For use cases where resources in an AWS Local Zone need to communicate with resources in an on-premises data center in that same metro area, there are two basic approaches. The first is a physical connection via AWS Direct Connect and the second is a virtual connection via a VPN over the public internet. Both approaches have benefits and drawbacks, which must be weighed in light of the requirements and constraints that a given project is operating within.
AWS Direct Connect
AWS Direct Connect is a service that provides dedicated network connections from on-premises environments (such as a corporate data center) to AWS. Instead of using the public internet for AWS data transfer, Direct Connect offers a private, high-bandwidth, and consistent network experience. It often results in reduced network costs and increased bandwidth throughput and provides a more consistent network experience than typical internet-based connections.
An AWS Direct Connect Location refers to the specific physical place where AWS has partnered with colocation facilities around the world to provide access points to its network. These locations act as network access points into AWS, allowing users to establish dedicated network connections from their on-premises environments to AWS.
Note that while any given location is tied to a specific AWS Region, this is a management construct only. All AWS Direct Connect Locations connect to all AWS Regions, including AWS GovCloud Regions. They also connect to all AWS Local Zones as well as to other AWS Direct Connect Locations.
Figure 6.9 – Latency from the AWS Direct Connect Location PhoenixNAP
This means traffic from your on-premises data center will be routed directly to the AWS Local Zone in the same metro area, even if the AWS Direct Connect Location you are connected to is logically tied to a different parent region. The previous figure illustrates the logical situation.
Physical networking—dedicated connection
An AWS Direct Connect Location physically consists of an AWS-managed footprint within a cage of a major colocation facility. Due to this, it is not uncommon that customers themselves have a cage in the same colocation facility. In these cases, a dedicated connection may be ordered. The following figure shows an example of this configuration in the IPB facility in Berlin:
Figure 6.10 – AWS Direct Connect in Berlin
Notice the cross-connect between the customer and AWS cages. This is a physical cable that runs through a meet-me room and is ultimately terminated on patch panels on either side.