The Direct Connect part of the diagram appears to be missing a Direct Connect Gateway (DXGW). It's advisable always to use a DXGW between Direct Connect connections and TGWs/VGWs. While a DXGW has no meaningful physical existence, it effectively tells the AWS backbone network that potential multiple routes that exist between a source and a destination are related. The backbone network then uses this knowledge to minimise or avoid, if possible, single points of failure between all related components.
For example, if in your diagram, a second DX would be added with a route for some or all of the same on-premises networks, the VGW would allow it to be associated as a second link and used for redundancy with BGP. However, the AWS backbone network may not be able to recognise that these connections serve as backups for one another and might therefore share parts of physical infrastructure and fibre routes between the two links. By placing a DXGW in between, the AWS backbone network will avoid that as much as possible.
The DXGW will also allow sharing a single VIF with VGWs in up to 10 VPCs via VGWs or a single transit VIF with up to 6 TGWs. There's no additional cost, reduction in availability, anything additional to monitor, increase in administrative overhead, or other downside to using a DXGW, so it's recommended always simply to implement DX connectivity with a DXGW, even when starting with a non-redundant connection and no particular scaling needs.
Great points Leo! Added the DxGW to the diagram.
This is great diagram iBehr. I suggest to also mention the option of using S2S VPN over transit VIF (like in the second diagram described here).
Thanks Yaniv! Added the option for S2S over Transit VIF.
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago