AWS Direct Connect

· AWS Direct Connect does not involve the Internet; instead, it uses dedicated, private network connections between your intranet and Amazon VPC. Traffic does not go over the Internet. It is not an IPSec VPN.

· Connection Speeds – 1, 10, or 100 Gbps speeds.

· For Hosted Connections, capacities of 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps and 10Gbps may be ordered from approved AWS Direct Connect Partners

· There are no limits on the amount of data you can transport. You are limited by port capacity.

· You cannot advertise more than 100 routes over BGP on a direct connect. Traffic will stop flowing on the virtual interface until you do.

· AWS Direct Connect supports 1000BASE-LX, 10GBASE-LR, or 100GBASE-LR4 connections over single mode fiber using Ethernet transport. Your device must support 802.1Q VLANs.

· You can use local VLANS with direct connect. They are there to separate traffic on virtual interfaces.

· If you are configuring a virtual interface to the public AWS cloud, the IP addresses for both ends of the connection must be allocated from public IP space that you own. If the virtual interface is to a VPC and you choose to have AWS auto-generate the peer IP CIDR, the IP address space for both ends of the connection will be allocated by AWS in the 169.254.0.0/16 range.

· Layer 2 connections are not supported with Direct Connect.

· You cannot attach transit virtual interface to your Virtual Private Gateway.

· you cannot attach private virtual interface to your AWS Transit Gateway.

· you can create only one transit virtual interface for any AWS Direct Connect connection of capacity greater than or equal to 1 Gbps.

· You can create up to 51 virtual interfaces per 1 Gbps, 10Gbps, or 100 Gbps dedicated connection inclusive of the transit virtual interface.

· a transit virtual interface will support jumbo frames. Maximum transmission unit (MTU) size will be limited to 8,500.

· Direct Connect gateway will give you the ability to interface with VPCs in any AWS Region (except the AWS China Region), so you can use your AWS Direct Connect connections to interface with more than one AWS Region.

You can share a private virtual interface to interface with up to ten Virtual Private Clouds (VPCs) to reduce the number of Border Gateway Protocol sessions between your on-premises network and AWS deployments.
By attaching transit virtual interface(s) (VIF) to a Direct Connect gateway and associating AWS Transit Gateway(s) with the Direct Connect gateway, you can share transit virtual interface(s) to connect with up to three Transit Gateways. This can reduce the number of Border Gateway Protocol sessions between your on-premises network and AWS deployments. Once a transit VIF is connected to a Direct Connect Gateway, that Gateway cannot also host another Private VIF - it become dedicated to the transit VIF.
You can associate multiple virtual private gateways (VGWs, associated with a VPC) to a Direct Connect gateway, as long as the IP CIDR blocks of the Amazon VPC associated with the Virtual Private Gateway do not overlap.

· You can associate up to three AWS Transit Gateways to a Direct Connect gateway as long as the IP CIDR blocks announced from your AWS Transit Gateways do not overlap.

· You can associate Amazon Virtual Private Clouds (Amazon VPCs) owned by any AWS account with a Direct Connect gateway owned by any AWS account.

· you can associate AWS Transit Gateway owned by any AWS account with a Direct Connect gateway owned by any AWS account.

· There are no charges for using a Direct Connect gateway. You will pay applicable egress data charges based on the source remote AWS Region and port hour charges.

· Private virtual interfaces and Direct Connect gateways must be in the same AWS account. Similarly, transit virtual interfaces and Direct Connect gateways must also be in the same AWS account. Virtual private gateway(s) or AWS Transit Gateway(s) can be in a different AWS accounts than the account that owns the Direct Connect gateway.

· Networking features such as Elastic File System, Elastic Load Balancer, Application Load Balancer, Security Groups, Access Control List, AWS PrivateLink will still work with Direct Connect gateway.

· Direct Connect gateway will not support CloudHub functionality, but if you are using an AWS VPN connection to a virtual gateway (VGW) that is associated with your Direct Connect gateway, you will be able to use your VPN connection for failover.

· Features that are not currently supported by Direct Connect are; AWS Classic VPN, AWS VPN (such as edge-to-edge routing), VPC peering, VPC endpoints.

· a VGW-VPC pair cannot be part of more than one Direct Connect gateway.

· One private virtual interface can only attach to one Direct Connect gateway OR one Virtual Private Gateway

· Direct Connect gateway enables connectivity between on-premises networks and VPCs in any AWS Region. CloudHub enables connectivity between on-premises networks using Direct Connect or a VPN within the same Region. The VIF is associated with the VGW directly. Existing CloudHub functionality will continue to be supported. You can attach a Direct Connect virtual interface (VIF) directly to a virtual private gateway (VGW) to support intra-Region CloudHub.

· Direct Connect gateway only supports routing traffic from Direct Connect VIFs to VGW (associated with VPC). In order to send traffic between 2 VPCs, you must configure a VPC peering connection.

· Direct Connect gateway offers a way for you to selectively announce prefixes towards your on-premises networks. For prefixes that are advertised from your on-premises networks, each VPC associated with a Direct Connect gateway will receive all prefixes announced from your on-premises networks. If you want to limit traffic to and from any specific Amazon VPC, you should consider using Access Control Lists (ACLs) for each VPC.

· all existing BGP sessions on private virtual interfaces support the use of local preference communities.