AWS Direct Connect optimizes your hybrid IT environment by providing a secure, dedicated connection from your network into AWS backbone network. It bypasses the public Internet and provides predictable performance, ultra-low latency and cost savings – giving you the ability to respond quickly to changing business needs.
While there are many benefits to AWS Direct Connect, it is critical to make sure your connectivity architecture is setup correctly. With a single direct connect port, there can be many single points of failure along the network that can cause a disruption in your connectivity into AWS. That’s why it is important to take the next step and build fully redundant connectivity architecture. There are many layers to this, and the level of redundancy you choose to build will depend on your unique IT infrastructure and business needs.
Direct Connect + VPN
The first option to building resiliency is to add AWS-managed VPN as a backup. This is a fairly simple, low cost option for network redundancy. As long as both connectivity options access the same network, AWS will automatically favor direct connect over VPN. If there is an interruption in AWS Direct Connect, connectivity will be automatically routed through VPN. Just remember that VPN does not provide the same high-performance network connectivity that AWS Direct Connect provides.
2x Direct Connect
The second option is to use two direct connect ports to access the same network. When you order a second direct connect port in the same colocation facility, AWS will automatically place the new port on a different router. This will give your device redundancy with two different AWS routers. Unfortunately, you can still experience failures up to the AWS Direct Connect routers, meaning you would want to create device redundancy on your own equipment by adding another router in your colocation equipment.
This option allows you to have full control over traffic flow using BGP settings and routing decisions. One note of caution here: you might find yourself relying on the aggregate bandwidth that both connections are providing, making your redundancy obsolete. It is important to continually monitor bandwidth usage and add additional ports as bandwidth needs increase.
2x Direct Connect in 2x Facilities
A third option is to order a direct connect port in a second colocation facility. Each AWS region has two direct connect location options, allowing for full facility resiliency. These options will help you mitigate risks up to an entire facility failure. You will still have the same control over traffic flow using BGP settings and routing decisions. From here, AWS recommends adding yet another layer of redundancy with VPN back up for both locations.
These are a few suggestions, but in reality, there are many different ways to add redundancy to your network architecture. Ideally, you would design your network connectivity to withstand an entire AWS availability zone going offline. Remember that you can grow and adapt your strategy over time as your business needs change, and always remember to regularly test failover scenarios.