Versions Compared

Old Version 104

changes.mady.by.user Paul Allen

Saved on

compared with

New Version Current

changes.mady.by.user Paul Allen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

This documentation is in transition. It is be cannibalized to create new, final documentation about the v2 Direct Connect Architecturepage is being retained for historical purposes, but is no longer maintained. All relevant Direct Connect information about the current (2023 and after) Direct Connect architecture has been migrated to primary customer Direct Connect documentation, Cornell AWS Direct Connect.


Info

Executive Summary

  • Cornell AWS accounts using Direct Connect will be migrated to a new network architecture in January 2023.
  • This new architecture simplifies Direct Connect configuration and management, and improves Direct Connect bandwidth and flexibility.
  • The migration process is designed to avoid interruption of Direct Connect connectivity, how brief interruptions may occur. 
  • Cornell AWS account owners/administrators will be solicited for feedback directly via email several times throughout this process. But, in most cases, this input is not required for the migration to proceed.
    • AWS accounts having VPCs using Direct Connect and with numerous subnets and route tables, or where network resources are configured by infrastructure-as-code will need to provide input to complete this migration.
  • While line items for charges to Cornell AWS accounts will change between the old and new Direct Connect architectures, the overall change in cost is negligible.
    • CIT will be paying for new costs of ~$36/mo for each customer VPC connected the new Direct Connect architecture.


Table of Contents

...

Introduction

Excerpt

This document provides details about the Direct Connect architecture migration Cornell will be executing in early 2023.

Rationale

Cornell AWS accounts using  Direct Connect  for private access to Cornell networks will be transitioned to using  Internet 2 Cloud Connect  (I2CC) as the Direct Connect provider. 

The Internet 2 Direct Connect provider offers several benefits:

  • Consolidating and simplifying configuration and management of Direct Connect for Cornell AWS accounts
  • Improving flexibility and bandwidth of Direct Connect connectivity
  • Allows private Cornell network traffic in AWS and Azure to flow between those clouds without transiting campus

Scope

As of , 65 Cornell AWS accounts were configured to use Direct Connect. During this migration, all those AWS accounts will have their existing Direct Connect connectivity updated to use new pathways and AWS resources to connect the Cornell campus network to AWS. 

...

PhaseStageTimeframeStatusActivityImpact on Cornell AWS Account VPC Networks
Preparation

Data CollectionNovember 2022(tick)
  • Gather information about Direct Connect resources and connected VPCs in Cornell AWS accounts
none
Resource Tagging

 

(tick)
  • Add tags to existing resources in customer accounts to assist with targeting, identification, status, intended disposition
none
Resource Groups(tick)
  • Create Transit Gateway in CIT AWS account
  • Create Resource Groups for resources involved in the migration in customer accounts
none
Customer Input #1

-  

(tick)
  • Cornell AWS account owner/admin review
  • Cornell AWS account owner/admin feedback solicited
none
Migration

Transit Gateway Attachments

-  

(tick)
  • Utility Subnets
  • Transit Gateway Attachments created in customer accounts
  • v2 Route Tables created in customer accounts
  • NACLs for Utility Subnets
none
Customer Input #2

-  

(tick)
  • Cornell AWS account owner/admin review
  • Cornell AWS account owner/admin feedback solicited
  • Route Table and/or TGW Attachments adjusted according to customer input
none
v2 BGP Updated

7am

(tick)
  • v2 Direct Connect infrastructure will have BGP configuration changed to begin advertising new routes via I2CC
Azure-to-AWS-VPC traffic may begin to use the v2 architecture (in just the one direction). This is limited only to Azure-to-AWS-VPC traffic due to Cornell's network architecture. 
VPC Routing Updated

9am

(tick)
  • v2 Route Tables activated
  • v1 Route Tables deactivated
  • VPC-to-campus traffic will be routed through the v2 architecture
  • Azure-to-AWS-VPC traffic may use the v2 architecture.
Campus Direct Connect Routes Updated

9am

(tick)
  • Direct Connect Virtual Interfaces in customer accounts will be disabled. This causes  DC traffic to begin using the v2 architecture for campus-to-AWS traffic
  • campus-to-VPC traffic will be routed through the V2 architecture
  • all Azure-to-AWS-VPC traffic will be routed through the v2 architecture
CleanupCustomer Account Cleanup

-  

(tick) 
  • VGWs and DC VIFs in customer accounts deleted
none
Campus Direct Connect Cleanup(tick)
  • Campus Direct Connect resources deleted or decommissioned
none

...

  • The rollback for the "VPC Routing Updated" step is to reassign the original Route Tables to the public and private subnets. This will rollback takes effect immediately.
  • The rollback for the "Campus Direct Connect Routes Updated" step is to the cancel the failover of the Direct Connect Virtual Interfaces that we triggered to initial the campus routing updates. This rollback takes 5-20 minutes to complete. 

...

FAQs

How do I tell if my AWS account will be affected by this change?

...

...