Dual on-premises sites with multiple DX connections example

The scenario illustrated in the figure 14 shows two on-premises data center sites located in different geographical Regions. They are connected to AWS using the Maximum Resiliency connectivity model (described in the AWS Direct Connect Resiliency Recommendations) using AWS DX with DXGW and VGW. These two on-premises sites are interconnected to each other over a data center interconnect (DCI) link.

One of the on-premises IP prefixes (192.168.0.0/16) that belongs to remote branch sites is advertised from both on-premises data center sites. The primary path for this prefix should be Corporate data center 1. Traffic to and from the remote branch sites will failover to Corporate data center 2 in a failure event of data center 1 or both DX locations. Also, there is site-specific IP prefix for each data center. These prefixes need to be reached directly and via the other data center site in case of both DX locations failure.

By associating BGP Community attributes with the routes advertised to AWS DXGW, you can influence the egress path selection from AWS DXGW side. With these values, you can control the value of the BGP Local_Preference attribute that is to be assigned to the advertised route. For more information refer to AWS DX Routing policies and BGP communities.

In addition, to maximize the reliability of the connectivity at the AWS Region level, each pair of AWS DX connections configure with ECMP, where both can be utilized at the same time for data transfer between each on-premises site and AWS.

Figure 1 – Dual on-premises sites with multiple DX connections example

With this design, the traffic flows destined to the on-premises networks (with the same advertised prefix length and BGP community) will be distributed across the dual DX connections per site using ECMP. However, if ECMP is not required across the DX connection, the same concept described in Routing policies and BGP communities can be used to further engineer the path selection at a DX connection level.

Note

If there are security devices in the path within the on-premises data centers, these devices need to be configured to allow traffic flows leaving over one DX link and coming from another DX link (both links utilized with ECMP) within the same data center site.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Dual Site-to-Site VPN connections with more specific routes example

VPN connection as a backup to AWS DX connection example