| Table of Contents |
|---|
...
Introduction
AWS Direct Connect is a service that Cornell uses to extend the private Cornell network into Cornell AWS accounts, giving VPCs connectivity to the entirety of the private Cornell network (10.0.0.0/8) and optionally the Cornell public network (i.e., public CIDR blocks).
When Cornell AWS accounts need access to the Cornell network, a Cornell Standard AWS VPC is created in the Cornell AWS account and linked to the Cornell network using Direct Connect.
If you already have a Cornell AWS account and would like to add access to the Cornell private network to it, send a request to cloud-support@cornell.edu.
Cornell Direct Connect Documentation
| Children Display | ||||||
|---|---|---|---|---|---|---|
|
Announcements
- 2023-01-19 AWS Direct Connect Architecture Migration Completed
- 2023-01-16 AWS Direct Connect Architecture Migration Execution
- 2023-01-10 AWS Direct Connect Architecture Migration Customer Review and Feedback #2
- 2022-12-20 AWS Direct Connect Architecture Design Update
- 2022-12-15 AWS Direct Connect Architecture Migration Customer Review and Feedback
- 2022-12-09 AWS Direct Connect Architecture Migration Preparation Continues
- 2022-11-02 Upcoming AWS Direct Connect Changes
Beginning May 2016 Cornell AWS accounts are setup with AWS Direct Connect (DC) joining the campus 10-space network to the 10-space network in Cornell Standard AWS VPCs. Prior to that accounts were setup with VPN connection back to campus.
FAQs
Q: What is the difference in performance between the Direct Connects and a VPN connection.
A: We don't have tons of data on that. Generally, we find that overall realized speed is similar between VPN and DC connections, but that the DC connection has less variability. Here's an example:
- VPN ping statistics:
rtt min/avg/max/mdev = 17.749/18.319/19.348/0.458 ms - DC ping statustics:
rtt min/avg/max/mdev = 14.873/15.005/15.188/0.139 ms Seehttps://en.wikipedia.org/wiki/Ping_(networking_utility) for interpreting ping output.
- VPN ping statistics:
Q: What are the physical details of Cornell's Direct Connect to AWS?
A: The primary DC connection is a 1Gbit connection. The backup connection is a 100Mbit connection. They use geographically separate routes to AWS.
Q: Is the DC monitored?
A: Yes. The CIT Infrastructure Team monitors the performance and utilization of the primary and secondary links.
Q: Can the DC bandwidth be increased if utilization becomes heavy?
A: Yes, there is an upgrade path should that become necessary.
Q: What traffic is routed through the DC?
A: For Cornell AWS accounts on the DC, only 10-space traffic is routed from on-campus to 10-space addresses in Cornell Standard AWS VPCs. This means that traffic from servers and clients with public campus IP addresses cannot access the 10-space networks in a Cornell Standard AWS VPC. In some circumstances the DC can be configured to route both campus 10-space and all campus public IPs through the DC. Please contact cloud-support@cornell.edu for details about the impact of this special configuration option.
Q: Can Cornell AWS accounts configured to use a VPN connection be upgraded to use the DC?
...