Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How many private virtual interfaces are needed per Direct Connect gateway when accessing VPCs using virtual private gateway associations?

0

This AWS doc has a 10,000 foot overview of different AWS Direct Connect options.

My question is about option 2 in the first diagram - "Private VIF via DXGW".

The diagram shows that two private VIFs are needed (I'm assuming one for each VGW associated with the DXGW), but the text below the first diagram for option 2 also states "A Direct Connect Gateway can connect to up to 20 VPCs (via VGWs) globally in any AWS account over a single private VIF".

Is this an oversight in the documentation, and if so, which is correct?

Topics
Networking & Content Delivery
Tags
VPC Virtual Private GatewayAWS Direct Connect
Language
English
asked 2 months ago70 views
2 Answers
0

Only one Private VIF is needed per Direct Connect connection to access multiple VPCs (up to 20) through a Direct Connect Gateway (DXGW) using virtual private gateway associations. In other words, you only need to set up one single BGP session and one 802.1q VLAN tag.

The diagram you are referring to (option #2) is just an example showing two VPCs connected using a Private VIF and DXGW. Also worth mentioning that option #1 is not recommended. Go with option #2, which allows you to scale for the future.

AWS
EXPERT
answered 2 months ago
  • Tushar Jagdale EXPERT
    2 months ago

    Hi @Jeff, yes, thats a good callout, you can submit doc feedback using the "Provide feedback" hyperlink on that page.

  • Jeff Pang
    2 months ago

    Each orange line on the diagram is a private VIF, correct? If that is the case, shouldn't it be a single orange line from the customer / partner router across the cross connect to the direct connect gateway instead of two?

    Edit: Corrected from "transit gateway" to "direct connect gateway"

-1

When using AWS Direct Connect Gateway (DXGW) with Virtual Private Gateway (VGW) associations, you only need a single private Virtual Interface (VIF) to connect to multiple VPCs. This is one of the key advantages of using a Direct Connect Gateway.

With a Direct Connect Gateway, you can connect to up to 20 VPCs (via their associated VGWs) globally across any AWS account using just one private VIF. This is much more efficient than the direct VIF-to-VPC approach (Option 1), which requires one private VIF per VPC.

The Direct Connect Gateway acts as an aggregation point that allows a single private VIF to provide connectivity to multiple VPCs through their respective VGWs. There is only one BGP peering session per Direct Connect Gateway per Direct Connect connection.

You can have up to 30 private VIFs associated with the same AWS Direct Connect gateway, which means you could potentially connect multiple Direct Connect connections to the same DXGW for redundancy or increased bandwidth, each using its own private VIF.

So to directly answer your question: Only one private VIF is needed per Direct Connect connection to access multiple VPCs (up to 20) through a Direct Connect Gateway using virtual private gateway associations.
Sources
AWS Direct Connect  - Building a Scalable and Secure Multi-VPC AWS Network Infrastructure
AWS DX – DXGW with VGW, Multi-Regions, and AWS Public Peering - Hybrid Connectivity
Traffic Segmentation Options in AWS Direct Connect - Traffic Segmentation Options in AWS Direct Connect

answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content