AWS re:Invent 2025 - Hybrid connectivity at scale: A deep dive into AWS Direct Connect (NET403)

Source: Dev.to

Introduction

Good afternoon everyone. Welcome to the session NET403: Hybrid Connectivity at Scale – a deep dive into AWS Direct Connect.

My name is Steve Seymour, Worldwide Tech Leader for Networking and Solutions Architecture at AWS. I’ve been presenting on Direct Connect since 2016. Joining me is Josh Dean, Sr. Product Manager on the AWS Direct Connect team.

We’ll explore why Direct Connect is more than just VLANs and 802.1Q tagging, covering both the physical and logical layers, BGP routing, troubleshooting, cost considerations, and new multi‑cloud capabilities.

Physical Infrastructure

Direct Connect Locations & Port Types

• Direct Connect is offered at many global locations. Each location lists the associated AWS region and the features it supports.
• Available port speeds: 1 Gbps, 10 Gbps, 100 Gbps, 400 Gbps. Not every location offers every speed, so consult the location table on the AWS website.
• When ordering a connection you must decide whether you need MACsec‑enabled ports (encryption). This choice is made at order time; it cannot be changed later.

Ordering a Connection

1. Choose a name for the connection.
2. Select the desired location from the list.
3. Indicate if you require a MACsec‑capable port.
4. Submit the request.

Typical quota: 10 connections per location per region (adjustable via a support request).

Meet‑Me Rooms & LOA‑CFA

• After ordering, AWS provides an LOA‑CFA (Letter of Authorization – Connecting Facility Assignment).
• The LOA‑CFA authorizes you to plug into a specific port in the meet‑me room (e.g., Equinix TY2).
• You then arrange a cross‑connect from the meet‑me room port to your on‑premises equipment.

Logical Infrastructure

Virtual Interface (VIF) Types

Direct Connect Gateway

• Enables a single Direct Connect connection to reach multiple AWS regions and multiple VPCs.
• Acts as a hub for private and transit VIFs, simplifying routing and reducing the number of required physical connections.

BGP Routing Strategies

• AS‑Path Prepending – Increase the AS path length for less‑preferred routes.
• Local Preference Communities – Influence inbound traffic selection within AWS.
• Prefix filters and route‑maps can be applied on both the on‑premises router and the AWS side to control advertised prefixes.

Troubleshooting & Monitoring

• “Rolling the fiber” – A technique to resolve polarity issues by physically rotating the fiber patch cable.
• CloudWatch Metrics – Monitor light levels, connection state, and data throughput.
• Conduct failover testing by simulating link loss and verifying traffic reroutes as expected.

Cost Calculation

Pricing components include:

Example calculations illustrate how a 10 Gbps port with 5 TB of outbound data and a Transit Gateway attachment can be cost‑modeled.

New Feature: Database Interconnect Multi‑Cloud

• Direct Connect now supports Database Interconnect to connect AWS to Google Cloud (and other clouds) over a dedicated, low‑latency link.
• This enables cross‑cloud database replication and analytics without traversing the public internet.

Designing for Resilience

• Maximum Resiliency Architecture: Deploy four connections across two separate locations.
• This design provides redundancy against site‑level failures, fiber cuts, and equipment outages.
• Combine with BGP failover policies and health‑check monitoring for automated recovery.

Summary

• Direct Connect has grown from a single‑region, single‑VPC link to a robust, multi‑region, multi‑cloud networking solution.
• Proper planning of location, port speed, MACsec, VIF type, and routing policies is essential for a successful deployment.
• Monitoring, troubleshooting, and cost‑optimization practices help maintain performance and control spend.
• Leveraging new capabilities such as Database Interconnect and a resilient multi‑connection architecture positions your organization for scalable, secure hybrid cloud connectivity.