How do I set up an Active/Active or Active/Passive Direct Connect connection to AWS from a private or transit virtual interface?

Resolution

Scenarios with connections in the same Region

Scenario 1:

• Both connections are in the same Region and same colocation.
• The same prefixes are advertised with the same Border Gateway Protocol (BGP) attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections.

Scenario 2:

• Both connections are in the same Region but in different colocations facilities.
• The same prefixes are advertised with the same BGP attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections.

Scenarios with connections in different Regions

Scenario 1:

• Connection A (virtual interface VIF-A) is in Region 1.
• Connection B (virtual interface VIF-B) is in Region 2.
• Both virtual interfaces connect to a virtual private cloud (VPC) in Region 1 using a Direct Connect gateway.
• Both virtual interfaces advertise the same prefixes with the same BGP attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from the VPC to the on-premises location prefers connection A because it's in the same Region as the VPC.

Scenario 2:

• Connections are two Regions and two colocations facilities.
• Connection A (virtual interface VIF-A) is in Region 1.
• Connection B (virtual interface VIF-B) is in Region 2.
• Both virtual interfaces connect to a VPC in Region 3 using a Direct Connect gateway.
• Both virtual interfaces advertise the same prefixes with the same BGP attributes (such as AS Path and MED) from the on-premises location.

Egress traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections.

Methods for more predictable routing

For more predictable routing than what's possible in the scenarios previously described, use the following methods.

For Active/Passive configuration of Direct Connect connections:

• Apply the local preference BGP community tag. Set a higher preference to the advertised prefixes for the primary or active connection. Then, set a medium or lower preference for the passive connection.
• AS Path prepend using a shorter AS path on the active connection and a longer AS path on the passive connection.
  Note: AS Path prepending can't be used to configure Active/Passive connections in environments similar to scenario 1 of "Scenarios with connections in different Regions".
• Advertise the most specific route using BGP on the active connection.

For Active/Active configuration of Direct Connect connections, advertise the prefixes on both Direct Connect connections with the same local preference BGP community tag.