Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

[Mike Hammett <nanog () ics-il net>]

If anyone has connections at Amazon in those areas, could you pass them my way? My IP peering contact (MMC) seems to 
have fallen off the face of the earth and I'm not sure that's his jurisdiction anyway. Their web site seems largely 
useless so far, catering more to the consultant and software dev guys than the infrastructure\transport guys. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Dave Cohen" <craetdave () gmail com> 
To: "Mike Hammett" <nanog () ics-il net> 
Cc: "North American Network Operators' Group" <nanog () nanog org> 
Sent: Tuesday, March 1, 2016 7:28:34 PM 
Subject: Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS 


I can confirm that AWS (and Equinix, by extension, from a facility operator perspective) permit carriers to have 
multiple end users share a physical interface into the AWS gateway. The key is whether the providers that are permitted 
into the DX environment (I believe AWS has limited the list to only 7 or 8 in total - anyone else is reselling capacity 
off of those carriers) are willing to deal with the constraints of that configuration - essentially that the carrier 
needs to take responsibility of engaging directly with AWS to associate the EVC on the provider interface with the VPC 
on the AWS interface. I can confirm that at least one provider other than Equinix will do this. Point being, it's not 
an AWS restriction as much as whether the provider is willing to get its hands a bit dirtier. My $.02 at least. 


- Dave 


On Tue, Mar 1, 2016 at 7:59 PM, Mike Hammett < nanog () ics-il net > wrote: 


I haven't heard it from the horse's mouth, but I heard that the only way to have customers share an AWS DX (apparently) 
cross connect is through Equinix's cloud exchange service. Can anyone confirm that? It doesn't seem right that I could 
transport people to AWS all day long if they buy their own cross connect, but once we share, I have to go through 
someone offering a competitive service. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message ----- 

From: "Michael O'Connor" < moc () es net > 
To: "Jay R. Ashworth" < jra () baylink com > 
Cc: "North American Network Operators' Group" < nanog () nanog org > 
Sent: Tuesday, March 1, 2016 2:41:35 PM 
Subject: Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS 

Jay, 

VPC is supported over IPsec if your public path is sufficient into the AWS 
cloud. 

AWS shortens DirectConnect to DX not DC for some reason. 

The AWS DirectConnect service is built on 10G infrastructure so using 
potentially larger interconnects over public peerings with IPsec could be 
advantageous. 

DX requires fiber cross connects in addition to any other AWS peerings that 
you may have at a particular location. 

-Mike O'Connor 


On Tue, Mar 1, 2016 at 12:16 PM, Jay R. Ashworth < jra () baylink com > wrote: 

> Just got this dropped on my desk an hour ago, and I'm not finding as much 
> material online as I might have hoped for... 
>
> It looks like the easiest solution is to just hang a router/firewall at 
> Equinix Ashburn and AWS-DC to that, and then peer it to carriers both IP 
> and 
> MPLS; is there a "native" way to do that from an AWS VPC instead? 
>
> Any public or private replies cheerfully accepted; will summarize what I 
> can to the list. 
>
> Cheers, 
> -- jra 
>
> -- 
> Jay R. Ashworth Baylink 
> jra () baylink com 
> Designer The Things I Think RFC 
> 2100 
> Ashworth & Associates http://www.bcp38.info 2000 Land 
> Rover DII 
> St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 
> 1274 



-- 
Michael O'Connor 
ESnet Network Engineering 
moc () es net 
631 344-7410 







-- 

- Dave Cohen 
eM: craetdave () gmail com 
AIM: dCo says