1 00:00:06,590 --> 00:00:09,140 - Now let's talk about AWS Direct Connect. 2 00:00:09,140 --> 00:00:13,580 With Direct Connect, we have the ability to gain 3 00:00:13,580 --> 00:00:18,420 a dedicated private fiber connection into AWS, 4 00:00:18,420 --> 00:00:21,460 and these come in either one gigabit per second 5 00:00:21,460 --> 00:00:23,810 or 10 gigabit per second options. 6 00:00:23,810 --> 00:00:25,280 Those are the two most common. 7 00:00:25,280 --> 00:00:28,860 It is possible to get a Direct Connect connection 8 00:00:28,860 --> 00:00:31,580 that is lower than one gigabit per second 9 00:00:31,580 --> 00:00:33,723 but those are actually the most common. 10 00:00:35,610 --> 00:00:38,850 And we can use this to establish private connectivity 11 00:00:38,850 --> 00:00:42,500 into one or more VPCs within that region 12 00:00:42,500 --> 00:00:46,070 or to gain access to Amazon services 13 00:00:46,070 --> 00:00:50,113 such as S3 or DynamoDB in that particular region. 14 00:00:51,240 --> 00:00:53,810 Keep in mind that any bandwidth 15 00:00:53,810 --> 00:00:58,240 that leaves an Amazon region that goes over the Internet, 16 00:00:58,240 --> 00:01:00,350 we will pay bandwidth for. 17 00:01:00,350 --> 00:01:02,780 And so, if you're doing a lot of transfer 18 00:01:02,780 --> 00:01:06,210 between Amazon services like S3 for example, 19 00:01:06,210 --> 00:01:07,620 if you're using the internet, 20 00:01:07,620 --> 00:01:10,310 then you're going to pay a particular fee. 21 00:01:10,310 --> 00:01:13,720 But with Direct Connect, we get lower data transfer rates 22 00:01:13,720 --> 00:01:15,160 than using the internet. 23 00:01:15,160 --> 00:01:20,160 So if we have very significant volumes of data, 24 00:01:20,330 --> 00:01:23,700 it could be cheaper for us to leverage Direct Connect 25 00:01:24,600 --> 00:01:27,803 in order to gain access to those lower bandwidth charges. 26 00:01:29,390 --> 00:01:32,870 Direct Connect also gives us a significant increase 27 00:01:32,870 --> 00:01:35,300 in bandwidth and throughput as opposed to 28 00:01:35,300 --> 00:01:38,053 accessing in Amazon services through the internet. 29 00:01:39,260 --> 00:01:42,510 It gives us more consistent network performance. 30 00:01:42,510 --> 00:01:45,883 And in order to use this, in order to set up the routers, 31 00:01:46,860 --> 00:01:49,280 you know, between on premises and AWS, 32 00:01:49,280 --> 00:01:51,270 it does require us to leverage 33 00:01:51,270 --> 00:01:53,660 External Border Gateway Protocol, or eBPG. 34 00:01:54,690 --> 00:01:58,130 There are a number of AWS Direct Connect providers. 35 00:01:58,130 --> 00:02:01,035 We generally work with some type of a provider 36 00:02:01,035 --> 00:02:03,620 within the Amazon partner network 37 00:02:03,620 --> 00:02:06,210 that can help us run that fiber line 38 00:02:06,210 --> 00:02:08,680 between our location and AWS. 39 00:02:08,680 --> 00:02:11,510 And some of those providers, depending on where you are, 40 00:02:11,510 --> 00:02:16,510 could be Equinix, Interxion, Cologix, Digital Realty. 41 00:02:17,530 --> 00:02:19,510 There is a number of different providers 42 00:02:19,510 --> 00:02:20,830 that we might look to, 43 00:02:20,830 --> 00:02:24,020 again, depending on the region that you're in, 44 00:02:24,020 --> 00:02:25,890 or the country that you're operating in. 45 00:02:25,890 --> 00:02:29,180 And so, we have our location wherever that is. 46 00:02:29,180 --> 00:02:30,330 It could be on premises. 47 00:02:30,330 --> 00:02:35,330 It could be a co-location somewhere, some remote facility. 48 00:02:35,450 --> 00:02:38,690 And we generally work with an AWS partner, 49 00:02:38,690 --> 00:02:40,800 some service provider. 50 00:02:40,800 --> 00:02:44,540 They would run a line between our location 51 00:02:44,540 --> 00:02:48,850 and AWS Direct Connect facility, or point of presence. 52 00:02:48,850 --> 00:02:52,220 From there, AWS already has lines 53 00:02:52,220 --> 00:02:54,823 going into that particular region. 54 00:02:55,940 --> 00:03:00,940 Once we have our Direct Connect connection into that region, 55 00:03:01,380 --> 00:03:04,760 we can then divide that Direct Connect connection 56 00:03:04,760 --> 00:03:06,990 into multiple VLANs. 57 00:03:06,990 --> 00:03:09,350 So let's start at the top here 58 00:03:09,350 --> 00:03:11,420 and take a look at this diagram. 59 00:03:11,420 --> 00:03:13,410 You'll notice here that I have 60 00:03:13,410 --> 00:03:17,080 several different AWS services such as Simple Queue Service, 61 00:03:17,080 --> 00:03:21,742 Simple Notification Service, S3 and DynamoDB. 62 00:03:21,742 --> 00:03:26,742 AWS services exist within a public address space. 63 00:03:27,350 --> 00:03:30,680 So if you were to communicate to these services directly, 64 00:03:30,680 --> 00:03:32,970 apart from Direct Connect, 65 00:03:32,970 --> 00:03:37,230 you would reach those services over public IP addresses. 66 00:03:37,230 --> 00:03:42,230 And so, it is possible to still reach those services, 67 00:03:42,990 --> 00:03:46,420 still using public IP addresses over Direct Connect, 68 00:03:46,420 --> 00:03:48,360 and we can achieve that through routing. 69 00:03:48,360 --> 00:03:52,160 We can route Amazon's public IP space 70 00:03:52,160 --> 00:03:54,410 through our Direct Connect. 71 00:03:54,410 --> 00:03:56,900 And so, in order to do that, 72 00:03:56,900 --> 00:04:01,220 we would have to divide this Direct Connect connection 73 00:04:01,220 --> 00:04:02,910 into multiple VLANs, 74 00:04:02,910 --> 00:04:07,910 and we would assign one VLAN to that public address space. 75 00:04:08,860 --> 00:04:13,120 And that would allow us to reach those Amazon services. 76 00:04:13,120 --> 00:04:17,250 If we also wanted to use that same Direct Connect connection 77 00:04:17,250 --> 00:04:19,730 to reach multiple VPCs, 78 00:04:19,730 --> 00:04:23,630 then we would divide that connection again into VLANs. 79 00:04:23,630 --> 00:04:28,110 Each VPC would get its own VLAN, right? 80 00:04:28,110 --> 00:04:33,110 And so that would enable us to access services 81 00:04:33,650 --> 00:04:35,700 running within these VPCs. 82 00:04:35,700 --> 00:04:40,110 So if we had instances here, we could reach those instances 83 00:04:40,110 --> 00:04:42,600 on private IP addresses. 84 00:04:42,600 --> 00:04:45,630 It is worth noting that even though 85 00:04:45,630 --> 00:04:50,630 this is a dedicated private connection using a VLAN, 86 00:04:51,100 --> 00:04:54,130 it is not encrypted by default. 87 00:04:54,130 --> 00:04:58,630 So a VPN and a VLAN through Direct Connect 88 00:04:58,630 --> 00:05:00,940 are two different things, right? 89 00:05:00,940 --> 00:05:04,020 So keep that in mind that just because you have a VLAN 90 00:05:04,020 --> 00:05:06,380 over Direct Connect does not mean 91 00:05:06,380 --> 00:05:08,690 that this traffic is encrypted. 92 00:05:08,690 --> 00:05:12,660 So if you have regulatory need 93 00:05:12,660 --> 00:05:15,470 to encrypt that traffic end-to-end, 94 00:05:15,470 --> 00:05:19,260 then you would have to do something in addition to this VLAN 95 00:05:19,260 --> 00:05:22,240 in order to make that happen, right? 96 00:05:22,240 --> 00:05:25,310 So keep that in mind that Direct Connect 97 00:05:25,310 --> 00:05:28,470 gives us a dedicated private fiber connection 98 00:05:28,470 --> 00:05:32,333 generally in one or 10 gigabit per second options.