You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Introduction

The management and routing simplification offered by the v2 (2023) architecture comes with a shift in costs seen by Cornell AWS accounts using Direct Connect, but the overall impact to Cornell AWS account costs are negligible.

V1 Architecture (pre-2023)

Cornell AWS accounts using Direct Connect saw these Direct Connect-related charges in the pre-2023 architecture:

  • FREE
    • Bandwidth charges from traffic TO VPCs, FROM campus is free.
  •  CUSTOMER COST
    • Bandwidth charges for traffic FROM VPCs TO campus using the Direct Connect is charged at $0.02/GB. This cost was born by each Cornell AWS account using Direct Connect in the pre-2023 architecture.

V2 Architecture (2023 and beyond)

Cornell AWS accounts using Direct Connect see these Direct Connect-related charges in the 2023 architecture:

  • FREE
    • Bandwidth for traffic FROM the Transit Gateway TO VPCs is free.
  • FREE to Cornell AWS Accounts
    • Every VPC connected to the Transit Gateway is charged $0.05/hr by AWS. These charges will appear in customer AWS account invoices, but the charges will be paid for by CIT since a Cost Center tag on the Transit Gateway attachment automatically will automatically direct those charges to a CIT KFS account.
  • CUSTOMER COST
    • Bandwidth charges for traffic FROM VPCs TO the Transit Gateway is $0.02/GB. This cost is born by the customer and the magnitude of the charge will be similar to the Direct Connect egress charges born by the customer in the v1 architecture.

Costs of Peering Versus Transit Gateway Use

Since the 2023 Direct Connect architecture fully interconnects all VPCs using Direct Connect (i.e., attached to the Transit Gateway), individual peering between VPCs is no longer technically necessary. However, since VPC peering has no cost, and traffic between two VPCs using the Transit Gateway does have a cost, VPC peering has a place in Cornell AWS networking in certain situations.

When to Setup Peering

  • High-volume data transfer
  • Ultra-low latency data transfer – Traffic using peering connections makes exactly one hop. Traffic using a Transit Gateway makes about four hops.
  • When Security Groups in one VPC need to reference Security Groups in the peered VPC. – Transit Gateway connectivity does not support cross-VPC Security Group references.
  • When one of the VPCs is not connected to the Transit Gateway (and thus not using Direct Connect).
  • When both VPCs reside in AWS account(s) that you own, and your team has expertise the to setup peering.

When to Avoid Peering

  • transient data transfer
  • development or experimental workloads
  • low- and medium-volume data transfer


  • No labels