Performance - Hybrid Connectivity



A definition of performance is how well something does its intended function. In the content of this whitepaper, we have hybrid connectivity which has intended function of delivering network traffic between on-premises network and the AWS Cloud. There are multiple factors which influence network performance such as latency, packet loss, jitter, and bandwidth. Depending on applications requirements the importance of each of these factors can vary.

Impact on design decision

Based on your application requirements, you need to identify and prioritize the network performance factors that impact your application behavior and user experience. To give further context, we define key factors which impact your connectivity type selection:

  • Bandwidth – the maximum data transfer rate of a connection.

  • Throughput – the successful transfer rate over a network path which an application can achieve.

  • Traffic flow – a flow represents a single, point-to-point network connection between a source and destination.

  • Latency – the time taken for a packet to go from source to destination over a network connection.

Having a lot of bandwidth, doesn’t mean that application can use all of it and achieve required throughput. VPNs can restrict throughput due to tunneling overheads. An application might require the use of multiple traffic flows in parallel if it is hitting a per-flow bandwidth limit. Some application might require deterministic performance over a high-bandwidth connection, while others may require both deterministic performance and high bandwidth.

For example, business requirements might state that certain activity must complete within a defined amount of time. Perhaps a backup window has a duration of four hours or a batch processing job must be completed before the start of business hours. The business requirements lead to an understanding of the technical requirements. How much data needs to be copied during the backup window and the throughput required to achieve it. Virtual desktop infrastructure (VDI), where a user interacts with an interface streamed as image over a network connection is sensitive to latency. Delay between input and resulting action can affect user experience. Other applications may not operate well even when latency is low if there is an occasional jitter. Jitter means there is an unpredictable delay. Voice-based applications are susceptible to poor voice quality due to jitter.

Requirement definition

  • What are the most critical network performance factors for your applications?

  • What is the required throughput? (e.g., 10Gbps symmetric)

  • What is the maximum acceptable latency between AWS and on-premises network? (AWS can recommend a Direct Connect location selection but does not provide latency guarantees)

  • What is the maximum acceptable network variance, or jitter?

Technical solutions

When predictable latency and throughput are required, Direct Connect is the recommended choice. Bandwidth could be selected based on throughput requirements. We recommend using Direct Connect when a customer requires a more consistent network experience than internet-based connections. It also provides deterministic performance. Private VIF and transit VIF both support jumbo frames (9001 and 8500 bytes, respectively), which reduce number of packets and overheads through the network and can improve throughput.

Using a VPN over AWS Direct Connect adds encryption. However, it reduces MTU size, which might reduce throughput. For more information about technical capabilities, see Traffic engineering.

Note that AWS Transit Gateway allows customers to horizontally scale the number of VPN connections and throughput accordingly with equal-cost multi-path routing (ECMP). For more information, see Traffic engineering.

Another option is to use a Site-to-Site VPN over the internet. Bandwidth available over internet has been steadily growing over the years. While it is an attractive option due to low cost and is almost universally accessible; keep in mind that performance over the internet is best effort but it can provide high bandwidth considering your on-premises access speed. Internet weather events, congestion, increased latency periods are not unusual. AWS does offer a solution with Accelerated Site-to-Site VPN connections, which can mitigate some of the downsides of the internet. The Accelerated Site-to-Site VPN uses AWS Global Accelerator which allows VPN traffic to enter AWS network as early as possible and as close as possible to the customer gateway device. This option helps organizations optimize their VPN over the internet. It optimizes the network path, using the congestion-free AWS global network to route traffic to the AWS Site-to-Site VPN endpoint. You can use an accelerated VPN connection to avoid network disruptions that might occur when traffic is routed over the public internet.

Performance consideration decision tree

Figure 1 – Performance consideration decision tree