Dual on-premises sites with multiple DX connections example - Hybrid Connectivity

Dual on-premises sites with multiple DX connections example

The scenario illustrated in Figure 14 shows two on-premises data center sites located in different geographical Regions, and connected to AWS using the Maximum Resiliency connectivity model (described in the AWS Direct Connect Resiliency Recommendations) using AWS DX with DXGW and VGW. These two on-premises sites are interconnected to each other over a data center interconnect (DCI) link. One of the on-premises IP prefixes (192.168.0.0/16) that belongs to remote branch sites, is advertised from both on-premises data center sites. The primary path for this prefix should be data center 1. Traffic to and from the remote branch sites will failover to data center 2 in a failure event of data center 1 or both DX locations. Also, there is site-specific IP prefix for each data center. These prefixes need to be reached directly, and via the other data center site in case of both DX locations failure.

By associating BGP Community attributes with the routes advertised to AWS DXGW, you can influence the egress path selection from AWS DXGW side. Because with these values you can control the value of the BGP Local_Preference attribute that to be assigned to the advertised route. For more information refer to AWS DX Routing policies and BGP communities.

In addition, to maximize the reliability of the connectivity at the AWS Region level, each pair of AWS DX connections configure with ECMP where both can be utilized at the same time for data transfer between each on-premises site and AWS.

Figure 14 – Dual on-premises sites with multiple DX connections example

With this design, the traffic flows detinned to the on-premises networks (with the same advertised prefix length and BGP community) will be distributed across the dual DX connections per site using ECMP. However, if ECMP is not required across the DX connection, the same concept discussed earlier and described in the Routing policies and BGP communities documentation can be used to further engineer the path selection at a DX connection level.

Note

If there are security devices in the path within the on-premises data centers, these devices need to be configured to allow traffic flows leaving over one DX link and coming from another DX link (both links utilized with ECMP) within the same data center site.