AWS Direct Connect Gateway
- Direct Connect Gateway is a global network device that helps establish connectivity that spans multiple VPCs spread across multiple AWS Regions.
- is a globally available resource that can be created in any Region and accessed from all other Regions.
- supports Private VIF only and does not support Public VIF.
- DX Gateway and Private VIF should be in the same AWS account, whereas the connected VPCs can be in different AWS accounts and regions.
- can be associated with
- a Virtual Private Gateway in any VPC, Region, or Account.
- a Transit Gateway for multiple VPCs in the same region
- allows scaling a Direct Connection to 500 VPCs as
- a single Direct Connection supports 50 VIFs
- a single private VIF can connect to a single Direct Connect Gateway
- a single Direct Connect Gateway can connect to 10 VGWs
Direct Connect Gateway Limitations
- supports 10 VGWs (VPC) connections.
- supports a Single Transit VIF per Direct Connect.
- does not support overlapping CIDRs.
- does not support transitive routing i.e. does not allow gateway associations to send traffic to each other (for example, a VGW to another VGW or VPC to VPC)
- allows a maximum of 100 prefixes. You can summarize the prefixes into a larger range to reduce the number of prefixes.
Direct Connect Gateway + Transit Gateway
- AWS Direct Connect Gateway does not support transitive routing and has limits on the number of VGWs that can be connected.
- AWS DX Gateway can be combined with AWS Transit Gateway using transit VIF attachment which enables your network to connect up to three regional centralized routers over a private dedicated connection
- Each AWS Transit Gateway is a regional resource and acts as a network transit hub to interconnect VPCs in the same region, consolidating VPC routing configuration in one place.
- This solution simplifies the management of connections between a VPC and the on-premises networks over a private connection that can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience than internet-based connections.
- With AWS Transit Gateway connected to VPCs, full or partial mesh connectivity can be achieved between the VPCs.
- Cross-VPC and Cross-Region VPC communication facilitated by AWS Transit Gateway peering.
AWS Certification Exam Practice Questions
- Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
- AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
- AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
- Open to further feedback, discussion and correction.
- Your company currently has set up an AWS Direct Connect connection between their on-premise data center and a VPC in the us-east-1 region. They now want to connect their data center to a VPC in the us-west-1 region. They need to ensure latency is low and maximum bandwidth for the connection. How could they accomplish this in a cost-effective manner?
- Create an AWS Direct Connect connection between the VPC in the us-west-1 region and the on-premise data center
- Setup an AWS Direct Connect Gateway
- Create an AWS VPN managed connection between the VPC in the us-west-1 region and the on-premise data center
- Use VPC peering