Networking

Dedicated Connection Design - Achieving Stable Private Network Connectivity with Direct Connect

Learn about dedicated connection design with AWS Direct Connect, including choosing between dedicated and hosted connections, redundancy configurations, and achieving stable private network connectivity through VPC integration.

約 6 分で読めます

Limitations of Internet Connectivity and the Value of Dedicated Connections

When organizations move to serious cloud adoption, internet-based connectivity alone may not meet requirements for bandwidth stability, latency predictability, and security. Dedicated private network connections are particularly needed for large-volume data transfers, latency-sensitive workloads, and regulated industries such as finance and healthcare. AWS Direct Connect is a service that connects on-premises environments to AWS via dedicated network lines, providing a stable communication path that bypasses the internet. Using Direct Connect provides more stable network latency compared to internet connections, and bandwidth costs can be reduced by up to 50% for high-volume transfers.

Choosing Between Dedicated and Hosted Connections

Direct Connect offers two connection types: Dedicated Connection and Hosted Connection. Dedicated connections provide bandwidth of 1 Gbps, 10 Gbps, or 100 Gbps with exclusive use of a physical port. They are suited for enterprise environments requiring high-volume data transfer and stable bandwidth. Hosted connections are provided through AWS Direct Connect Partners, offering flexible bandwidth options from 50 Mbps to 10 Gbps. They are suitable when you want to start with dedicated connectivity at lower initial cost, or when required bandwidth is under 1 Gbps. By creating virtual interfaces (VIFs), you can configure multiple logical connections on a single physical connection. Private VIFs connect to VPCs, public VIFs connect to AWS public services, and transit VIFs connect to multiple VPCs via Transit Gateway.

Redundancy and High Availability Design

When using Direct Connect in production, designing redundant configurations to eliminate single points of failure is essential. The most basic redundancy configuration is a dual-location setup with two connections at different Direct Connect locations. Selecting geographically separated locations such as Tokyo and Osaka ensures resilience against natural disasters and data center failures. Direct Connect Gateway enables access to VPCs in multiple regions from a single connection, streamlining connectivity to globally distributed workloads. Enabling SiteLink allows routing traffic between Direct Connect locations via the AWS backbone network, leveraging AWS's network for communication between on-premises sites as well. A common failover design places Direct Connect as primary and Site-to-Site VPN as secondary. For a comprehensive understanding of cloud dedicated connection patterns, refer to technical books (Amazon).

VPC Integration and Network Design

Integration between Direct Connect and VPC follows the basic pattern of connecting through a Virtual Private Gateway or Transit Gateway. Virtual Private Gateway is used for connecting to a single VPC, enabling quick connection establishment with a simple configuration. Transit Gateway connects multiple VPCs and on-premises networks in a hub-and-spoke topology, centralizing route management in large multi-VPC environments. Dynamic routing with BGP (Border Gateway Protocol) enables automatic route learning and failover during outages. Traffic over Direct Connect travels within AWS's private network, allowing secure data transfer without internet exposure. MACsec (IEEE 802.1AE) encryption support provides physical-layer data encryption for an even higher security level. The following is an example of creating a Direct Connect virtual interface with the AWS CLI. aws directconnect create-private-virtual-interface --connection-id dxcon-abc12345 --new-private-virtual-interface virtualInterfaceName=my-vif,vlan=101,asn=65000,virtualGatewayId=vgw-abc12345

Direct Connect Pricing

Direct Connect port fees are approximately $220 per month for 1 Gbps and approximately $1,500 for 10 Gbps. Data transfer charges apply only in the outbound direction and vary by region (approximately $0.041 per GB in the Tokyo region). Inbound is free. Partner connections (hosted) are available from 50 Mbps with lower port fees, but partner monthly fees apply. For redundant configurations with two connections, port fees double.

Summary

AWS Direct Connect connects on-premises environments to AWS via dedicated lines, providing stable latency, predictable bandwidth, and security through private network connectivity. Two connection types, dedicated and hosted, address a wide range of needs from large enterprises to small-to-medium environments. Dual-location configurations and VPN failover enable highly available network designs. Direct Connect Gateway and SiteLink streamline global network connectivity, and Transit Gateway integration simplifies route management in multi-VPC environments. For organizations requiring stable private network connectivity, Direct Connect is the foundational service for cloud connectivity.

Related Services

AWS Direct ConnectA service that provides a dedicated network connection between on-premises and AWS for stable, low-latency connectivityAmazon VPCBuild a logically isolated virtual network on AWS

Related Articles

Amazon VPC Network Design - Subnet Architecture and NAT Gateway OptimizationLearn how to design public/private subnet separation, layered security group management, and reduce NAT Gateway costs with Gateway VPC Endpoints.Hybrid Cloud with AWS Outposts - Extending AWS to On-PremisesCompare rack and server form factors, and learn about hybrid cloud design for running EC2, ECS, and RDS on-premises.Migrating VMware Workloads to the Cloud - Bring Your Existing Environment to AWS with Amazon EVSLearn how to migrate VMware workloads to AWS using Amazon Elastic VMware Service (EVS). This article covers VPC integration, HCX migration procedures, and on-premises connectivity design.

More on This Topic

Building a Service Mesh with AWS App Mesh - Controlling and Observing Microservice CommunicationLearn how to declaratively configure canary deployments, retry policies, and mTLS encryption using Envoy sidecars, and visualize service dependencies with X-Ray integration.Service Discovery with AWS Cloud Map - Dynamic Name Resolution for MicroservicesDynamically discover microservice endpoints using DNS-based and API-based approaches. Learn how to automate service registration and deregistration through integration with ECS and EKS.How CloudFront's 600+ PoPs Work - Anycast Routing and the Cache HierarchyLearn how CloudFront routes user requests to the nearest PoP using Anycast, the two-tier structure of edge locations and regional edge caches, and the design factors that determine cache hit rates.Building Dedicated Connections with AWS Direct Connect - Redundancy Design and Traffic ControlDesign redundant dedicated connections and connect to VPCs across multiple regions with Direct Connect Gateway. This article also covers bandwidth aggregation with LAG and MACsec encryption.Elastic IP Address Management and Design - Static IP Usage and Cost OptimizationLearn about Elastic IP allocation, EC2 association, cost implications of unused EIPs, and alternative approaches to consider.Why ELB Has Three Types - The Design Rationale Behind ALB, NLB, and CLBExplore why ALB, NLB, and CLB (Classic) coexist rather than being unified into a single service, examining OSI model layers, performance characteristics, and historical context.Global Network Optimization with AWS Global Accelerator - Low-Latency Delivery and FailoverLearn how to route traffic onto the AWS global network using Anycast IPs, design endpoint groups, and achieve failover through health checks.Global Network Acceleration - Low-Latency Delivery with AWS Global Accelerator and CloudFrontRoute traffic onto the AWS global network early using Anycast IPs to direct clients to the nearest edge location. This guide covers ALB/NLB integration and failover design.

Similar Articles and Services

AWS Direct ConnectA service that provides a dedicated network connection between on-premises environments and AWS, delivering stable, low-latency connectivity that bypasses the public internetBuilding Dedicated Connections with AWS Direct Connect - Redundancy Design and Traffic ControlDesign redundant dedicated connections and connect to VPCs across multiple regions with Direct Connect Gateway. This article also covers bandwidth aggregation with LAG and MACsec encryption.Amazon VPCA service for building a logically isolated virtual network within the AWS cloud, giving you full control over IP address ranges, routing, and securityThe Depth of AWS Networking Services - Enterprise Network Design with VPC, Transit Gateway, and PrivateLinkThis article examines AWS networking services centered on VPC, Transit Gateway, PrivateLink, Direct Connect, and Network Firewall, comparing them with Azure VNet/ExpressRoute and GCP VPC/Cloud Interconnect to explain the flexibility advantages in enterprise network design.