support is most effective when large amounts of data must be transferred such as storage area networks, large video frames, or big data traffic. Jumbo frames reduce the number of frames sent across the network as there are fewer large frames compared to many smaller frames. The number of headers is reduced, which means there is less frame processing overhead to create and read on the interfaces. Also, network bandwidth is greater because of the fewer number of Ethernet frame headers needed.
Generally, you will see the maximum transmission unit (MTU) setting for jumbo frames set at 9,000 bytes.
AWS Direct Connect supports jumbos on private virtual interfaces connected to virtual private gateways, on a Direct Connect gateway, or on a transit virtual interface attached to a Direct Connect gateway.
You set the MTU of your private virtual interfaces; for more details, reference the AWS documentation site at https://docs.aws.amazon.com/directconnect/latest/UserGuide/set-jumbo-frames-vif.html.
Large data centers, such as AWS availability zones, support thousands or tens of thousands of customers. For security and management, these customer networks need to be segments and isolated from each other. This is the concept used by virtual private clouds (VPCs). While a VPC operates inside of AWS, it provides isolation from the other customer networks in the same data center. This is accomplished by using encapsulation techniques to create customer networks that “overlay” or run on top of the data center’s switching fabrics commonly called the underlay network. In this section, you will learn about the most common encapsulation protocols. Then we will discuss some of the in-transit encryption techniques deployed in modern networks.
The overlay network is a logical virtual network running on top of an existing physical network known as the underlay network.
Overlay and underlay are terms frequently used in SDN and network virtualization. In terms of the VxLAN protocol, the underlay network is the layer 3 routed IP network that routes VxLAN packets as normal IP traffic. The overlay refers to the virtual Ethernet segment created by this forwarding. Underlays are physical hardware, and overlays are logical and run above the underlay network.
Overlay networks use software to create layers of network abstraction that can be used to run multiple separate, discrete virtualized network layers on top of the physical network. This provides separation between networks even though they are traversing that same physical infrastructure. VPCs in AWS are the overlay, and the hardware in the AWS data centers is the underlay.
Overlays are created by taking networking endpoints and creating a virtual connection between them; multiple secure overlays can be built using software over existing networking hardware infrastructure. These endpoints could be actual physical objects, such as a network port, or they could be logical locations designated by a software address in the networking cloud.
Overlays use routing or switching software that applies software tags, labels, and sometimes encryption to create a virtual tunnel that runs on top of the physical network. When encryption is used, data is be secured between the endpoints so that the end users must be authenticated to use the connection.
The endpoints are designated by an identification tag or number. A device can be located by knowing its identification tag or number in the networking system. These tags are used to create the virtual connections.