AWS Direct Connect Gateway

• Direct Connect Gateway is a global network device that helps establish connectivity that spans multiple VPCs spread across multiple AWS Regions.
• is a globally available resource that can be created in any Region and accessed from all other Regions.
• is a virtual component of Direct Connect designed to act as a distributed set of BGP route reflectors. Because it operates outside the data traffic path, it avoids creating a single point of failure or introducing dependencies on specific AWS Regions.
• supports Private VIF and Transit VIF. Does not support Public VIF.
• DX Gateway and Private VIF should be in the same AWS account, whereas the connected VPCs can be in different AWS accounts and regions.
• can be associated with
  • a Virtual Private Gateway in any VPC, Region, or Account.
  • a Transit Gateway for multiple VPCs in the same region
  • an AWS Cloud WAN core network directly (without requiring a Transit Gateway)
• allows scaling a Direct Connection to 1000 VPCs as
  • a single Direct Connection supports 50 VIFs
  • a single private VIF can connect to a single Direct Connect Gateway
  • a single Direct Connect Gateway can connect to 20 VGWs
• High availability is inherently built into its design, eliminating the need for multiple Direct Connect gateways.

Direct Connect Gateway Limitations

• supports 20 VGWs (VPC) connections per Direct Connect Gateway. (increased from 10)
• supports up to 6 Transit Gateways per Direct Connect Gateway.
• supports up to 4 Transit VIFs per Direct Connect Dedicated Connection. (increased from 1)
• supports a maximum of 30 virtual interfaces (private or transit) per Direct Connect Gateway.
• does not support overlapping CIDRs.
• does not support transitive routing i.e. does not allow gateway associations to send traffic to each other (for example, a VGW to another VGW or VPC to VPC)
• allows a maximum of 200 prefixes (combined IPv4 and IPv6) per Transit Gateway association. (increased from 100)
• Only one core network can be associated with a Direct Connect Gateway (for Cloud WAN).

Direct Connect Gateway + Transit Gateway

• AWS Direct Connect Gateway does not support transitive routing and has limits on the number of VGWs that can be connected.
• AWS DX Gateway can be combined with AWS Transit Gateway using transit VIF attachment which enables your network to connect up to six regional centralized routers over a private dedicated connection. (increased from 3 to 6 Transit Gateways)
• Each AWS Transit Gateway is a regional resource and acts as a network transit hub to interconnect VPCs in the same region, consolidating VPC routing configuration in one place.
• This solution simplifies the management of connections between a VPC and the on-premises networks over a private connection that can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections.
• With AWS Transit Gateway connected to VPCs, full or partial mesh connectivity can be achieved between the VPCs.
• Cross-VPC and Cross-Region VPC communication facilitated by AWS Transit Gateway peering.

Direct Connect Gateway + AWS Cloud WAN

• As of November 2024, AWS Direct Connect Gateway can be directly attached to an AWS Cloud WAN core network without requiring a Transit Gateway as an intermediary.
• The Cloud WAN Direct Connect attachment supports:
  • Automatic route propagation between AWS and on-premises networks using BGP
  • Central policy-based management through Cloud WAN
  • Segmentation for advanced security configurations
  • Region-specific and segment-specific routing behaviors
  • Tag-based attachment automation
• The maximum number of advertised route prefixes from a Cloud WAN core network DX Gateway attachment to on-premises is 5,000.
• Only one core network can be associated with a Direct Connect Gateway.
• The association is created, deleted, and managed from the Cloud WAN Console in Network Manager.

Direct Connect SiteLink

• AWS Direct Connect SiteLink enables sending data from one Direct Connect location to another, bypassing AWS Regions.
• Data travels over the shortest path between Direct Connect locations using the AWS global network backbone.
• SiteLink is enabled per VIF and creates private, end-to-end network connections between offices, data centers, and colocation facilities.
• SiteLink is off by default and can be turned on or off at any time.
• All VIFs with SiteLink enabled must be attached to the same Direct Connect Gateway.
• SiteLink prefix limit: 100 (can be increased by contacting AWS support).
• Provides built-in redundancy and resiliency, ensuring uninterrupted connectivity even during public internet outages.

VIF Rate Limiters (New – June 2026)

• VIF Rate Limiters help prevent network congestion caused by unexpected traffic spikes on a VIF which can consume all available bandwidth, impacting workloads on other VIFs on the same connection.
• Allows setting a maximum bandwidth allocation for up to 10 VIFs per dedicated connection.
• Available capacity increments from 50 Mbps to 1.6 Tbps when using a Link Aggregation Group (LAG).
• Rate limiting applies to traffic both ingressing and egressing the AWS network.
• Quota: 10 Rate Limiters per Dedicated connection.

AWS Certification Exam Practice Questions

• Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
• AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
• AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
• Open to further feedback, discussion and correction.

1. Your company currently has set up an AWS Direct Connect connection between their on-premise data center and a VPC in the us-east-1 region. They now want to connect their data center to a VPC in the us-west-1 region. They need to ensure latency is low and maximum bandwidth for the connection. How could they accomplish this in a cost-effective manner?
   1. Create an AWS Direct Connect connection between the VPC in the us-west-1 region and the on-premise data center
   2. Setup an AWS Direct Connect Gateway
   3. Create an AWS VPN managed connection between the VPC in the us-west-1 region and the on-premise data center
   4. Use VPC peering
2. A company needs to connect its on-premises data center to VPCs across 15 different AWS accounts in multiple regions using Direct Connect. They want to minimize the number of connections while maintaining dedicated bandwidth. What architecture should they use?
   1. Create 15 separate Direct Connect connections, one for each account
   2. Use a single Direct Connect with 15 private VIFs
   3. Use a Direct Connect Gateway with Virtual Private Gateways in each VPC
   4. Use AWS VPN connections for each VPC
3. A company wants to connect their on-premises network to multiple VPCs in the same region and enable inter-VPC communication. Which combination of services should they use with Direct Connect?
   1. Direct Connect Gateway with Virtual Private Gateways
   2. Direct Connect Gateway with Transit Gateway
   3. Multiple Direct Connect connections with private VIFs
   4. Direct Connect with VPC peering
4. An organization needs to route traffic directly between two on-premises data centers connected to AWS Direct Connect in different locations, using the shortest network path without passing through an AWS Region. Which feature should they enable?
   1. Transit Gateway peering
   2. Direct Connect Gateway with Transit VIF
   3. AWS Direct Connect SiteLink
   4. AWS Cloud WAN
5. A company wants to simplify their hybrid network architecture by connecting their on-premises locations to VPCs across multiple regions with centralized routing policy management. They also need segment-based isolation. Which architecture should they choose? (Select TWO)
   1. AWS Cloud WAN with Direct Connect Gateway attachment
   2. Direct Connect Gateway with multiple Transit Gateways
   3. Direct Connect with VPC peering
   4. Cloud WAN core network with segment-based routing policies
   5. Multiple Direct Connect Gateways with SiteLink

References

• AWS Direct Connect Gateway Documentation
• AWS Direct Connect Quotas
• Direct Connect Gateway Attachments in AWS Cloud WAN
• AWS Cloud WAN Direct Connect Integration (Nov 2024)
• AWS Direct Connect VIF Rate Limiters (June 2026)
• AWS Direct Connect SiteLink