As of this page is under development. Contact Paul Allen with questions.
Introduction
This document provides details about the Direct Connect architecture migration we will be executing in early 2023.
Scope
As of , 65 Cornell AWS accounts were configured to use Direct Connect. During this migration, all those AWS accounts will have their existing Direct Connect connectivity updated to use new pathways and AWS resources to connect the Cornell campus network to AWS.
Nomenclature
We use the following terminology:
- Version 1 (v1) architecture – This is the network architecture used by Cornell AWS Direct Connect networking prior to the 2023 migration.
- Version 2 (v2) architecture – This is the network architecture used by Cornell AWS Direct Connect networking after the 2023 migration.
- VPC – Virtual Private Cloud
- DC – Direct Connect
- TGW – Transit Gateway
- VGW – Virtual Private Gateway
FAQs
- How do I tell if my AWS account will be affected by this change?
- How will this change affect my AWS account costs?
- Does this change affect VPC peering?
- When, specifically, will this migration occur?
- What if I use Terraform or a similar tool to manage the network resources in my AWS account?
What Is Changing?
Before the migration is executed, a set of resources in Cornell AWS accounts will be tagged with details about the migration. In addition, a small set of new resources that support the v2 architecture will be created in Cornell AWS accounts.
New Resources
Resource Groups
New AWS resource groups collect references to relevant AWS account resources in one place (per Cornell AWS account) for easy reference and review:
Resources can and will appear in multiple resource groups!
- cit-dc-arch-migration-affected-resources – These resources will be directly affected by this migration. These resources include:
- new resources that support the v2 architecture
- resources that support the v1 architecture and will no longer be needed for the v2 architecture
- resources that will remain, but will have their configuration changed to support the v2 architecture
- cit-dc-arch-version-1-resources – All network resources that support or utilize the v1 architecture
- cit-dc-arch-version-2-resources – All newly-created resources that support the v2 architecture
After the v1 → v2 migration is complete, v1 resources will either be deleted (if they are not used in the v2 architecture) or relabeled as v2 resources (if they continue to be used in the v2 architecture).
Route Tables
The AWS Transit Gateways used in the v2 architecture require different routing rules than the Virtual Private Gateways (VGW) used in the v1 architecture. Each VPC Route Table that references a Virtual Private Gateway will be duplicated, and Route Table rules referencing a VGW are replaced with rules referencing a TGW Attachment.
These new Route Tables will be created prior to the migration, but will not actually be utlized until the migration is executed.
Transit Gateway Attachments
Transit Gateway Attachments are the way that VPCs are connect to Transit Gateways. The Transit Gateways we use in the v2 architecture reside in a central AWS account, and a TGW Attachment is what links the VPC in a Cornell AWS account to those central TGWs.
Unlike Virtual Private Gateways, TGW Attachments connect to specific subnets in a VPC. We will be making these TGW Attachments to private subnets in VPCs