...

draw.io source: direct-connect-migration-process.v2.drawio

Phase	Stage	Timeframe	Status	Activity	Impact on Cornell AWS Account VPC Networks
Preparation	Data Collection	November 2022		Gather information about Direct Connect resources and connected VPCs in Cornell AWS accounts	none
	Resource Tagging	14 Dec 2022		Add tags to existing resources in customer accounts to assist with targeting, identification, status, intended disposition	none
	Resource Groups			Create Transit Gateway in CIT AWS account Create Resource Groups for resources involved in the migration in customer accounts	none
	Customer Input #1	15 Dec 2022 - 02 Jan 2023		Cornell AWS account owner/admin review Cornell AWS account owner/admin feedback solicited	none
Migration	Transit Gateway Attachments	03 Jan 2023 - 06 Jan 2023		Utility Subnets Transit Gateway Attachments created in customer accounts v2 Route Tables created in customer accounts NACLs for Utility Subnets	none
	Customer Input #2	09 Jan 2023 - 13 Jan 2023		Cornell AWS account owner/admin review Cornell AWS account owner/admin feedback solicited Route Table and/or TGW Attachments adjusted according to customer input	none
	VPC Routing Updated	Originally Jan 16, but that is MLK day. So, 17 Jan 2023		v2 Route Tables activated v1 Route Tables deactivated	VPC-to-campus traffic will be routed through the v2 architecture
	Campus Direct Connect Routes Updated	18 Jan 2023		Campus-side routing updated to begin using the v2 architecture for campus-to-AWS traffic	campus-to-VPC traffic will be routed through the V2 architecture
Cleanup	Customer Account Cleanup	23 Jan 2023 - 31 Jan 2023		VGWs and DC VIFs in customer accounts deleted	none
	Campus Direct Connect Cleanup			Campus Direct Connect resources deleted or decommissioned	none

Anchor
custom-schedul custom-schedul

Alternate Migration Days

Customers have the option to request that migration for their VPC(s) occur during the week of Jan 9-13 instead of the default migration dates of January 17 and 18. This is especially encouraged for customers that have a separate sandbox or development VPC that needs to be migrated. We can also support taking both migration steps on the same alternate day, but we'd like to leave a 1-4 hour gap between migration steps to confirm that the "VPC Routing Updated" step was successful before continuing to the "Campus Direct Connect Routes Updates" step.

Anchor
rollback rollback

Rollback

Both the "VPC Routing Updated" and the "Campus Direct Connect Routes Updated" steps have simple rollback stepsmechanism. If you discover problems with networking in your VPC after either step and think the change needs to be rolled back, send an email to cloud-incident@cornell.edu and ping Paul Allen (pea1) on Teams.

FAQs

How do I tell if my AWS account will be affected by this change?

The list of AWS accounts affected by this migration is here: Cornell AWS Accounts Affected by 2023 Direct Connect Architecture Migration

You will receive multiple emails to the email address associated with the root user of your Cornell AWS account. These emails will make announcements and ask for your input during the migration process. 

Will there be any interruption in Direct Connect connectivity during this migration?

As of 09 Dec 2022, our testing indicates that we should be able to complete this migration without any interruption in overall Direct Connect connectivity. However we cannot guarantee this for individual VPCs. If interruptions occur, they should be brief (minutes, not hours).

How will this change affect my AWS account costs?

Cornell AWS accounts will not experience substantive differences in charges between v1 and v2 architecture. A new $36/mo charge for each VPC connected to the v2 architecture is billed directly to a CIT KFS account.

For more details, please see the Costs section above.

• The rollback for the "VPC Routing Updated" step is to reassign the original Route Tables to the public and private subnets. This will rollback takes effect immediately.
• The rollback for the "Campus Direct Connect Routes Updated" step is to the cancel the failover of the Direct Connect Virtual Interfaces that we triggered to initial the campus routing updates. This rollback takes 5-20 minutes to complete. 

FAQs

How do I tell if my AWS account will be affected by this change?

The list of AWS accounts affected by this migration is here: Cornell AWS Accounts Affected by 2023 Direct Connect Architecture Migration

You will receive multiple emails to the email address associated with the root user of your Cornell AWS account. These emails will make announcements and ask for your input during the migration process. 

Will there be any interruption in Direct Connect connectivity during this migration?

As of 09 Dec 2022, our testing indicates that we should be able to complete this migration without any interruption in overall Direct Connect connectivity. However we cannot guarantee this for individual VPCs. If interruptions occur, they should be brief (minutes, not hours).

How will this change affect my AWS account costs?

Cornell AWS accounts will not experience substantive differences in charges between v1 and v2 architecture. A new $36/mo charge for each VPC connected to the v2 architecture is billed directly to a CIT KFS account.

For more details, please see the Costs section above.

Does this Does this change affect VPC peering?

...

When, specifically, will this migration occur?

...

See detailed schedule above.

Is there any flexibility in migration dates?

Yes. See Alternate Migration Days above.

Can the migration be rolled back?

Yes. Each of the two active migration steps ("VPC Routing Updated" and "Campus Direct Connect Routes Updated") can be individually rolled back for each migrating AWS VPC. See Rollback above.

What if I use Terraform or a similar tool to manage the network resources in my AWS account?

...