Showing posts from August, 2017

AWS: DX Public VIF w/ VPN Failover

Here I'll provide a quick glimpse on how to setup a physical DirectConnect cross-connect to your AWS VPC with seamless VPN resiliency of VPN failover.

First, you'll need to provision at least one DirectConnect (DX) connection to AWS. After you've done that, use the AWS portal create a new Public VIF on that connection(s):

In reality, a VIF is really just a separate dot1q VLAN and BGP peering session within the physical link between you and AWS at the exchange facility. The difference between a Public and Private VIF is what addresses are received/announced by both ends. For instance, using a private VIF is similar to a VPN connection where you will receive private VPC subnet(s) and announce your remote network's local IP space toward it.

With a public VIF however you'll instead receive all of AWS' public service endpoint prefixes, including EC2, S3, Dynamo DB, and VPN terminators. Side note: Depending on optional BGP communities that you might've specified…