By Anjali Vijayakumar, Partner Solutions Architect at AWS
By Sohaib Tahir, Senior Solutions Architect at AWS
AWS Direct Connect is a networking service that allows for hybrid connectivity between customers’ on-premises environments (data centers, offices, or colocation environments) and the Amazon Web Services (AWS) Cloud.
With AWS Direct Connect, the internet is bypassed entirely and customers get physical dedicated connectivity to AWS, allowing for a more consistent, predictable performance.
Many customers rely on AWS Direct Connect Partners to get access to Direct Connect connections so they can connect to AWS. These trusted AWS Partner Network (APN) Partners have passed a technical validation for following AWS service best practices, and have proven success delivering AWS services like Direct Connect to customers.
This post specifically addresses Direct Connect for APN Partners and explains the Direct Connect partner model.
How AWS Direct Connect Partners Help Customers
AWS has a presence in more than 100 locations that we call “Direct Connect Locations” spread out across the globe. Here is the full list and location details.
For customers to use AWS Direct Connect to connect to AWS, they have to meet us at a Direct Connect location by virtue of establishing a standard cross-connect between their equipment and our equipment.
Customers need to either extend their last-mile connectivity into the Direct Connect location itself, or work with an AWS Direct Connect Partner to set up access for them. This is a common scenario for many AWS customers.
Each Direct Connect location is associated with a specific AWS Region. Customers can use a Direct Connect Gateway to access their resources in any AWS Region (including GovCloud) from a private or transit virtual interface in any Direct Connect location.
Using a Direct Connect public virtual interface, customers can access public endpoints in any AWS Region from any Direct Connect location.
Figure 1 – Establishing connectivity to AWS using Direct Connect.
Types of Direct Connect Connections
There are two types of Direct Connect connections—Dedicated and Hosted. It’s important for a Direct Connect Partner to understand the Direct Connect model. This includes the difference between a Dedicated and Hosted connection, and the different types of Direct Connect Virtual Interfaces (VIF).
This distinction is an important one to APN Partners, as it decides how many customers and how many VLANs they can support on a single Direct Connect connection.
Customers can provision Dedicated connections directly from AWS. They can set up end-to-end connectivity themselves, or work with an AWS Direct Connect Partner.
Please note, APN Partners do not need to apply for the AWS Direct Connect Service Delivery designation in order to help customers with Dedicated connections.
A Dedicated connection is a physical Ethernet connection associated with a single customer, with two options for port speeds—1 Gbps and 10 Gbps. The number of virtual interfaces (VIF) or VLANs allowed per Dedicated connection is 50.
Think of a virtual interface as a VLAN with a BGP peering session. In addition to the 50 VIFs which can be public or private, you also get one transit VIF per Dedicated connection. A transit VIF is needed only in the case where you want to integrate AWS Transit Gateway with Direct Connect. Learn more in our documentation about the different types of VIFs.
To increase bandwidth, Dedicated connections can be combined using Link Aggregation Groups.
There are a few different scenarios wherein a Direct Connect Partner can assist a customer with Dedicated connections:
- Provide last-mile connectivity between AWS Direct Connect location and customer premises.
- Provide networking equipment.
- Manage end-to-end connectivity.
Details of the partner’s involvement are to be worked out between the customer and partner.
Customers can obtain a Hosted connection from Direct Connect Partners only—not from AWS. Hosted connections are only available from approved Direct Connect Delivery Partners who have been validated through the AWS Service Delivery Program.
With a Hosted connection, customers get a variety of options for port speeds—50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, and 10 Gbps. For customers that don’t need as much as a 1G capacity, which is the minimum you get and pay for with the Dedicated connection model, this may be a better option.
It’s important to note that a hosted connection allows for exactly one VIF or VLAN per Hosted connection. The VIF can be a public, private, or transit VIF, which is only available on Hosted connections of speeds 1 Gbps and above. Therefore, Hosted connections with up to 500 Mbps capacity support one private or public VIF only; there is no support for Transit VIF in this case.
Since each VIF represents a single VLAN and BGP peer, any requests for additional VLANs from a customer will require you provision an additional Hosted connection(s) as needed for that customer.
Most Direct Connect Partners support adding or removing Hosted connections for customers on-demand. This is because connections are over pre-provisioned network circuits to the customer premises. This is how customers get access to Hosted connections in a matter of minutes.
How Hosted Connections Work for Partners
A Hosted connection is a logical construct that allows approved AWS Direct Connect Partners to provision Direct Connect services for customers.
You can think of a Hosted connection as a partner provisioning a Direct Connect connection from AWS on behalf of the customer. Partners use an Interconnect to aggregate multiple customers onto a single physical or logical Ethernet interface on an AWS Direct Connect device.
An Interconnect is a 1G or 10G Ethernet fiber-optic port that’s made available only to approved Direct Connect Partners. 802.1Q VLANs provide separation between different Hosted connections on an Interconnect.
It is the responsibility of the Direct Connect Partner to assign VLANs when allocating Hosted connections to customers, and to deliver each VLAN to the appropriate customer. In the case of Dedicated connections, customers choose their own VLAN IDs.
For Direct Connect Partners, the total capacity of an Interconnect limits the number of Hosted connections the Interconnect will support. For example, a 1Gbps Interconnect can support two 500 Mbps Hosted Connections, but can’t support the addition of a third Hosted connection of any capacity.
AWS polices each Hosted connection to its assigned capacity, and the Direct Connect Partner must also police each Hosted connection to its assigned capacity. Over-subscription of Interconnects is not permitted per the AWS Direct Connect Partner Program Requirements.
Getting Approved to Support Hosted Connections
To gain access to the Hosted connection model, APN Partners must apply to the AWS Service Delivery Program for a Direct Connect designation. At a high level, the process entails submitting an application with customer references, undergoing a technical validation by AWS Partner Solutions Architects, and setting up monitoring of Interconnects.
To learn more about the application process and the Direct Connect Partner program requirements, log into APN Partner Central and review the following documents:
- AWS Service Delivery Validation Checklist: AWS Direct Connect
- AWS Direct Connect Partner Guide
- AWS Direct Connect Interconnect Monitoring Technical Requirements 1.0
- AWS Service Delivery Program Guide
Be sure to contact your APN representative for any help you need getting started with the AWS Service Delivery application process.
APN Partners that are approved under the AWS Direct Connect Service Delivery designation get listed on our Direct Connect Partner page.
The Hosted Virtual Interface Model
A Hosted VIF is one where the AWS account that owns the Direct Connect Dedicated connection is different from the AWS account that owns the virtual interface. Some Direct Connect Partners enable access to Direct Connect by creating Hosted VIFs assigned to customers’ AWS accounts.
The Direct Connect Partner Hosted VIF model allows for one VIF only, which is typically a public or private VIF. Transit VIF is technically supported but it’s not a scalable option for Partners.
Direct Connect Partners provision each Hosted VIF over a network link between them and AWS, shared by multiple customers. Each Hosted VIF has access to all available capacity on the network link in the direction from AWS to the Direct Connect Partner.
It is possible to oversubscribe the shared network link because AWS does not limit network traffic capacity on each Hosted VIF. As a result, AWS no longer allows new Direct Connect Partner service integrations using Hosted VIFs. We recommend customers with workloads sensitive to network congestion to use Dedicated or Hosted connections.
Resiliency with AWS Direct Connect
AWS has clear recommendations for customers to achieve high resiliency with Direct Connect access to AWS. Learn more via our topology guidelines.
AWS requires Direct Connect Partners to maintain at least two Interconnects to two different AWS devices at each location where partners enable customers to access Hosted connections.
AWS also requires Direct Connect Partners maintain two different Direct Connect Partner devices at each location. This is so connections between AWS and Direct Connect Partners are not subject to a single point of failure.
We also recommend Direct Connect Partners establish a presence at multiple locations to be able to offer geographically diverse and resilient connectivity to customers.
Direct Connect Pricing
There are two elements to AWS Direct Connect pricing:
- Port hours: This is the price for the capacity of the Dedicated or Hosted connection. The port hour prices are the same across all AWS Direct Connect locations except for Japan. For a full list of port hour pricing for all capacities, refer to the AWS Direct Connect pricing page.
- Data transfer charges: Data transfer into AWS from all Direct Connect locations is free. Data transfer out charges depend on the source AWS Region and the Direct Connect location carrying that traffic out. There is a matrix with the “from” AWS Region and a “to” Direct Connect location for all AWS Regions and Direct Connect locations on the AWS Direct Connect pricing page.
For customers working with a Direct Connect Partner, there may be additional charges. This could include last-mile connectivity or other services provided by the partner, and these details are to be worked out between the customer and partner.
Who Pays for What
In both Dedicated and Hosted connection models, AWS bills the customer for port hours and data transfer costs.
The Direct Connect Partner is responsible for any fees associated with obtaining a cross-connect from the Direct Connect location facility provider. This is to be worked out between the partner and appropriate provider.
Excluding the AWS Solution Provider Program, there is no financial transaction between AWS and the Direct Connect Partner for Dedicated or Hosted connections.
|Speeds||1, 10 Gbps||50, 100, 200, 300, 400, 500 Mbps
1, 2, 5, 10 Gbps
|AWS Direct Connect Partner designation required||No||Yes|
|Cross-connect fee||Paid by AWS Direct Connect Partner|
|AWS port-hour charge||Billed to AWS account that owns Dedicated or Hosted connection|
|AWS data egress charge||Billed to AWS account responsible for data transfer out|
|Virtual interfaces (VIF)||50 per Dedicated connection||1 per Hosted connection; customers may obtain multiple Hosted connections|
Figure 2 – AWS Direct Connect service models.
In this post, we looked at the different AWS Direct Connect service models and focused on how APN Partners are helping customers get access to Direct Connect.
APN Partners can help customers with Dedicated connections, without needing a validation from AWS. If you want to provision Hosted connections for customers, and be listed as one of our validated AWS Direct Connect Delivery Partners, attaining the AWS Service Delivery designation is a requirement.
The Partner Hosted VIF model does not support AWS Transit Gateway integration, and is not an option we recommend to customers due to possibility of over-subscription. Dedicated or Hosted connections are the way to go.
Be sure to read the AWS Direct Connect Partner Guide and reach out to any of your APN representatives for questions.