[188001] in North American Network Operators' Group
Re: AWS Direct Connect - Peering VPCs to Tier 1's and MPLS
daemon@ATHENA.MIT.EDU (James Bensley)
Wed Mar 2 05:04:03 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CAM5sgfzTpQZ-2+F11HH9ew1XmyrHMCZ_p=QES2YPsJQ-3EDT6g@mail.gmail.com>
From: James Bensley <jwbensley@gmail.com>
Date: Wed, 2 Mar 2016 10:03:31 +0000
To: "North American Network Operators' Group" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On 1 March 2016 at 20:41, Michael O'Connor <moc@es.net> wrote:
> Jay,
>
> VPC is supported over IPsec if your public path is sufficient into the AWS
> cloud.
^ This.
I work for a DirectConnect provider, albeit in the UK though. We have
fibre links to a AWS edge routers and we have multiple customers
seperated by VLANs over a fibre link, each terminating into different
VRFs on our edge and the AWS edge. For each customer we have an eBGP
session with a virtual gateway that lives inside the customer's VPC
domain.
Also for each customer they have backup tunnels using IPSec over the
Internet. Again we run eBGP over the IPSec tunnels to the virtual
gateway inside each customers VPC domain.
"just works".
James.
