VPN vs Direct Connect

언어: English
VPN vs Direct Connect
2
Diagram that shows differences in VPN and Direct Connect connectivity.
profile pictureAWS
전문가
iBehr
업데이트됨 2달 전5294회 조회

VPN vs Direct Connect

Diagram that shows differences in VPN and Direct Connect. This is a common question for smaller companies determining their needs and understanding responsibilities of each type of connectivity.

Enter image description here

Details of all Amazon Virtual Private Cloud Connectivity Options can be found here: Network-to-Amazon VPC connectivity options

4 댓글

The Direct Connect part of the diagram appears to be missing a Direct Connect Gateway (DXGW). It's advisable always to use a DXGW between Direct Connect connections and TGWs/VGWs. While a DXGW has no meaningful physical existence, it effectively tells the AWS backbone network that potential multiple routes that exist between a source and a destination are related. The backbone network then uses this knowledge to minimise or avoid, if possible, single points of failure between all related components.

For example, if in your diagram, a second DX would be added with a route for some or all of the same on-premises networks, the VGW would allow it to be associated as a second link and used for redundancy with BGP. However, the AWS backbone network may not be able to recognise that these connections serve as backups for one another and might therefore share parts of physical infrastructure and fibre routes between the two links. By placing a DXGW in between, the AWS backbone network will avoid that as much as possible.

The DXGW will also allow sharing a single VIF with VGWs in up to 10 VPCs via VGWs or a single transit VIF with up to 6 TGWs. There's no additional cost, reduction in availability, anything additional to monitor, increase in administrative overhead, or other downside to using a DXGW, so it's recommended always simply to implement DX connectivity with a DXGW, even when starting with a non-redundant connection and no particular scaling needs.

전문가
Leo K
답글을 게시함 2달 전

Great points Leo! Added the DxGW to the diagram.

profile pictureAWS
전문가
iBehr
답글을 게시함 2달 전

This is great diagram iBehr. I suggest to also mention the option of using S2S VPN over transit VIF (like in the second diagram described here).

profile pictureAWS
전문가
답글을 게시함 2달 전

Thanks Yaniv! Added the option for S2S over Transit VIF.

profile pictureAWS
전문가
iBehr
답글을 게시함 2달 전