Profile Applicability:
Level 1
Description:
AWS Direct Connect is a service that allows you to establish a dedicated network connection from your premises to AWS. It provides a more reliable, consistent network experience compared to internet-based connections. However, a single Direct Connect connection can be vulnerable to outages or failures. To ensure higher availability and avoid service disruptions, it is critical to configure redundant Direct Connect connections.
Redundancy in Direct Connect connections is achieved by using multiple connections across separate locations or regions, which provides failover capabilities if one connection becomes unavailable. This SOP ensures that Direct Connect connections are set up with redundancy, ensuring high availability and network resiliency.
Rationale:
Enabling redundant Direct Connect connections is essential to:
Minimize Downtime: Redundant connections provide failover in case of network outages, ensuring continuous service availability.
Increase Reliability: Multiple connections from different physical locations ensure that your network remains operational even if one location experiences issues.
Business Continuity: Ensures uninterrupted communication between on-premises data centers and AWS environments, which is crucial for mission-critical applications and services.
Compliance: Meets the high availability requirements of certain compliance frameworks (e.g., SOC 2, ISO 27001).
Impact:
Pros:
High Availability: Redundant connections ensure continued network performance even if one link fails.
Improved Performance: Distributes the traffic load across multiple connections, improving network reliability and reducing congestion.
Business Continuity: Enables seamless failover between connections, ensuring that the organization’s operations are not impacted by single points of failure.
Cons:
Cost: Setting up and maintaining redundant connections incurs additional charges.
Complexity: Requires careful planning and configuration to ensure that failover mechanisms work seamlessly.
Default Value:
By default, Direct Connect does not include redundant connections. Customers must manually configure redundant connections across different locations or regions for high availability.
Pre-requisite:
AWS IAM Permissions:
directconnect:CreateConnection
directconnect:DescribeConnections
directconnect:CreateVirtualInterface
directconnect:AssociateVirtualInterface
AWS CLI installed and configured.
Existing Direct Connect connection(s).
Understanding of network design and AWS Direct Connect.
Remediation:
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to Direct Connect under Services.
In the Direct Connect Dashboard, check the connections listed.
Verify that at least two Direct Connect connections are active, ideally in different locations or regions for redundancy.
Check the Virtual Interfaces (VIFs) associated with the connections to ensure they are configured for failover between redundant links.
Ensure that Link Aggregation Groups (LAG) are used for traffic distribution across connections if necessary.
Using AWS CLI:
To check existing Direct Connect connections, run:
aws directconnect describe-connections
Verify that multiple connections are listed in different locations.
To check for redundant links or a Link Aggregation Group (LAG), run:
aws directconnect describe-lags
Confirm that a LAG is set up across different connections to ensure traffic is automatically rerouted in the event of a failure.
To verify Virtual Interfaces (VIFs) are correctly configured, run:
aws directconnect describe-virtual-interfaces
Ensure that the VIFs are associated with redundant connections.
Implementation Steps:
Using AWS Console:
Sign in to the AWS Management Console and navigate to Direct Connect.
Under Connections, check the existing Direct Connect connections.
If you do not have redundant connections:
Click Create connection and choose a separate location or region for the second connection.
Create a Link Aggregation Group (LAG) to ensure that the two connections can be used together for failover and load balancing.
Create Virtual Interfaces (VIFs) for each connection and ensure that they are associated with redundant connections.
Verify the connections by checking CloudWatch metrics and ensuring the redundancy mechanism works as expected.
Using AWS CLI:
To create a redundant Direct Connect connection in a different location, run:
aws directconnect create-connection --location <location-id> --connection-name <connection-name> --bandwidth <bandwidth> --port-encoding <port-encoding>
To create a Link Aggregation Group (LAG), run:
aws directconnect create-lag --lag-name <lag-name> --connections <connection-id1> <connection-id2> --location <location-id> --bandwidth <bandwidth>
To create and associate Virtual Interfaces (VIFs) with the connections, use:
aws directconnect create-virtual-interface --connection-id <connection-id> --new-vif-name <vif-name> --vlan <vlan-id> --address-family IPv4
Verify the redundant connections by running:
aws directconnect describe-connections
To confirm the configuration of LAGs, run:
aws directconnect describe-lags
Backout Plan:
If creating redundant Direct Connect connections causes issues (e.g., connectivity problems, misconfigurations):
Identify the affected connection or Link Aggregation Group (LAG).
To remove a connection, run:
aws directconnect delete-connection --connection-id <connection-id>
To remove a Link Aggregation Group (LAG), run:
aws directconnect delete-lag --lag-id <lag-id>
Verify the Direct Connect configuration and ensure that only the intended connections remain active.
Note :
Monitoring: Set up CloudWatch monitoring for your Direct Connect connections to ensure their availability and performance. Set up alarms for when a connection becomes unavailable.
Cost: Ensure that the redundant connections are justified from a cost perspective, as additional Direct Connect connections and LAGs incur extra charges.