AWS Direct Connect Gateway (DXGW) - Overview.
Scope:
- Intro,
- The concept of AWS
Direct Connect Gateway (DXGW),
- Why Use a DX
Gateway (Benefits & Description),
- DX Gateway
Components & Description,
- How DX Gateway
Works (Architecture Overview),
- DX Gateway
Associations,
- BGP Routing
Behavior,
- Multi-Region
Connectivity (DXGW as a global resource),
- Key Differences: VGW
vs TGW via DXGW,
- Common Design
Patterns,
- Monitoring Services & Operations Purposes,
- Security & Compliance,
- Best Practices of
- Sample Architecture
(Redundant DX + DXGW + TGW).
Intro:
- AWS Direct Connect Gateway (DXGW) is an importanct component in building:
- scalable,
- multi-region hybrid cloud architectures with AWS Direct Connect.
- AWS Direct Connect Gateway (DXGW) is an importanct component in building:
- scalable,
- multi-region hybrid cloud architectures with AWS Direct Connect.
1. The concept AWS Direct Connect Gateway (DXGW)
- AWS Direct Connect Gateway (DXGW) is a global network resource that allows
twtech to connect one or more
AWS Virtual Private Clouds (VPCs)
across multiple AWS Regions to twtech on-premises data center using AWS Direct Connect.
- AWS Direct Connect Gateway (DXGW) acts as a hub between twtech Direct Connect connections (private or transit VIFs) and Virtual Private Gateways (VGWs) or Transit Gateways (TGWs) across Regions.
2. Why Use a
DX Gateway (Benefits & Description)
|
Benefit |
Description |
|
Global Access |
Connects VPCs across different AWS Regions (except China). |
|
Centralized Management |
One DXGW handles multiple VPC associations. |
|
Simplified Architecture |
Reduces multiple VIFs to a single global gateway. |
|
Improved Scalability |
Scales hybrid connections without redesigning twtech core
network. |
|
Cost-Effective |
Fewer physical connections and routers to manage. |
3. DX Gateway
Components & Description
|
Component |
Description |
|
DX Connection |
Dedicated network link from your on-premises router to AWS. |
|
Virtual Interface (VIF) |
Logical link between DX and DXGW (Private or Transit VIF). |
|
DX Gateway |
The global hub connecting your VIFs to VGWs or TGWs. |
|
VGW / TGW |
VPC gateway used to connect your AWS networks. |
4. How DX Gateway Works (Architecture Overview)
Key Concept:
- DXGW is a logical construct — it doesn’t live in a specific region. twtech can associate it with VPCs in multiple regions using VGW or TGW.
5.
DX Gateway Associations
A. Private VIF Associations
- Private VIF connects to DXGW.
- DXGW associates with Virtual Private Gateways (VGWs) in one or more VPCs.
- Each VGW → One VPC.
- Multi-Region support enabled.
On-Prem → DX → Private VIF → DXGW → VGW → VPCB. Transit VIF
Associations
- Transit VIF connects to DXGW.
- DXGW associates with Transit Gateways (TGWs).
- TGWs can connect to multiple VPCs within or across regions.
On-Prem → DX → Transit VIF → DXGW → TGW → Multiple VPCs 6. BGP
Routing Behavior
- Each
VIF (Private or
Transit) runs
a BGP
session with AWS.
- DXGW
exchanges routes between:
- On-premises networks and AWS VGW/TGW.
- Route propagation can be controlled via BGP filters or TGW route tables.
- CIDR overlaps between VPCs are not supported for DXGW associations.
7. Multi-Region Connectivity (DXGW as a global resource):
- Can connect to VPCs in multiple Regions from a single Direct Connect location.
- Traffic never traverses the public internet.
- Reduces operational overhead for global enterprises.
Sample:
8. Key Differences: VGW vs TGW via DXGW
|
Feature |
DXGW + VGW |
DXGW + TGW |
|
Connectivity |
One VPC per VGW |
Multiple VPCs per TGW |
|
Region
Support |
Multi-region |
Multi-region |
|
Routing |
BGP between DXGW and VGW |
BGP between DXGW and TGW |
|
Flexibility |
Limited |
Highly scalable |
|
Use
Case |
Simple hybrid (single
VPC) |
Enterprise multi-VPC architecture |
9.
Common Design Patterns
A. Hybrid Connectivity
with Private VIF
- On-prem → DX → DXGW → VGWs (VPCs)
- Simple, cost-effective, ideal for 1–3 VPCs.
B. Multi-VPC via
Transit Gateway
- On-prem → DX → Transit VIF → DXGW → TGW → VPCs
- Centralized, scalable, and supports segmentation.
C. Multi-Region
Architecture
- DXGW associated with VPCs across multiple regions.
- Enables private global connectivity over AWS backbone.
10.
Monitoring Services & Operations Purposes
|
Service |
Purpose |
|
Amazon CloudWatch |
DX and DXGW metrics (connection status, throughput, BGP state). |
|
AWS CloudTrail |
Tracks configuration changes. |
|
AWS CLI / SDKs |
Automate DXGW creation and VIF associations. |
|
Route Analysis |
Verify prefixes advertised via BGP. |
11. Security
& Compliance
- DXGW
doesn’t perform encryption itself.
- To
encrypt:
- Use VPN over DX.
- Or enable MACsec on supported DX connections.
- Traffic is private and stays on AWS’s global backbone.
12. Best
Practices of
1. Use Transit Gateway for scale — centralize multi-VPC routing.
2. Enable redundancy — two DX links, different locations.
3. Plan IP addressing — avoid overlapping CIDRs.
4. Monitor actively — CloudWatch alarms for BGP and link health.
5. Secure routing — apply BGP filters for route control.
6. Use DX Gateway Associations — to manage region-based connections efficiently.
13. Sample
Architecture (Redundant DX + DXGW + TGW)
No comments:
Post a Comment