How do I set up an Active/Active or Active/Passive Direct Connect connection from a private or transit virtual interface?
I want to use a private or transit virtual interface with AWS Direct Connect to configure an Active/Active or Active/Passive connection between my on-premises network and AWS.
Resolution
Configure Active/Active or Active/Passive connectivity with AWS Direct Connect based on your architecture. The configuration differs depending on whether your virtual interfaces (VIFs) are in the same AWS Region or different Regions.
For more information, see Active/Active and Active/Passive Configurations in AWS Direct Connect.
In the following example scenarios, each VIF advertises the same prefixes with the same Border Gateway Protocol (BGP) attributes from the on-premises location. BGP attributes include AS Path and MED.
Connections in the same AWS Region
In the following scenarios, outbound traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections:
- Same Region and colocation
- Same Region but different colocations
Connections in different AWS Regions
You have connections in different Regions, and the VIFs connect to a virtual private cloud (VPC) that's in one of the Regions. Outbound traffic from the VPC to the on-premises location prefers the connection that's in the same Region as the VPC.
Or, you have connections in different Regions, and the VIFs connect to a VPC in a third Region. Outbound traffic from AWS to the on-premises location is load balanced based on flow (Active/Active) across both Direct Connect connections.
Methods for more predictable routing
To more predictably influence routing behavior, use one of the following methods.
Active/Passive routing
Use a local preference BGP community tag. Set a higher preference to the advertised prefixes for the primary or active connection. Then, set a medium or lower preference for the passive connection.
You can also use AS Path prepending. Use a shorter AS path for the active connection and a longer AS path for the passive connection.
Note: You can use AS path prepending to configure Active/Passive routing for connections that are in different Regions.
Active/Active routing
Advertise the prefixes on both Direct Connect connections with the same local preference BGP community tag.
Thank you for the post and explanations. I need some clarification regarding scenario "Scenarios with connections in different Regions - Scenario 1" when using direct connect gateway
I am referring to this direct connect document: https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html
In one paragraph it states, "When an AWS Region routes traffic to on-premises locations via Direct Connect private or transit virtual interfaces, the associated AWS Region of the Direct Connect location influences the ability to use equal-cost multi-path routing (ECMP). AWS Regions prefer Direct Connect locations in the same associated AWS Region by default only for virtual interfaces that are not attached to a Direct Connect gateway. When attached to a Direct Connect gateway, the associated Region is not preferred. "
Can you please confirm if ECMP is possible if direct connect gateway is used?
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked 2 months ago
- asked 19 days ago
- asked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
