Welcome to Direct Connect

Welcome everyone! Today we're diving deep into AWS Direct Connect with Transit Gateway - one of the most powerful networking combinations in AWS.

I've been working with Direct Connect for over 5 years, and I can tell you that the introduction of Transit Gateway has completely transformed how we design enterprise network architectures.

By the end of this presentation, you'll understand exactly when to use each VIF type, how to configure them properly, and most importantly - how to avoid the common pitfalls I've seen teams struggle with.

The Traditional Challenge

Before Transit Gateway, connecting on-premises to multiple VPCs was a nightmare. I remember one client who had 15 VPCs and needed individual VPN connections or Direct Connect attachments to each one.

This diagram shows the old way - notice how complex it gets with just 3 VPCs. Imagine scaling this to 50 or 100 VPCs!

Each connection required separate BGP sessions, individual route management, and worst of all - no inter-VPC communication without additional complexity.

The Transit Gateway Solution

Now look at this architecture - this is the power of Transit Gateway! One connection from on-premises reaches all your VPCs through a single hub.

What makes this beautiful is that Transit Gateway acts as a cloud router. Your on-premises network sees just one BGP peer, but it can reach workloads across multiple VPCs and even multiple regions.

I've implemented this for clients who went from managing 20+ BGP sessions down to just 2 or 3. The operational simplicity is game-changing.

Understanding VIF Types

Here's where it gets interesting - AWS gives us three different types of Virtual Interfaces, and choosing the wrong one can limit your architecture for years.

Private VIF is the traditional approach - it connects to individual VPCs through a Virtual Gateway. It's like having a dedicated lane on the highway to one destination.

Public VIF is special - it only connects to AWS public services like S3 and DynamoDB. Many people don't realize this VIF type exists, but it's crucial for high-bandwidth access to AWS services.

Transit VIF is the newcomer and game-changer - it's specifically designed for Transit Gateway and supports up to 100 Gbps per VIF. This is where the future is headed.

VGW vs Transit Gateway Decision

This is probably the most common question I get: "Do I need a Virtual Gateway if I'm using Transit Gateway?" The answer is a definitive NO for most modern use cases.

I see this decision point with every client. The traditional path with VGW is simpler initially, but it doesn't scale. If you have any chance of adding more VPCs - and let's be honest, most organizations do - go with Transit Gateway from day one.

The cost difference is minimal, but the architectural flexibility you gain is enormous. I've never had a client regret choosing Transit Gateway over VGW.

AWS Direct Connect with Transit Gateway

Complete Architecture Guide

Understanding VIF types, configuration options, and best practices for enterprise-scale hybrid cloud connectivity

graph LR A[On-Premises] -->|Direct Connect| B[AWS Cloud] B --> C[Multiple VPCs] B --> D[Public Services] B --> E[Cross-Region] style A fill:#e1f5fe style B fill:#f3e5f5 style C fill:#e8f5e8 style D fill:#fff3e0 style E fill:#fce4ec

The Traditional Networking Challenge

graph TB subgraph "On-Premises" OP[Data Center] end subgraph "AWS - Old Way" VGW1[VGW 1] --> VPC1[VPC Production] VGW2[VGW 2] --> VPC2[VPC Development] VGW3[VGW 3] --> VPC3[VPC Staging] end OP -.->|VPN/DX| VGW1 OP -.->|VPN/DX| VGW2 OP -.->|VPN/DX| VGW3 style VGW1 fill:#ffcdd2 style VGW2 fill:#ffcdd2 style VGW3 fill:#ffcdd2

Problems with Traditional Approach:

Multiple BGP sessions to manage
No inter-VPC communication
Operational complexity scales linearly
Limited cross-region capabilities

Transit Gateway: The Modern Solution

graph TB subgraph "On-Premises" OP[Data Center] end subgraph "AWS - Modern Way" TGW[Transit Gateway] VPC1[VPC Production] VPC2[VPC Development] VPC3[VPC Staging] VPC4[VPC Cross-Region] end OP -->|Single DX Connection| TGW TGW --> VPC1 TGW --> VPC2 TGW --> VPC3 TGW -.->|TGW Peering| VPC4 style TGW fill:#c8e6c9 style OP fill:#e1f5fe

                    Transit Gateway Benefits:
                    Single BGP session management
Automatic inter-VPC routing
Simplified operational model
Cross-region connectivity via peering

                

Three Types of Virtual Interfaces (VIFs)

Private VIF

Purpose: Connect to VPCs

IP Type: Private (RFC 1918)

Max Bandwidth: 10 Gbps

Connects To: VGW or DX Gateway

Public VIF

Purpose: AWS Public Services

IP Type: Public IPs

Max Bandwidth: 10 Gbps

Connects To: S3, DynamoDB, etc.

Transit VIF (Recommended)

Purpose: Optimized for Transit Gateway

IP Type: Private (RFC 1918)

Max Bandwidth: 100 Gbps

Connects To: DX Gateway → Transit Gateway

Do You Need a Virtual Gateway?

Scenario VGW Approach Transit Gateway Approach Recommendation Single VPC, Simple Private VIF → VGW → VPC Transit VIF → TGW → VPC Transit Gateway Multiple VPCs Multiple VGWs (complex) Single TGW (simple) Transit Gateway Cross-Region Not supported TGW Peering Transit Gateway High Bandwidth 10G max per VIF 100G per Transit VIF Transit Gateway

Bottom Line: Choose Transit Gateway

Even for single VPC scenarios, Transit Gateway provides better scalability, future-proofing, and operational simplicity.

1 / 5