After creating the DirectCLOUD connection on the DE-CIX side, it is time to configure the network in AWS to finalize the setup.
Before entering in details, we need to understand some concepts from the AWS cloud to configure the services there:
VIF - What is a VIF?
The DX (Direct Connect) connexions are only layer two circuits - VLANs.
They don´t directly support IP traffic. (We can´t access any resources)
This is why we have VIFs - Virtual Interfaces.
VIFs provide layer three connectivity for inbound and outbound IP traffic.
(Thanks to the VIFs, we can access the resources in the cloud)
There are three different types of VIFs:
Private VIF: Private VIFs allow us to connect to private AWS networks, in other words, to VPCs, but it has some limitations.
Public VIF: allow us to connect to the public zone, where all public AWS Services are. These services are accessed through the internet, for example, S3.
With the Public VIF, we can privately access all of them.
Transit VIF: Similar to the Private VIF, it allows us to connect to the private zone to our VPCs, but it also helps to bypass and transit data from one VPC to another in combination with a specific gateway (transit gateway)
Because a VIF alone does nothing, we need a Gateway to make it work, and there are different configurations. ↓
Private VIF
Private VIF + Virtual Private Gateway (VGW) - LEGACY
Private VIF + VGW + Direct Connect Gateway (DX Gateway) :
Recommended Setup for a simple hybrid architectureThis setup allows us to interconnect between different VPCs, in different regions.
There are some limitations using this method. you can´t send traffic:From one associated VPC to another, it is only possible from the customer to the VPC
From one connected VIF to another (only a single VIF is allowed per session)
From a connected VIF through a VPN connection using an associated VGW
Transit VIF
Transit VIF + Direct Connect Gateway (DX Gateway) + Transit Gateway
The DX Gateway with the Transit VIF interconnects Transit Gateways (instead of VGW: Virtual Private Gateways)
Transit Gateways provide a hub and spoke design for connecting VPCs and on-premises networks:
Thanks to the transit gateway, the traffic can flow from point to point, from one associated VPC to another, and can be paired with different networking solutions such as VPN, transit gateway peering...
Now that we have these concepts in mind let´s create the Recommended Setup in the second part of the tutorial