Amazon Web Services (AWS) is a leading provider of cloud infrastructure and platform services, and AWS Direct Connect (DX) is a network service that enables customers to establish direct, private connections between their internal networks (sites / branches or data centers) and AWS cloud services – through different gateways, locations, global partners, and pricing models.
AWS Direct Connect allows customers to bypass the Internet and connect their premises to AWS services in a particular Region over a dedicated Ethernet fiber-optic cable. It is a physical connection, and, therefore, is more reliable and offers higher performance than the Internet.
Below Dgtl Infra provides an overview of AWS Direct Connect, its components, benefits, pricing, partners, and locations. We also explain the difference between AWS Direct Connect and a VPN, as well as how customers can leverage AWS Direct Connect SiteLink to establish direct, global, and reliable connections between AWS Direct Connect locations.
What is AWS Direct Connect?
Customers can access Amazon Virtual Private Cloud (VPC) and public AWS cloud services through a public internet connection. However, the public internet is notoriously unpredictable, making it unreliable for mission-critical workloads that require high-speed and low-latency.
AWS Direct Connect is an alternate way of connecting to the Amazon VPC and AWS services, which bypasses the public internet and internet service providers (ISPs). Customers can use AWS Direct Connect to establish a dedicated, physical connection between their offices and/or on-premise and colocation data centers, and the AWS cloud.
To make use of AWS Direct Connect, customers must first establish a dedicated network connection between an AWS Direct Connect location – which is a colocation facility where an AWS Direct Connect router is available – and their offices, on-premise data centers, or colocation data centers, using the 802.1Q virtual local area networking (VLAN) standard.
AWS Direct Connect locations provide direct access to an associated AWS Region.
Not only is this AWS Direct Connect connection more private and secure than the public internet, it also provides a more consistent network experience and reduces network costs associated with establishing end-to-end, private, and direct connectivity.
With AWS Direct Connect, enterprises can transfer large volumes of mission-critical data sets between on-premise data centers and AWS with significantly less chances of packet drops and bottlenecks due to overcrowding. AWS Direct Connect allows enterprises to bypass public internet and ISPs, which ensures data privacy and helps enterprises achieve regulatory compliance as well.
Components of AWS Direct Connect
Below are the two key components of AWS Direct Connect:
A direct, physical network connection is established between enterprise premises and the nearest AWS Direct Connect location using a standard 802.1Q VLAN. AWS Direct Connect connections can take two forms:
- Dedicated Connection: associated with a single customer and established by AWS upon the customer’s request
- Hosted Connection: provisioned by an AWS Direct Connect Delivery Partner upon a customer’s request
2) Virtual Interfaces (VIFs)
After establishing or accepting a Direct Connect connection, enterprises can create one or more virtual interfaces (VIFs) to access AWS services. Specifically, organizations can configure two types of VIFs:
- Public VIF: enables access to public AWS services, like Amazon S3 and CloudFront
- Private VIF: used to access private AWS services, such as Amazon Virtual Private Cloud (VPC)
AWS Direct Connect Gateway
Customers with multiple virtual private clouds (VPCs) can create an AWS Direct Connect gateway in any AWS Region and interconnect their VPCs across AWS Regions through this resource. To establish a secure connection point for the VPCs, customers can create a virtual private gateway for each participating VPC (or a transit gateway if there are multiple VPCs in the same Region) and connect the virtual private gateway to the Direct Connect gateway.
AWS Direct Connect Network Diagram
Below is a diagram illustrating how AWS Direct Connect links a customer’s premises to an AWS region:
AWS Direct Connect gateway is a global resource, which means customers can use the same Direct Connect gateway to access VPCs in other AWS Regions as well. This way, a Direct Connect gateway allows customers to connect to multiple VPCs in different AWS Regions from a single private VIF.
AWS Direct Connect Encryption
AWS Direct Connect does not encrypt customers’ traffic by default. Instead, customers must use the encryption options available for the particular service to encrypt data in transit.
For example, AWS provides a native service, AWS Direct Connect + VPN, to combine AWS Direct Connect connections with the capabilities of Amazon VPC’s virtual private network (VPN) solution. Particularly, this service allows customers to establish a private and end-to-end encrypted connection between their internal networks and VPCs.
AWS Direct Connect Speed
For dedicated connections, customers can choose between ports offering speeds of 1 Gbps (gigabit per second), 10 Gbps, and 100 Gbps.
Alternatively, customers can provision hosted connections, which offer speeds of 50 Mbps (megabits per second), 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, and 500 Mbps from an AWS Direct Connect Delivery Partner. Certain approved AWS Direct Connect Delivery Partners can also provision 1 Gbps, 2 Gbps, 5 Gbps, or 10 Gbps hosted connections.
Importantly, since AWS Direct Connect connections are physical, customers can not change the port speeds after requesting a connection. Indeed, the only way to change port speeds is to create a new Direct Connect connection.
AWS Direct Connect vs VPN
AWS provides two viable options for establishing a secure connection between customer’s premises and AWS cloud for accessing Amazon VPCs and AWS services:
- AWS Managed VPN
- AWS Direct Connect
Traditionally, enterprises accessed their cloud resources over shared internet connections. While a virtual private network (VPN) would encrypt an enterprise’s data traffic to create a secure and private tunnel over the Internet. However, a VPN connection is prone to the Internet’s connectivity and performance fluctuations.
On the other hand, AWS Direct Connect is a dedicated, physical connection between a customer’s router and an AWS Direct Connect router within a Direct Connect location. Since AWS houses these routers in colocation data centers around the world, users can establish Direct Connect connections to any AWS Region.
Overall, the AWS Direct Connect link is not shared, making it superior in privacy and less prone to sudden connection drops and latency issues.
AWS Direct Connect does not encrypt data traffic by default. However, as mentioned earlier, customers can utilize service-specific encryption options to secure their data-in-transit. As such, AWS Direct Connect is the optimal choice for customers that need ultra-secure, high-speed, and reliable connection to their AWS environments.
AWS Direct Connect SiteLink
AWS recently introduced a new feature, known as AWS Direct Connect SiteLink, which enables data transfers directly between AWS Direct Connect locations. Using the SiteLink feature, customers can connect their branch offices and data centers leveraging the AWS global backbone network on a pay-as-you-go basis. In turn, all data is dynamically routed following the shortest path between AWS Direct Connect locations.
Utilizing AWS Direct Connect SiteLink
Customers can connect their on-premise networks to nearby Direct Connect locations that are globally distributed by AWS. Next, they must enable the SiteLink feature, which is disabled by default. Then, customers can associate all VIFs to a single Direct Connect gateway, which can be in any AWS Region, since it is a global resource.
SiteLink establishes global connectivity between a customer’s remote offices / branches, data centers, and AWS resources. Customers can enable SiteLink using their existing dedicated or hosted connections and simply connect their on-premises networks, even if they do not have any AWS resources in the corresponding Region. Finally, customers can turn the SiteLink feature on or off at any time.
AWS Direct Connect Locations
AWS Direct Connect locations are colocation data centers with AWS routers. A customer’s router connects to an AWS router inside Direct Connect locations, which serve as an entry point to the AWS infrastructure and services. Below are all the globally distributed AWS Direct Connect locations, grouped by regions:
Tsuen Wan New Territories (Hong Kong SAR), Jakarta (Indonesia), Mumbai (India), Bangalore (India), Delhi (India), Chennai (India), Hyderabad (India), Seoul (South Korea), Singapore, Kuala Lumpur (Malaysia), Sydney (Australia), Canberra (Australia), Melbourne (Australia), Perth (Australia), Tokyo (Japan), Taipei (Taiwan), and Osaka (Japan).
Toronto (Canada), Montréal (Canada), and Vancouver (Canada).
Beijing (China), Ningxia (China), and Shanghai (China).
Prague (Czech Republic), Milan (Italy), Oslo (Norway), Amsterdam (Netherlands), Frankfurt (Germany), Munich (Germany), Berlin (Germany), Helsinki (Finland), Warsaw (Poland), Madrid (Spain), Copenhagen (Denmark), Stockholm (Sweden), Vienna (Austria), Zurich (Switzerland), Paris (France), Marseille (France), London (England), Slough (England), Manchester (England), and Dublin (Ireland).
Middle East and Africa
Manama (Bahrain), Haifa (Israel), Dubai (UAE), Fujairah (UAE), Cape Town (South Africa), Johannesburg (South Africa).
Rio de Janeiro (Brazil) and São Paulo (Brazil).
Columbus (Ohio), Minneapolis (Minnesota), Houston (Texas), Chicago (Illinois), Kansas City (Missouri), New York City (New York), Newark (New Jersey), Reston (Virginia), Philadelphia (Pennsylvania), Atlanta (Georgia), Dallas (Texas), Ashburn (Virginia), Miami (Florida), Secaucus (New Jersey), Boston (Massachusetts), Los Angeles (California), Milpitas (California), Santa Clara (California), El Segundo (California), San Jose (California), Phoenix (Arizona), Denver (Colorado), Las Vegas (Nevada), Seattle (Washington), and Portland (Oregon).
AWS Direct Connect Partners
Customers that do not have equipment at an AWS Direct Connect location can leverage the assistance of one of the AWS Direct Connect Delivery Partners to connect their on-premise networks with AWS environments using AWS Direct Connect. To this end, below are examples of AWS Direct Connect Delivery Partners who have made AWS Direct Connect available at their colocation data centers:
Equinix (including GPX), DCI Data Centers, NTT Global Data Centers (including Netmagic), Sify Technologies, STT GDC, KINX, LG Uplus, Global Switch, AIMS Data Centre, NEXTDC, AT TOKYO, Chief Telecom, and Chunghwa Telecom.
Allied Data Centres, Cologix, and eStruxture.
GDS Holdings, Sinnet, and NWCD Cloud.
Europe and Africa
CDLAN, CE Colo, Digital Realty (including Interxion and Teraco), e& (Etisalat), eir (Eircom), Equinix, IPB, MedOne, Servecentric, STACK Infrastructure (formerly DigiPlex), and Telehouse.
Equinix and TIVIT.
Cologix, CoreSite, CyrusOne, DataBank, Digital Realty, EdgeConneX, Equinix, Netrality, phoenixNAP, Pittock Block, QTS, Switch, T5 Data Centers, and TierPoint.
Details on Select Colocation Data Center Operators
Below are some specific details on three notable AWS Direct Connect Delivery Partners mentioned above:
Equinix hosts AWS Direct Connect routers in over 37 locations across the globe. Customers requiring maximum performance and throughput can choose Equinix to help establish a dedicated AWS Direct Connect connection with a 100 Gbps port speed. Alternatively, Equinix offers 1 Gbps, 2 Gbps, 5 Gbps, and 10 Gbps hosted connections for its global customers.
Below are key Equinix locations where AWS Direct Connect is available:
Tsuen Wan New Territories (Hong Kong SAR), Singapore, Sydney (Australia), Osaka (Japan), and Tokyo (Japan).
Europe and Middle East
Amsterdam (Netherlands), Helsinki (Finland), Frankfurt (Germany), Munich (Germany), Warsaw (Poland), Madrid (Spain), Milan (Italy), Slough (England), Manchester (England), Paris (France), Stockholm (Sweden), and Dubai (UAE).
Rio de Janeiro (Brazil) and São Paulo (Brazil).
Chicago (Illinois), Dallas (Texas), Ashburn (Virginia), Miami (Florida), Secaucus (New Jersey), El Segundo (California), San Jose (California), and Seattle (Washington).
2) Digital Realty
Digital Realty is another major AWS Direct Connect Delivery Partner that has made AWS Direct Connect available in several of its colocation data centers. Specifically, Digital Realty helps customers in configuring scalable and high-performance private connections via AWS Direct Connect either directly from Digital Realty facilities or through Digital Realty’s ServiceFabric Connect, which enables virtual cross connections to AWS.
Presently, Digital Realty has made AWS Direct Connect available in Atlanta (Georgia), Seattle (Washington), and London, England.
CoreSite data centers in the following U.S. locations can provide secure and private connections to AWS via AWS Direct Connect:
- New York City (New York), Reston (Virginia), Los Angeles (California), Milpitas (California), Santa Clara (California), and Denver (Colorado)
AWS Direct Connect Pricing
The following three factors determine the pricing for AWS Direct Connect:
- Capacity: throughput of AWS Direct Connect Ethernet ports, measured in Mbps or Gbps
- Port Hours: number of hours the port is available for a customer
- Data Transfer Out (DTO): refers to the amount of data traffic transferred though a Direct Connect connection to destinations outside of AWS, which is charged per gigabyte (GB)
AWS Direct Connect Delivery Partners may charge extra for their services, as per their service contracts. For customers using the SiteLink feature, additional SiteLink charges are also applicable which depend on SiteLink hours and SiteLink data transfer.
Below are the high-level pricing constructs for AWS Direct Connect, as well as SiteLink:
Port Hour Pricing for Direct Connections
|Capacity||Port Hour Rate||Port Hour Rate (Monthly)|
Port Hour Pricing for Hosted Connections
|Capacity||Port Hour Rate||Port Hour Rate (Monthly)|
Data Transfer Out (DTO) Pricing for AWS Direct Connect
Below is an example of the data transfer out (DTO) pricing for AWS Direct Connect, assuming the data transfer occurs from an AWS Region in the United States.
|To Direct Connect Location||Price / GB|
|All US Regions||$0.0200|
|All Europe Regions||$0.0282|
|Asia Pacific (Tokyo, Osaka)||$0.0900|
|Asia Pacific (Seoul, Singapore, Hong Kong)||$0.0900|
|Asia Pacific (Indonesia)||$0.1062|
|Asia Pacific (Mumbai)||$0.0850|
|South America (Sao Paulo)||$0.1500|
|Asia Pacific (Sydney)||$0.1300|
|Middle East (Bahrain, UAE)||$0.1100|
|Africa (Cape Town)||$0.1100|
SiteLink (AWS Direct Connect) Hour Pricing
For customers who have enabled AWS Direct Connect SiteLink, a fixed rate of $0.50 per hour, which amounts to $365 per month, is charged for each VIF regardless of the connection capacity or the amount of data transfer.
SiteLink (AWS Direct Connect) Data Transfer Pricing
Below is an example of the SiteLink data transfer rates for AWS Direct Connect assuming the data transfer occurs from the United States as the source location.
|Destination||Price / GB|
|Hong Kong, Malaysia, S. Korea, Singapore & Taiwan||$0.0900|
Overall, the total cost of AWS Direct Connect can be calculated as follows:
- Total port hour charges + total data transfer charges + total SiteLink hours + total SiteLink data transfer charges
What is the Azure Equivalent of Direct Connect?
AWS Direct Connect is simply the Amazon Web Services (AWS) term for a cloud on-ramp. Each of the top cloud service providers, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Alibaba Cloud, Oracle Cloud, and IBM Cloud, have their own version and terminology for a cloud on-ramp.
The Azure equivalent of Direct Connect is known as Azure ExpressRoute, which is Microsoft’s term for a cloud on-ramp.
Additionally, the other major cloud on-ramps, which provide private network connectivity to each of the cloud service providers, are known as Google Cloud Interconnect, Alibaba Cloud Express Connect, Oracle FastConnect, and IBM Cloud Direct Link.