How do I set up an Active/Active or Active/Passive Direct Connect connection to AWS from a private or transit virtual interface?

3 minutos de lectura
0

How do I set up an Active/Active or Active/Passive AWS Direct Connect connection to AWS from a private or transit virtual interface?

Resolution

Scenarios with connections in the same Region

Scenario 1:

  • Both connections are in the same Region and same colocation.
  • The same prefixes are advertised with the same Border Gateway Protocol (BGP) attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections.

Scenario 2:

  • Both connections are in the same Region but in different colocations facilities.
  • The same prefixes are advertised with the same BGP attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections.

Scenarios with connections in different Regions

Scenario 1:

  • Connection A (virtual interface VIF-A) is in Region 1.
  • Connection B (virtual interface VIF-B) is in Region 2.
  • Both virtual interfaces connect to a virtual private cloud (VPC) in Region 1 using a Direct Connect gateway.
  • Both virtual interfaces advertise the same prefixes with the same BGP attributes (such as AS Path and MED) on both the connections from the on-premises location.

Egress traffic from the VPC to the on-premises location prefers connection A because it's in the same Region as the VPC.

Scenario 2:

  • Connections are two Regions and two colocations facilities.
  • Connection A (virtual interface VIF-A) is in Region 1.
  • Connection B (virtual interface VIF-B) is in Region 2.
  • Both virtual interfaces connect to a VPC in Region 3 using a Direct Connect gateway.
  • Both virtual interfaces advertise the same prefixes with the same BGP attributes (such as AS Path and MED) from the on-premises location.

Egress traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections.

Methods for more predictable routing

For more predictable routing than what's possible in the scenarios previously described, use the following methods.

For Active/Passive configuration of Direct Connect connections:

  • Apply the local preference BGP community tag. Set a higher preference to the advertised prefixes for the primary or active connection. Then, set a medium or lower preference for the passive connection.
  • AS Path prepend using a shorter AS path on the active connection and a longer AS path on the passive connection.
    Note: AS Path prepending can't be used to configure Active/Passive connections in environments similar to scenario 1 of "Scenarios with connections in different Regions".
  • Advertise the most specific route using BGP on the active connection.

For Active/Active configuration of Direct Connect connections, advertise the prefixes on both Direct Connect connections with the same local preference BGP community tag.


OFICIAL DE AWS
OFICIAL DE AWSActualizada hace 2 años
2 comentarios

Thank you for the post and explanations. I need some clarification regarding scenario "Scenarios with connections in different Regions - Scenario 1" when using direct connect gateway

I am referring to this direct connect document: https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html

In one paragraph it states, "When an AWS Region routes traffic to on-premises locations via Direct Connect private or transit virtual interfaces, the associated AWS Region of the Direct Connect location influences the ability to use equal-cost multi-path routing (ECMP). AWS Regions prefer Direct Connect locations in the same associated AWS Region by default only for virtual interfaces that are not attached to a Direct Connect gateway. When attached to a Direct Connect gateway, the associated Region is not preferred. "

Can you please confirm if ECMP is possible if direct connect gateway is used?

profile pictureAWS
H_Shah
respondido hace 2 meses

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERADOR
respondido hace 2 meses