I had some discussion about AWS (Amazon Web Services) and how to connect to their services, especifically when you run production workloads on virtual machines in AWS. Bringing workloads to public clouds, means that your business and/or your customers are more depended on their (internet) connectivity to be able to reach the workloads running on public cloud environment.
There are a multiple solutions out there to make your internet facing connections highly available. Bandwidth-wise there aren’t really any challenges, aside from the costs… in the Netherlands at least. It is easy to get a 1GbE or better connection from your datacenter or office location(s).
The thing we were discussing about, is the latency between you and your public cloud services. Even though it’s strongly depending on what workloads you are planning to run in AWS, you want a decent user experience. Thus a lowest possible network latency towards that workload. That brings us to www.cloudping.info. A nifty web tool to give you an idea on what your latency is to the regions from where AWS offers their services. It’s output looks like this:
Since I’m in the Netherlands, the EU Frankfurt site in Germany is the closest AWS site for me. So an average ping time of 23ms… Note: This number is depending strongly on how your internet provider or your datacenter is connected to AWS via peering on various Internet Exchanges or via transits.
It is interesting to discuss about how ‘good’ or bad 23ms really is.
But if the latency is not up to par, and you are planning to offload some serious workloads in AWS, you do have another option! You are able to connect to AWS via AWS Direct Connect rather that over the internet using VPN.
What is it?
So AWS Direct Connect is what it says it is. It is a direct connection from your internal network(s) to the AWS services either over a direct 1GbE or 10GbE connection(s).
Lower latency is cool, but there are more advantages using Direct Connect. Think about:
- Savings on bandwidth on your internet feed.
- More predictable network performance and capacity towards your workloads.
- Private connection instead off traversing the internet.
- No need for slow(er) and perhaps more complex VPN constructions.
- Ability to configure multiple virtual interfaces using VLANs. It is even a requirement that your terminating device supports 802.1Q VLANs.
Needless to say, there will be costs involved. You will be charged for a port-per-hour rate and per GB of data transfer Out of AWS. Data transfers In are free of charge.
The sites on where to direct connect with AWS are scarce. Looking at my situation, I will be able to order a Direct Connection from the Equinix AM3 site to and from the EU Central (Frankfurt) region. That still means I need to have connectivity from my datacenter/office to the Equinix AM3.
Even if your network is not present at an AWS Direct Connect location, you are still able to use the so called AWS APN Partners. These partners will help you connect your network to a AWS Direct Connect location.
Check the following links for more information:
- AWS Direct Connect information: aws.amazon.com/directconnect
- AWS Direct Connect locations and pricing: aws.amazon.com/directconnect/pricing/
- APN Partners: aws.amazon.com/directconnect/partners/#emea
It makes perfect sense to me to have a dedicated, direct connection to your public cloud provider of choice if you are planning on running serious production workloads there. It is good to understand what the impact of the latency is for your business and/or customer. So keep this topic in check when architecting your infrastructure when it incorporates public clouds!
I’m pretty curious to see who out there is currently using AWS Direct Connect or it’s Google and Azure equivalent Google Direct Cloud or Azure ExpressRoute. Please let me know if you use any of these!!