Questions tagged with AWS Direct Connect

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

How can we shorten failover time DX and VPN?

A customer has decided to use DirectConnect(DX) and VPN. So if DX failed, they want to fail over to VPN. But it takes about 20~30 seconds. What configuration does it effect to this long fail over time? AWS VPN Configuration is below ``` config vpn ipsec phase1-interface edit "transit-KR.P***" set interface "Loopbk" set local-gw 182.###.###.### set keylife 28800 set proposal aes128-sha1 set dhgrp 2 set remote-gw 15.###.###.### set psksecret . set dpd-retryinterval 1 set dpd enable set comments "aws-transit-****" next edit "transit-KR.****" set interface "Loopbk" set local-gw 182.###.###.### set keylife 28800 set proposal aes128-sha1 set dhgrp 2 set remote-gw 52.###.###.### set psksecret x set dpd-retryinterval 1 set dpd enable set comments "aws-transit-***" next end config vpn ipsec phase2-interface edit "transit-KR.####" set phase1name "transit-KR.####" set proposal aes128-sha1 set dhgrp 2 set keylifeseconds 3600 next edit "transit-KR.****" set phase1name "transit-KR.****" set proposal aes128-sha1 set dhgrp 2 set keylifeseconds 3600 next end config system interface edit "transit-KR.####" set ip 169.###.###.### 255.255.255.255 set allowaccess ping set tcp-mss 1387 set remote-ip 169.###.###.### set description "aws-transit-****" next edit "transit-KR****" set ip 169.###.###.### 255.255.255.255 set allowaccess ping set tcp-mss 1387 set remote-ip 169.###.###.### set description "aws-transit-****" next end config router bgp config neighbor edit "169.###.###.###" set remote-as 64514 set route-map-in aws-transitgw set route-map-out non-transit next edit "169.###.###.###" set remote-as 64514 set route-map-in aws-transitgw set route-map-out non-transit next end end *****-FW-1 $ get router info bgp nei 169.###.###.### routes BGP table version is 6042, local router ID is 182.###.###.### Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * 10.80.64.0/18 169.###.###.### 100 0 64514 e *> 10.80.120.0/24 169.###.###.### 100 0 64514 e Total number of prefixes 2 ``` DX bgp configuration is below ``` interface g3/7.30 description AWS_DX_vpc_test logging event subif-link-status no ip redirects encapsulation dot1Q 30 ip address 172.16.1.57 255.255.255.252 bfd interval 100 min_rx 100 multiplier 3 ip as-path access-list 92 permit ^64513$ ip prefix-list ***-OUT-IPLIST seq 10 permit 10.56.0.0/13 le 32 ip prefix-list ***-OUT-IPLIST seq 20 permit 10.64.0.0/13 le 32 ip prefix-list ***-OUT-IPLIST seq 30 permit 10.28.0.0/14 le 32 ip prefix-list ***-OUT-IPLIST seq 40 permit 172.16.128.0/23 le 32 ip prefix-list ***-IN-IPLIST seq 10 permit 10.80.0.0/12 le 32 route-map AWS-KR-IN permit 10 match ip address prefix-list ***-IN-IPLIST match as-path 92 set local-preference 100 set community 9710:1493 route-map ***-OUT permit 10 match ip address prefix-list ***-OUT-IPLIST match as-path 1 set community none router bgp 64710 neighbor 172.16.1.58 remote-as 64513 neighbor 172.16.1.58 password ********** neighbor 172.16.1.58 description AWS dx-transitgw test neighbor 172.16.1.58 soft-reconfiguration inbound neighbor 172.16.1.58 route-map ***-IN in neighbor 172.16.1.58 route-map ***-OUT out neighbor 172.16.1.58 fall-over bfd ``` VPN config is downloaded from AWS VPN Config.
1
answers
0
votes
146
views
asked 3 years ago

hosted public VIF data transfer egress billing scenario clarification

Hello Networking TFC I noticed this in the FAQ for Public VIFs For publicly addressable AWS resources (for example, Amazon S3 buckets, Classic EC2 instances, or EC2 traffic that goes through an internet gateway), if the outbound traffic is destined for public prefixes owned by the same AWS payer account and actively advertised to AWS through an AWS Direct Connect public virtual Interface, the Data Transfer Out (DTO) usage is metered toward the resource owner at AWS Direct Connect data transfer rate. However it leaves the customer wanting to understand some scenarios, is this the same for hosted public VIF, and what if accounts are not in the same AWS organizations (different payer ) Example Scenario - Account A has the DX connection, and its own public VIF - Account B (not in AWS organizations with account A) was given a hosted public VIF from account A - Account C unrelated to Account A or B Scenario billing questions – please just respond with yes or no on the billing items so we can help the customer predict billings. - Scenario 1 - Account B S3 bucket, data transfer out to account B DX on premises. - Account A S3 egress yes/no - Account A DX egress yes/no - Account B S3 egress yes/no - Account B DX egress yes/no - Scenario 2 - Account B S3 bucket, data transfer out to account A DX on premises. - Account A S3 egress yes/no - Account A DX egress yes/no - Account B S3 egress yes/no - Account B DX egress yes/no - Scenario 3 - Account A S3 bucket, data transfer out to account B DX on premises. - Account A S3 egress yes/no - Account A DX egress yes/no - Account B S3 egress yes/no - Account B DX egress yes/no - Scenario 4 - Account C S3 bucket, data transfer out to account B DX on premises. - Account A S3 egress yes/no - Account A DX egress yes/no - Account B S3 egress yes/no - Account B DX egress yes/no Thanks in advance
1
answers
0
votes
29
views
asked 3 years ago