Versions Compared

Old Version 91

changes.mady.by.user Paul Allen

Saved on

compared with

New Version Current

changes.mady.by.user Paul Allen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Warning

This page is being retained for historical purposes, but is no longer maintained. All relevant Direct Connect information about the current (2023 and after) Direct Connect architecture has been migrated to primary customer Direct Connect documentation, Cornell AWS Direct Connect.


Info

Executive Summary

  • Cornell AWS accounts using Direct Connect will be migrated to a new network architecture in January 2023.
  • This new architecture simplifies Direct Connect configuration and management, and improves Direct Connect bandwidth and flexibility.
  • The migration process is designed to avoid interruption of Direct Connect connectivity, how brief interruptions may occur. 
  • Cornell AWS account owners/administrators will be solicited for feedback directly via email several times throughout this process. But, in most cases, this input is not required for the migration to proceed.
    • AWS accounts having VPCs using Direct Connect and with numerous subnets and route tables, or where network resources are configured by infrastructure-as-code will need to provide input to complete this migration.
  • While line items for charges to Cornell AWS accounts will change between the old and new Direct Connect architectures, the overall change in cost is negligible.
    • CIT will be paying for new costs of ~$36/mo for each customer VPC connected the new Direct Connect architecture.

...

The AWS Transit Gateways used in the v2 architecture require different routing rules than the Virtual Private Gateways (VGW) used in the v1 architecture. Each VPC Route Table that references a Virtual Private Gateway will be duplicated and, in the new Route Table, rules referencing a VGW will be replaced  with rules referencing a TGW Attachment. These The new Route Tables will not include "blackhole" routes (i.e. routes to resources, like old peering connections, that no longer exist) from the original Route Tables.


These new Route Tables will be created prior to the migration, but will not actually be be created prior to the migration, but will not actually be utilized until the migration is executed. When migration is executed, subnets associated with the v1 Route Tables will be re-associated to the corresponding v2 Route Tables. Similarly, if the "main" Route Table for the VPC references a VGW, the corresponding v2 Route Table will be set as the "main" Route Table for the VPC.

...

VPC Routing

Originally Jan 16, but that is MLK day. So,

PhaseStageTimeframeStatusActivityImpact on Cornell AWS Account VPC Networks
Preparation

Data CollectionNovember 2022(tick)
  • Gather information about Direct Connect resources and connected VPCs in Cornell AWS accounts
none
Resource Tagging

 

(tick)
  • Add tags to existing resources in customer accounts to assist with targeting, identification, status, intended disposition
none
Resource Groups(tick)
  • Create Transit Gateway in CIT AWS account
  • Create Resource Groups for resources involved in the migration in customer accounts
none
Customer Input #1

-  

(tick)
  • Cornell AWS account owner/admin review
  • Cornell AWS account owner/admin feedback solicited
none
Migration

Transit Gateway Attachments

-  

(tick)
  • Utility Subnets
  • Transit Gateway Attachments created in customer accounts
  • v2 Route Tables created in customer accounts
  • NACLs for Utility Subnets
none
Customer Input #2

-  

(tick)
  • Cornell AWS account owner/admin review
  • Cornell AWS account owner/admin feedback solicited
  • Route Table and/or TGW Attachments adjusted according to customer input
none
v2 BGP Updated

7am

(tick)
  • v2 Direct Connect infrastructure will have BGP configuration changed to begin advertising new routes via I2CC
Azure-to-AWS-VPC traffic may begin to use the v2 architecture (in just the one direction). This is limited only to Azure-to-AWS-VPC traffic due to Cornell's network architecture. 
VPC Routing Updated

9am

(tick)
  • v2
 
  • v2 Route Tables activated
  • v1 Route Tables deactivated
  • VPC-to-campus traffic will be routed through the v2 architecture
  • Azure-to-AWS-VPC traffic may use the v2 architecture.
Campus Direct Connect Routes Updated

  9am

(tick)
  • Direct Connect Virtual Interfaces in customer accounts will be disabled. This causes  DC traffic Campus-side routing updated to begin using the v2 architecture for campus-to-AWS traffic
  • campus-to-VPC traffic will be routed through the V2 architecture
  • all Azure-to-AWS-VPC traffic will be routed through the v2 architecture
CleanupCustomer Account Cleanup

-  

(tick) 
  • VGWs and DC VIFs in customer accounts deleted
none
Campus Direct Connect Cleanup(tick)
  • Campus Direct Connect resources deleted or decommissioned
none

...

...