VPN vs Direct Connect

語言: English
VPN vs Direct Connect
3
Diagram that shows differences in VPN and Direct Connect connectivity.
profile pictureAWS
專家
iBehr
已更新 2 個月前檢視次數 5308 次

VPN vs Direct Connect

Diagram that shows differences in VPN and Direct Connect. This is a common question for smaller companies determining their needs and understanding responsibilities of each type of connectivity.

Enter image description here

Details of all Amazon Virtual Private Cloud Connectivity Options can be found here: Network-to-Amazon VPC connectivity options

4 評論

The Direct Connect part of the diagram appears to be missing a Direct Connect Gateway (DXGW). It's advisable always to use a DXGW between Direct Connect connections and TGWs/VGWs. While a DXGW has no meaningful physical existence, it effectively tells the AWS backbone network that potential multiple routes that exist between a source and a destination are related. The backbone network then uses this knowledge to minimise or avoid, if possible, single points of failure between all related components.

For example, if in your diagram, a second DX would be added with a route for some or all of the same on-premises networks, the VGW would allow it to be associated as a second link and used for redundancy with BGP. However, the AWS backbone network may not be able to recognise that these connections serve as backups for one another and might therefore share parts of physical infrastructure and fibre routes between the two links. By placing a DXGW in between, the AWS backbone network will avoid that as much as possible.

The DXGW will also allow sharing a single VIF with VGWs in up to 10 VPCs via VGWs or a single transit VIF with up to 6 TGWs. There's no additional cost, reduction in availability, anything additional to monitor, increase in administrative overhead, or other downside to using a DXGW, so it's recommended always simply to implement DX connectivity with a DXGW, even when starting with a non-redundant connection and no particular scaling needs.

專家
Leo K
回答 2 個月前

Great points Leo! Added the DxGW to the diagram.

profile pictureAWS
專家
iBehr
回答 2 個月前

This is great diagram iBehr. I suggest to also mention the option of using S2S VPN over transit VIF (like in the second diagram described here).

profile pictureAWS
專家
回答 2 個月前

Thanks Yaniv! Added the option for S2S over Transit VIF.

profile pictureAWS
專家
iBehr
回答 2 個月前