Performance - Hybrid Connectivity



A definition of the noun performance is how well something does its intended function. In the content of this whitepaper, we have hybrid connectivity which has intended function of delivering network traffic between on-premises network and the AWS Cloud. There are multiple factors which influence network performance such as latency, packet loss, jitter, and bandwidth. Depending on applications requirements the importance of each of these factors can vary.

Impact on design decision

Based on your application requirements, you need to identify and prioritize the network performance factors that impact your application behavior and user experience. To give further context, we define key factors which impact your connectivity type selection:

  • Bandwidth: the maximum data transfer rate of a connection.

  • Throughput: the successful transfer rate over a network path which an application can achieve.

  • Traffic flow: a flow represents a single, point-to-point network connection between a source and destination.

  • Latency: time taken for a packet to go from source to destination over a network connection.

Having a lot of bandwidth, doesn’t mean that application can use all of it and achieve required throughput. VPNs can restrict throughput due to tunneling overheads. Application might require to use multiple traffic flows in parallel if it is hitting per traffic flow bandwidth limit. Some application might require deterministic performance over a high-bandwidth connection, while others may require both deterministic performance and high bandwidth.

Example: Business requirements may state that certain activity has to complete within a defined amount of time. As example, a backup window has a duration of 4 hours or a batch processing job must be completed before the start of business hours. The business requirement(s) leads to understanding of technical requirement(s). How much data needs to be copied during the backup window and the throughput required to achieve it. Virtual Desktop Infrastructure (VDI) where a user interacts with an interface streamed as image over a network connection is sensitive to latency. Delay between input and resultant action affecting user experience. Other applications may not operate well even when latency is low if there is an occasional jitter. Jitter means there is an unpredictable delay. Voice-based applications are susceptible to poor voice quality due to jitter.

Requirement definition

  • What are the most critical network performance factors for your applications?

  • What is the required throughput? (e.g. 10Gbps symmetric)

  • What is the maximum acceptable latency between AWS and on-premises network? (AWS can recommend Direct Connect location selection but does not provide latency guarantees)

  • What is the maximum acceptable network variance (jitter)?

Technical solutions

When predictable latency and throughput are required, AWS Direct Connect is the recommended choice. It provides deterministic performance. Bandwidth could be selected based on throughput requirements. AWS recommends using AWS Direct Connect when a customer requires a more consistent network experience than -based connections. Private VIF and Transit VIF support jumbo frames which reduce number of packets (and overheads) through the network and can improve throughput.

Using a VPN over AWS Direct Connect adds encryption. However, it reduces MTU size which might reduce throughput. AWS managed S2S VPN technical capabilities can be found in the technical documentation. It is worth noting that AWS Transit Gateway allows customers to horizontally scale the number of VPN connections and throughput accordingly with Equal-cost multi-path routing (ECMP). More information on this is in traffic engineering subsection found later in this paper.

Another option is to use a site-to-site VPN over the internet. Bandwidth available over internet has been steadily growing over the years. While it is an attractive option due to low cost and almost universally accessible, keep in mind that performance over the internet is best effort but it can provide high bandwidth considering your on-premises access speed. internet weather events, congestion, increased latency periods are not unusual. AWS does offer a solution with AWS Accelerated S2S VPN which can mitigate some of the downsides of the internet. The Accelerated S2S VPN uses AWS Global Accelerator which allows VPN traffic to enter AWS network as early as possible and as close as possible to the customer gateway device. This option helps organizations optimize their VPN over the internet. It optimizes the network path, using the congestion-free AWS global network to route traffic to the endpoint that provides the best application performance. You can use an accelerated VPN connection to avoid network disruptions that might occur when traffic is routed over the public internet.

Figure 4 – Performance consideration decision tree