...

What are the physical details of Cornell's Direct Connect to AWS?

The primary DC connection is a 1Gbit/s connection. The backup connection is a 200Mbit/s connection. They use geographically separate routes to reach AWS.

Is the DC monitored?

Yes. The CIT Infrastructure Team monitors the performance and utilization of the primary and secondary links. You can monitor it yourself too using these URLs:

• Primary Cornell Direct Connect to AWS us-east-1: http://mrtg.cit.cornell.edu/wan/WorkDir/aws1-mx.512.html
• Backup Cornell Direct Connect to AWS us-east-1: http://mrtg.cit.cornell.edu/wan/WorkDir/aws2-mx.513.html

Can the DC bandwidth be increased if utilization becomes heavy?

Yes, there is an upgrade path should that become necessary.

We upgraded the secondary path from 100Mbits/s to 200Mbits/s in November 2019.

Both the two Direct Connect connections are 1Gbps. These connections run in an active-active configuration.

Is Direct Connect monitored?

Yes, both the CIT Cloud and Networks teams monitor the Direct Connect and will be alerted when either connection fails.

Since the pre-2023 Direct Connect architecture utilized campus-based hardware, the traffic volume of those connections were easily viewed on Cornell's MRTG tool. Since the 2023 migration to I2CC as the Direct Connect vendor, MRTG cannot show the DC traffic. Let us know if you really, really need to see these metrics.As of August 2021, we have had only once instance where the primary Direct Connect circuit was briefly saturated with AWS-bound traffic. It looked like this (blue is AWS-bound, green is campus-bound):
Image Removed

What are the requirements for using Direct Connect?

Your AWS VPC VPCs to be connected to Direct Connect must be using a Cornell private network registered in DNSDB and allocated specifically to your group by the Network Engineering and Cloud teams.an officially allocated CIDR block from Cornell's private network. Normally, when a Cornell AWS customer requests Direct Connect, the Cloud Team will allocate a CIDR from Cornell's private network  and create a brand new VPC using that CIDR. 

What traffic is routed through the DC?

...

The configuration for Cornell campus traffic routed through Direct Connect to your VPC can be altered should your needs change in the future.  Moving among the routing options ("RFC 1918", "All-Campus", "Hybrid") may require a review of your subnet route tables to ensure a smooth transition without any negative side-effects.

I got a notice from AWS about maintenance for my Direct Connect connection. Will connectivity be down during that maintenance window?

No. During maintenance outages of the primary Direct Connect physical connection, Direct Connects for AWS account will automatically use the secondary Direct Connect connection.

Is there a Disaster Recovery Plan for our Direct Connect connectivity?

There is no specific DR Disaster Recovery plan for our Direct Connect connectivity, beyond . We rely on the high availability configuration we now have. We are seeking information from the leased line providers to see how fast they would be able to upgrade our current 100Mbit/s secondary connection to 1Gbit/s if our primary Direct Connect path fails and is expected to be offline for a while. Note too, that since the current Direct Connect lines are piped baked into the design of our Direct Connect architecture to weather individual connection failures. 

Both our I2CC Direct Connect connections are linked directly to the us-east-1 AWS region, our Direct Connect connectivity might be useless in a scenario that involves failure of that entire region. In the event of a regional failure of us-east-1, Direct Connect service may be interrupted. Our design does not include multi-region DC connectivity because a vast majority of Cornell AWS accounts using Direct Connect operate only in us-east-1.