nanog mailing list archives

Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS


From: Dave Cohen <craetdave () gmail com>
Date: Tue, 1 Mar 2016 20:28:34 -0500

I can confirm that AWS (and Equinix, by extension, from a facility operator
perspective) permit carriers to have multiple end users share a physical
interface into the AWS gateway. The key is whether the providers that are
permitted into the DX environment (I believe AWS has limited the list to
only 7 or 8 in total - anyone else is reselling capacity off of those
carriers) are willing to deal with the constraints of that configuration -
essentially that the carrier needs to take responsibility of engaging
directly with AWS to associate the EVC on the provider interface with the
VPC on the AWS interface. I can confirm that at least one provider other
than Equinix will do this. Point being, it's not an AWS restriction as much
as whether the provider is willing to get its hands a bit dirtier. My $.02
at least.

- Dave

On Tue, Mar 1, 2016 at 7:59 PM, Mike Hammett <nanog () ics-il net> wrote:

I haven't heard it from the horse's mouth, but I heard that the only way
to have customers share an AWS DX (apparently) cross connect is through
Equinix's cloud exchange service. Can anyone confirm that? It doesn't seem
right that I could transport people to AWS all day long if they buy their
own cross connect, but once we share, I have to go through someone offering
a competitive service.




-----
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com

----- Original Message -----

From: "Michael O'Connor" <moc () es net>
To: "Jay R. Ashworth" <jra () baylink com>
Cc: "North American Network Operators' Group" <nanog () nanog org>
Sent: Tuesday, March 1, 2016 2:41:35 PM
Subject: Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

Jay,

VPC is supported over IPsec if your public path is sufficient into the AWS
cloud.

AWS shortens DirectConnect to DX not DC for some reason.

The AWS DirectConnect service is built on 10G infrastructure so using
potentially larger interconnects over public peerings with IPsec could be
advantageous.

DX requires fiber cross connects in addition to any other AWS peerings that
you may have at a particular location.

-Mike O'Connor


On Tue, Mar 1, 2016 at 12:16 PM, Jay R. Ashworth <jra () baylink com> wrote:

Just got this dropped on my desk an hour ago, and I'm not finding as much
material online as I might have hoped for...

It looks like the easiest solution is to just hang a router/firewall at
Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP
and
MPLS; is there a "native" way to do that from an AWS VPC instead?

Any public or private replies cheerfully accepted; will summarize what I
can to the list.

Cheers,
-- jra

--
Jay R. Ashworth Baylink
jra () baylink com
Designer The Things I Think RFC
2100
Ashworth & Associates http://www.bcp38.info 2000 Land
Rover DII
St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647
1274




--
Michael O'Connor
ESnet Network Engineering
moc () es net
631 344-7410




-- 
- Dave Cohen
eM: craetdave () gmail com
AIM: dCo says


Current thread: