Connection with AWS Direct Connect
Problem to Solve
We want to configure a private (closed) connection between an existing on-premises router (CPE) and AWS.
Solution with OCX
Multiple connection methods are available. After creating a Cloud Connection, you need to approve the Direct Connect created in the AWS portal and create a virtual interface (VIF). There are three types of VIFs:
- AWS Private VIF
- AWS Transit VIF
- AWS Public VIF
Please check the Notes. Especially when using Public VIF, please fully understand the content before using it.
OCX Resources
Without OCX-Router(v1)
| Resource | Required Quantity |
|---|---|
| CloudConnection | 2 |
| VC | 2 |
| PhysicalPort | 2 |
| VCI | 2 |
With OCX-Router(v1)
| Resource | Required Quantity |
|---|---|
| Physical Port | 2 |
| VCI | 2 |
| CloudConnection | 2 |
| VC | 5 |
| OCX-Router(v1) | 1 (2 instances) |
| Interface(RouterConnection) | 6 |
Structure
Overview Diagram (Without OCX-Router(v1))
Overview Diagram (With OCX-Router(v1))
Detailed Diagram (With OCX-Router(v1), Connection with Transit VIF)
Advantages
- By directly connecting on-premises and AWS without going through the Internet, a secure and private connection is possible.
- With the simple UI operation of the OCX portal, it is possible to clearly separate and manage Primary and Secondary.
Notes
- Please prepare a router that supports BGP for the CPE.
- Perform network design and configuration based on the specifications on the cloud side.
- Route control such as routing is within the customer's responsibility.
- Design so that each AS number and segment do not overlap.
- Turn on enabling route redistribution for Connected and Static Routes.
- There is an upper limit to the number of routes that can be received on the public cloud side; if the upper limit is exceeded depending on the number of routes exchanged with each other, use the route aggregation function on OCX-Router(v1) and consider route aggregation.
- Notes when using Public VIF
- To use Public VIF, preparation of a Public IP is required.
- Routes advertised via AWS BGP are, by default, assigned the BGP community attribute no-export. Due to this attribute, routes received from AWS are not re-advertised to a different AS by specification, so please be careful when using it together with OCX-Router(v1).
- As reference information for creating a Public VIF, please refer to the links below.
- How to create a Public VIF (AWS official documentation)
- Troubleshooting when Public VIF remains Verifying (AWS Repost)