AWS Direct Connect | Direct Connect Gateway

Question 1

Can I establish a Layer 2 connection between VPC and my network?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 1

No, Layer 2 connections are not supported.

Question 2

What is Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 2

Direct Connect Gateway is a grouping of Virtual Private Gateways (VGWs) and Private Virtual Interfaces (VIFs) that belongs to the same AWS account.

Question 3

Why is Direct Connect Gateway needed?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 3

It provides two main functions. First; Direct Connect Gateway will enable you to interface with VPCs in any AWS Region (except AWS China Region), enabling you to use your AWS Direct Connect connections to interface with more than one AWS Regions.

Second; you can share private virtual interface to interface with more than one Virtual Private Clouds (VPCs), enabling you to reduce the number of Border Gateway Protocol sessions between your on premise network and AWS deployments.

Question 4

Are there additional fees when using Direct Connect Gateway and working with remote regions?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 4

You will pay applicable egress data charges and port hour charges as per AWS Direct Connect Pricing.

Question 5

Do the private Virtual Interfaces(s), Direct Connect Gateway, and VGWs need to be in the same account to use Direct Connect Gateway functionality?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 5

Yes, private virtual interface, direct connect gateway, and VGW (associated with VPC) must be in the same AWS account to use Direct Connect Gateway functionality.

Question 6

Can I continue to use all my VPC features if I associate VGW (associated with VPC) to Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 6

Yes, Networking features such as Elastic File System, Elastic Load Balancer, Application Load Balancer, Security Groups, Access Control List, will still work with Direct Connect Gateway.

Direct Connect Gateway will not support CloudHub functionality, but if you are using AWS Classic VPN or AWS VPN connection to VGW that is assocaited with your Direct Connect Gateway, you will be able to use your VPN connection to failover.

Features that are currently not supported by Direct Connect, AWS Classic VPN, or AWS VPN, such as edge-to-edge routing, VPC peering, VPC endpoint, will not be supported by Direct Connect Gateway.

Question 7

I am working with one of the AWS Direct Connect partners to get private virtual interface provisioned for my account, can I use Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 7

Yes, you can associate provisioned Private Virtual Interface with your Direct Connect Gateway when you confirm your provisioned Private Virtual Interface in your AWS account.

Question 8

What if I just want to connect to VPCs in my local region?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 8

You can continue to use the current practice of attaching your VIF to VGW; you will continue to have intra-region VPC connectivity, and will be charged egress rate that is applicable based on geographical regions.

Question 9

What are the limits associated with Direct Connect Gateway usage?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 9

Please refer to AWS Direct Connect Limits to get limits associated with the Direct Connect Gateway feature.

Question 10

Can a VGW (associated with a VPC) be part of more than one Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 10

No, a VGW- VPC pair can not be part of more than one Direct Connect Gateway.

Question 11

Can a Private Virtual Interface be attached to more than one Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 11

No, one Private Virtual Interface can only attach to a single Direct Connect Gateway OR a single VGW.

Question 12

Can I assocate multiple VGWs (each assocaited with a VPC) to a Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 12

Yes, this will be allowed as long as the IP CIDR blocks of the VPC associated with the VGW do not overlap.

Question 13

How do I connect to the remote VPC?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 13

Once the Private VIF has been associated with your Direct Connect Gateway, you can configure BGP as you would with a traditional Private Virtual Interface. For each VGW that is then associated with the Direct Connect Gateway, you will recieve a BGP announcement for the additional CIDR ranges.

Question 14

Does Direct Connect Gateway break existing CloudHub functionality for customers?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 14

No, Direct Connect Gateway does not break existing CloudHub for customers. Direct Connect Gateway enables connectivity between on-premise networks and ANY AWS region’s VPC. CloudHub enables connectivity between on-premise network using Direct Connect or VPN within the same region the VIF is associated with the VGW directly. Existing CloudHub functionality will continue to be supported.

Question 15

What type of traffic is supported, and not supported by Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 15

Please refer to AWS Direct Connect User Guide to review supported and not supported traffic patterns.

Question 16

Will intra-region CloudHub continue to be supported?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 16

Yes, customers will still be able to attach a Direct Connect VIF directly to a VGW to support CloudHub

Question 17

I currently have a VPN in us-east-1 attached to a VGW. I want to enable CloudHub in us-east-1 between that VPN and a new VIF. Can I do this with Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 17

No, you cannot do this with a Direct Connect Gateway, but the option to attach a VIF directly to a VGW is available to enable the VPN Direct Connect CloudHub use case.

Question 18

I have existing private virtual interface associated with VGW, can I associate my existing private virtual interface with Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 18

No, existing private virtual interface associated with VGW can not be associated with the Direct Connect Gateway. Please create a new private virtual interface, and at the time of creation, associate with your Direct Connect Gateway.

Question 19

Does Direct Connect Gateway deprecate CloudHub functionality?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 19

No. You can continue using your already created CloudHub.

Question 20

Can I create new CloudHub between my VPN connection and Direct Connect VIF?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 20

Yes, you can create new CloudHub between your VPN and Direct Connect VIF by using a VGW attachment instead of a Direct Connect Gateway attachement.

Question 21

If I have a VGW attached to a VPN and a Direct Connect Gateway and my Direct Connect circuit goes down, will my VPC traffic route out the VPN?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 21

Yes, as long as the VPC route table still has routes to the VGW towards the VPN.

Question 22

Can I attach a VGW that is not attached to a VPC to a Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 22

No, you cannot associate an unattached VGW to Direct Connect Gateway.

Question 23

I have created Direct Connect Gateway with one Direct Connect Private Virtual Interface, and three non-overlapping VGWs (each associated with a VPC), what happens if I detach one of the VGW from the VPC?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 23

Traffic from your on-premise network to the detached VPC will stop, and VGW’s association with the Direct Connect Gateway will be deleted.

Question 24

I have created Direct Connect Gateway with one Direct Connect VIF, and three non-overlapping VGW-VPC pairs, what happens if I detach one of the VGW from the Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 24

Traffic from your on-premise network to the detached VGW (associated with a VPC) will stop.

Question 25

Can I send traffic from one VPC associated with a Direct Connect Gateway to another VPC associated to the same Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 25

No, Direct Connect Gateway only supports routing traffic from Direct Connect VIFs to VGW (associated with VPC). In order to send traffic between 2 VPCs, you would configure a VPC peering connection, the same as you do today.

Question 26

I currently have a VPN in us-east-1 attached to a VGW. If I associate this VGW to a Direct Connect Gateway, can I send traffic from that VPN to a VIF attached to the Direct Connect Gateway in a different region?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 26

No, a Direct Connect Gateway will not route traffic between a VPN and a Direct Connect VIF. To enable this use case, you would create a VPN in the region of the VIF and attach the VIF and the VPN to the same VGW.

Question 27

How do I detach my VGW-VPC pair from a Direct Connect Gateway?

Direct Connect Gateway

AWS Direct Connect | Networking & Content Delivery

Answer 27

You can detach a VGW-VPC pair from a Direct Connect Gateway using the AWS Console or API.