Architecture Diagrams
Active/Active and Active/Passive
Configurations in AWS Direct Connect
Copyright © 2024 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
Active/Active and Active/Passive Configurations in AWS Direct
Connect: Architecture Diagrams
Copyright © 2024 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service
that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any
manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are
the property of their respective owners, who may or may not be affiliated with, connected to, or
sponsored by Amazon.
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
Table of Contents
Home ................................................................................................................................................. i
Active/Active with Private/Transit VIF Diagram .................................................................................... 1
Active/Passive with Private/Transit VIF Diagram ................................................................................... 3
Active/Active with Public VIF Diagram .................................................................................................... 5
Active/Passive with Public VIF Diagram .................................................................................................. 7
Download editable diagram ....................................................................................................................... 8
Create a free AWS account ......................................................................................................................... 8
Further reading ............................................................................................................................................. 8
Contributors ................................................................................................................................................... 8
Diagram history ............................................................................................................................................ 9
iii
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
Active/Active and Active/Passive Configurations in AWS
Direct Connect
Publication date: September 21, 2023 (Diagram history)
Service Level Agreement (SLA)
Amazon Web Services offers customers the ability to achieve highly-resilient network connections
between Amazon Virtual Private Cloud (Amazon VPC) and their on-premises infrastructure. The
AWS Direct Connect Resiliency Toolkit provides a connection wizard with multiple resiliency
models. These models help you to determine and then place an order for the number of dedicated
connections to achieve your SLA objective.
This reference architecture focuses on the Maximum Resiliency model, which provides you with a
way to order dedicated connections to achieve an SLA of 99.99%. You can find the requirements in
the AWS Direct Connect Service Level Agreement.
Link aggregation groups (LAGs) and Equal Cost Multi Path (ECMP)
For Active/Active mode, you can leverage LAGs for dedicated AWS Direct Connect connections,
terminating on the same AWS Direct Connect endpoint. This will load balance traffic across all
connections in the LAG on layer 2. This will not protect against failure on the AWS Direct Connect
endpoint or the whole AWS Direct Connect location.
With ECMP, you can load balance traffic across multiple connections and AWS Direct Connect
locations on layer 3. You can influence path behaviour by longest prefix match and Border Gateway
Protocol (BGP) attributes. This allows for setting up Active/Active or Active/Passive configurations.
Active/Active with Private/Transit VIF Diagram
Build Active/Active configuration with Transit/Private Virtual Interface (VIF) for max resiliency.
Have redundant AWS Direct Connect connections inside each AWS Direct Connect location as well
as across locations, customer data centers, and devices. This configuration offers customers max
resilience to failure. Such a topology ensures resilience to connectivity failure due to a fiber cut or a
device failure as well as a complete location failure.
• Transit/Private VIF: You can create Active/Active by ensuring advertised prefixes, local
preference, autonomous system (AS) path, and Multi-Exit Discriminator (MED) values are the
Active/Active with Private/Transit VIF Diagram 1
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
same. With that you influence incoming traffic from AWS. These options are not mutually
exclusive and can be used together.
• Active/Active: Traffic is load-shared between interfaces based on flow via ECMP. If one
connection becomes unavailable, then all traffic is routed through the other connections.
1. AWS Direct Connect gateway is a global construct and AWS takes care of its availability.
2. When you request multiple ports at the same AWS Direct Connect location, they will be
provisioned on redundant AWS equipment.
3. AWS Direct Connect supports multipathing to multiple virtual interfaces within the same
location, and traffic is load-shared between interfaces based on flow. If one connection becomes
unavailable, all traffic is routed through the other connection.
4. Have the redundant AWS Direct Connect connections terminate on different customer/partner
routers inside the AWS Direct Connect location.
5. AWS Direct Connect connections have to be brought down for regular scheduled maintenance.
Therefore, use multiple connections.
6. Have the redundant AWS Direct Connect connections terminate on different routers inside your
data center.
Active/Active with Private/Transit VIF Diagram 2
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
7. Use multiple AWS Direct Connect connections across multiple AWS Direct Connect locations.
8. Use multiple AWS Direct Connect connections across multiple customer sites.
9. Advertise the same prefixes across all AWS Direct Connect connections for Active/Active setup.
10.If prefixes are the same, a higher local preference is preferred. By using BGP communities you
can set the local preference from 7224:7100/7200/7300 where 7100 is low, 7200 is medium,
and 7300 is high preference. Use the same local preference across all AWS Direct Connect
connections for an Active/Active setup.
11.If local preference is the same, shortest AS paths are preferred across AWS Direct Connect
connections associated with the same AWS Region. Use the same AS path length across all AWS
Direct Connect connections for an Active/Active setup.
12.If AS path lengths are the same, a lower MED value will be preferred. For an Active/Active setup,
use the same MED value for all AWS Direct Connect connections.
13.You can create LAGs for dedicated connections terminating at the same AWS Direct Connect
endpoint. All connections in a LAG operate in Active/Active mode.
Active/Passive with Private/Transit VIF Diagram
Build Active/Passive configuration with Transit/Private VIF for max resiliency. Have redundant AWS
Direct Connect connections inside each AWS Direct Connect location as well as across locations,
customer data centers and devices. This configuration offers customers max resilience to failure.
Such a topology ensures resilience to connectivity failure due to a fiber cut or a device failure as
well as a complete location failure.
• Transit/Private VIF: You can create Active/Passive setups in multiple ways by controlling
advertised prefixes, local preference, AS path and MED value. With that you influence incoming
traffic from AWS. These options are not mutually exclusive and can be used together.
• Active/Passive: One connection handles traffic, and the others are on standby. If the active
connection becomes unavailable, then all traffic is routed through the passive connections.
Active/Passive with Private/Transit VIF Diagram 3
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
1. AWS Direct Connect gateway is a global construct and AWS takes care of its availability.
2. When you request multiple ports at the same AWS Direct Connect location, they will be
provisioned on redundant AWS equipment.
3. Have the redundant AWS Direct Connect connections terminate on different customer/partner
routers inside the AWS Direct Connect location.
4. AWS Direct Connect connections have to be brought down for regular scheduled maintenance.
Therefore, use multiple connections.
5. Have the redundant AWS Direct Connect connections terminate on different routers inside your
data center.
6. Leverage multiple AWS Direct Connect connections across multiple AWS Direct Connect
locations.
7. Leverage multiple AWS Direct Connect connections across multiple customer sites.
8. By advertising more specific prefixes you can prefer one AWS Direct Connect connection over
the others.
9. If prefixes are the same, a higher local preference is preferred. By using BGP communities you
can set a local preference from 7224:7100/7200/7300 where 7100 is low, 7200 is medium, and
Active/Passive with Private/Transit VIF Diagram 4
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
7300 is high preference. Use a higher local preference to prefer a specific AWS Direct Connect
connection over others.
10.If local preference is the same, shortest AS paths are preferred. You can use AS path prepending
for AWS Direct Connect connections associated with the same AWS Region. AWS will prefer the
shorter AS path for multiple virtual interfaces in a Region.
11.Use a lower MED value to prefer a specific AWS Direct Connect connection.
Active/Active with Public VIF Diagram
Build Active/Active configuration with Public VIF for max resiliency. Have redundant AWS Direct
Connect connections inside each AWS Direct Connect location as well as across locations, customer
data centers, and devices. This configuration offers customers max resilience to failure. Such a
topology ensures resilience to connectivity failure due to a fiber cut or a device failure as well as a
complete location failure.
• Public VIF: You can create Active/Active with a public Autonomous System Number (ASN) by
ensuring advertised prefixes, Local Preference and AS path values are the same. These options
are not mutually exclusive and can be used together.
• Active/Active: Traffic is load-shared between interfaces based on flow via ECMP. If one
connection becomes unavailable, then all traffic is routed through the other connection(s).
If you're using a private ASN, load balancing on a public virtual interface is not supported.
Active/Active with Public VIF Diagram 5
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
1. When you request multiple ports at the same AWS Direct Connect location, they will be
provisioned on redundant AWS equipment.
2. AWS Direct Connect supports multipathing to multiple virtual interfaces within the same
location, and traffic is load-shared between interfaces based on flow. If one connection becomes
unavailable, all traffic is routed through the other connection.
3. Have the redundant AWS Direct Connect connections terminate on different customer/partner
routers inside the AWS Direct Connect location.
4. AWS Direct Connect connections have to be brought down for regular scheduled maintenance.
Therefore, use multiple connections.
5. Have the redundant AWS Direct Connect connections terminate on different routers inside your
data center.
6. Leverage multiple AWS Direct Connect connections across multiple AWS Direct Connect
locations.
7. Leverage multiple AWS Direct Connect connections across multiple customer sites.
8. Advertise the same prefixes across all AWS Direct Connect connections for Active/Active setup.
9. If prefixes are the same, shortest AS paths are preferred. Use the same AS path length across all
AWS Direct Connect connections for an Active/Active setup.
Active/Active with Public VIF Diagram 6
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
Active/Passive with Public VIF Diagram
Build Active/Passive configuration with Public VIF for max resiliency. Have redundant AWS Direct
Connect connections inside each AWS Direct Connect location as well as across locations, customer
data centers and devices. This configuration offers customers max resilience to failure. Such a
topology ensures resilience to connectivity failure due to a fiber cut or a device failure as well as a
complete location failure.
• Public VIF: You can create Active/Passive with a public ASN by controlling advertised prefixes
and AS path. You can create Active/Passive with a private ASN by controlling advertised prefixes.
• Active/Passive: One connection handles traffic, and the others are on standby. If the active
connection becomes unavailable, then all traffic is routed through the passive connections.
1. When you request multiple ports at the same AWS Direct Connect location, they will be
provisioned on redundant AWS equipment.
2. Have the redundant AWS Direct Connect connections terminate on different customer/partner
routers inside the AWS Direct Connect location.
Active/Passive with Public VIF Diagram 7
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
3. AWS Direct Connect connections have to be brought down for regular scheduled maintenance.
Therefore, use multiple connections.
4. Have the redundant AWS Direct Connect connections terminate on different routers inside your
data center.
5. Leverage multiple AWS Direct Connect connections across multiple AWS Direct Connect
locations.
6. Leverage multiple AWS Direct Connect connections across multiple customer sites.
7. By advertising more specific prefixes, you can prefer one AWS Direct Connect connection over
the others.
8. For public ASNs, if prefixes are the same, shortest AS paths are preferred. Use shorter AS path
length to prefer a specific AWS Direct Connect connection over the others.
Download editable diagram
To customize this reference architecture diagram based on your business needs, download the ZIP
file which contains an editable PowerPoint.
Create a free AWS account
Sign up for an AWS account. New accounts include 12 months of AWS Free Tier access, including
the use of Amazon EC2, Amazon S3, and Amazon DynamoDB.
Further reading
For additional information, refer to
• AWS Architecture Icons
• AWS Architecture Center
• AWS Well-Architected
Contributors
Contributors to this reference architecture diagram include:
Download editable diagram 8
Active/Active and Active/Passive Configurations in AWS Direct Connect Architecture Diagrams
• Michael Graumann, Senior Solutions Architect, Amazon Web Services
Diagram history
To be notified about updates to this reference architecture diagram, subscribe to the RSS feed.
Change Description Date
Update Reference architecture
diagram updated
September 21, 2023
Initial publication Reference architecture
diagram first published.
July 18, 2022
Note
To subscribe to RSS updates, you must have an RSS plugin enabled for the browser you are
using.
Diagram history 9
