© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

Cloud Architecture with AWS Direct Connect

Steve Carter, Solutions Architect, AWS

Roger Greene, Sr. Director of Cloud Connect Solutions, Level 3

November 15, 2013

Agenda

• Introduction

• Technical overview

• Global telecommunications

• Architecting AWS Direct Connect

• Customer use cases

• Questions

Introduction

What is AWS Direct Connect?

Corporate Data Center

AWS Cloud

Virtual Private Cloud

1 Gbps

10 Gbps

Amazon SES Amazon Glacier

Elastic Beanstalk SQS

HDFS Amazon Redshift EC2

Direct

Connect

Why use AWS Direct Connect?

Reduces your

bandwidth costs • Consistent cost at $0.02 /

GB for data leaving US-

East-1.

• Costs vary between

regions

$0.000

$0.050

$0.100

$0.150

First 10TBNext 40TB

Next100TB Next

350TBDirect Connect

Internet

Why use AWS Direct Connect?

• Consistent network performance – With AWS Direct Connect, you choose the data that utilizes the

dedicated connection and how that data is routed. Doing so can provide a more consistent network experience over Internet-based connections.

Why use AWS Direct Connect?

• Elastic

– AWS Direct Connect makes it easy to meet your needs. AWS Direct Connect provides

private lines, and you can easily provision multiple connections if you need more capacity.

Archival and Backup

EU-West-1

Amazon S3

Virtual Private Cloud

Amazon EMR

Premises

DX Facility

Amazon Redshift

Amazon

Glacier

Amazon

EC2

Big Data

EU-West-1

Amazon S3

Virtual Private Cloud

Amazon EMR

Premises

DX Facility

Amazon Redshift

Amazon

Glacier

Amazon

EC2

Custom Appliances

EU-West-1

Amazon S3

Virtual Private Cloud

Amazon EMR

Premises

DX Facility

Amazon Redshift

Amazon

Glacier

Amazon

EC2

Video and Voice

EU-West-1

Amazon S3

Virtual Private Cloud

Amazon EMR

Premises

DX Facility

Amazon Redshift

Amazon

Glacier

Amazon

EC2

What do I do next?

Technical

Overview

AWS Direct Connect Facilities AWS Direct Connect Location AWS Region

CoreSite 32 Avenue of the Americas, NY US East (Virginia)

CoreSite One Wilshire & 900 North Alameda, LA US West (Northern California)

Equinix DC1 - DC6 & DC10 - DC11 US East (Virginia)

Equinix SV1 & SV5 US West (Northern California)

Equinix SE2 & SE3 US West (Oregon)

Equinix SG2 Asia Pacific (Singapore)

Equinix SY3 Asia Pacific (Sydney)

Equinix TY2 Asia Pacific (Tokyo)

Eircom, Clonshaugh EU West (Ireland)

TelecityGroup, London Docklands’ EU West (Ireland)

Terremark NAP do Brasil South America (Sao Paulo)

AWS Direct Connect Partners • You are not required to use an AWS Direct Connect partner.

• Any network provider that can reach the AWS Direct Connect facility can provide service, so long as the handoff to AWS is Ethernet and meets the technical requirements.

• For a complete list, go to http://aws.amazon.com/directconnect/partners

Roger Greene

Sr. Director, Cloud Connect Solutions

So What’s the Network Got to Do with It?

Application Sensitivity to Network Performance

Required

BW

Elasticity Sensitivity to

Errors

Latency

Sensitivity

Jitter

Sensitivity

Email

Voice (TDM)

Voice (IP)

Web Browsing (non-critical)

Web Browsing (SaaS)

Video Conferencing

Telepresence

Remote Workers

Streaming Media

Storage Area Networks

Server Virtualization (WAN)

Unified Communications

Very Low Very High

= Bandwidth per Flow

Network Needs of Virtualization Activities

Flow Duration

Qu

ality

of

Serv

ice

Sen

sit

ivit

y

Data Storage Migration

Virtual Machine Migration

Data Storage Update

Distributed v-App

Inter VM-traffic

Latency Impact on Throughput

0

200

400

600

800

1,000

1,200

1,400

1,600

1,800

TC

P T

hro

ug

hp

ut

(Mb

ps) RTT = 5ms

RTT = 10ms

RTT = 20ms

RTT = 30ms

Packet Delivery Ratio %

Typical Gold

SLA for

IP/MPLS-VPN

Target

minimum

flow rate

Source: Ciena

Network Performance Impact on VMM Completion

Co

mp

leti

on

Tim

e (

secs)

Co

mp

leti

on

Tim

e (

secs)

Bandwidth Effect on VMM Pause

Time

Client-Server Business App Development Workload

Retail Web Server w/ 600 Users

100

Latency Effect on VMM

Completion Time

RTT latency (msec)

• VM size: 2 GB

• Memory churn: 10 MBps

Loss %

• 10 msec RTT latency

• 20 msec RTT latency

• VM size: 2 GB

• Memory churn: 100 MBps

Loss Effect on VMM

Completion Time

24 %

increase

32 %

increase

Pa

us

e T

ime

(secs)

Source: Ciena

Not All Networks Are Created Equal

Public Internet Private Network High-Performance

Private Network

Things to Think about When Designing Your Network

NEARLY $6.4 BILLION REVENUE

10,000+ EMPLOYEES

APPROXIMATELY 180,000 ROUTE MILES OF FIBER NETWORK

CONNECTING 55+ COUNTRIES ON 5 CONTINENTS

APPROXIMATELY 350 MULTITENANT DATA CENTERS

26.8 TB+ GLOBAL IP AND CDN CAPACITY

MORE THAN 13 B MINUTES PER MONTH IN VoIP TRAFFIC

© 2012 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.

Who Is Level 3

Building blocks on which many of the

world’s most ubiquitous cloud services

and private networks run

Local-to-global connectivity and

portfolio of network, security and

optimization services to help

enterprises connect private, public

and hybrid clouds

Communication and media delivery

services built into our network to

help enterprises collaborate, move,

store and protect critical information

Connect to Clouds Deliver over the Cloud Build Clouds

Level 3 Helps Enable the Cloud

Colocation & Data Center

Professional Services

Dedicated Private Networks

Virtual Private Networks

Internet Services

Dynamic Enterprise Compute

Application Performance Solutions

CDN, Storage

Voice Complete

Cloud Content Exchange

Video Cloud

Security Solutions

Contact Center Services

Carrier Cloud Voice

Improved Performance Greater Security Ultimate Flexibility

Deliver cloud-based

mission critical applications

more quickly and without

interruption with Level 3’s

highly redundant fiber

network, low latency offers,

and class of service

guarantees.

Entrust your business’s

proprietary information to

the cloud with Level 3’s

private network and

comprehensive portfolio of

security services.

Choose the cloud services

that meet your business

needs (without forcing you

into an outmoded

technology or restrictive

service bundle). Tap into

bandwidth dynamically,

pay only for what you

consume.

Global Connectivity Reduced Costs

Connect offices

around the world to

the local cloud and

data center resources

needed to run

mission critical

applications.

Turn up new

connections and scale

bandwidth quickly and

efficiently. Minimize up-

front capital

expenditures and lower

your cost per unit by

utilizing shared

infrastructure.

A private network ecosystem for enterprises and government to connect with leading cloud and data center providers around the world

Level 3 Cloud Connect Solutions

AWS Direct Connect Partner

Technical

Overview

Continued

Submit the Request

Complete the Cross Connect

AWS will send you an email within 72 hours with a letter of authorization and

connecting facility assignment (LOA-CFA).

Amazon Virtual Private Cloud You need the following information:

• A new, unused VLAN tag that you

select

• A public or private BGP ASN. If

you are using a public ASN you

must own it. If you are using a

private ASN, it must be in the

65000 range.

• The VPC Virtual Private Gateway

(VGW) ID.

• ID Number of your Virtual Local

Area Network.

AWS Public Services You need the following information:

• A new, unused VLAN tag that you

select.

• A public or private BGP ASN. If you

are using a public ASN you must

own it. If you are using a private

ASN, it must be in the 65000 range.

Sharing Is Caring

Configure Your Router

Architecting

AWS Direct Connect

Design for Failure

Everything fails, all the time. – Dr. Werner Vogels, CTO

Design for Failure

• Active-Active (BGP multipath). Network traffic is load

balanced across both connections. If one connection

becomes unavailable, all traffic is routed through the other.

This is the default configuration.

• Active-Passive (failover). One connection is handling

traffic, and the other is on standby. If the active connection

becomes unavailable, all traffic is routed through the

passive connection.

AWS Cloud

AWS

DynamoDB

Design for Failure router bgp 65001 neighbor 10.1.0.2 remote-as 65200 neighbor 10.1.0.2 description Backup neighbor 10.1.0.2 route-map prepend out route-map prepend permit 10 set as-path prepend 65001 65001 65001

router bgp 1 maximum-paths 4 Active-Active

Active-Passive

Design for Failure

Utilization <= 50%

Design for Security

Corporate Data Center

AWS Virtual Private Cloud

Region

Amazon RDS DB Instance

Private Connection

Direct to Amazon VPC Users

Availability Zone

Availability Zone

Amazon RDS DB Standby

(Multi-AZ)

Amazon SQS

Amazon

Elastic

Transcoder

Design for Security

Corporate Data Center

AWS Virtual Private Cloud

Region

Additional Security

via IPSEC VPN Users

Availability Zone

Availability Zone

VPN Gateway VPN (IPSEC)

Amazon RDS DB Instance

Amazon RDS DB Standby

(Multi-AZ)

Amazon SQS

Amazon

Elastic

Transcoder

Design for Security

Corporate Data Center

AWS Virtual Private Cloud

Region

Monitor your network

traffic in and out Users

Availability Zone

Availability Zone

VPN Gateway VPN (IPSEC)

IDS

Amazon RDS DB Instance

Amazon RDS DB Standby

(Multi-AZ)

Amazon SQS

Amazon

Elastic

Transcoder

Customer Use Case

Zadara Storage

Availability Zone X

AWS Region A

Availability Zone X

AWS Region N

Zadara Cloud A Zadara Cloud N

Secure remote replication

Zadara via AWS Direct Connect

Availability Zone Y Availability Zone Y

AWS

Direct

Connect

AWS

Direct

Connect

San Jose

& N. Va.

Tokyo

Dublin

L.A.*

*coming soon

Zadara/AWS Direct Connect Factoids

• 100Gb of combined dedicated bandwidth – 4x10Gb lanes in East

– 2x10Gb at other locations (US West 1, EU West 1 and AP Northeast 1)

– Each region is Active/Active for high availability

• Total separation among customers, via VLANs

• Maintained zero downtime in 2 years

• Moved ~225TB in October

• Exceeding 50 VIFs per lane

• Thanks to VIF API, onboarding new users in 5 minutes

Representative Traffic in US East

Find Out More STG401 – NFS and CIFS Options for AWS

10:15am – 11:15am in Venetian B

Questions?

Come Talk to Us!

Level 3 booth in AWS Partner Central

AWS in Developer Lounge

Please give us your feedback on this

presentation

As a thank you, we will select prize

winners daily for completed surveys!

ARC304