During re:Invent 2021, AWS announces a new Direct Connect feature named SiteLink. I had the opportunity to test it as an early beta customer. Whereas AWS Direct Connect provides network connectivities between on-prem and AWS cloud, SiteLink offers the support to connect your on-prem locations. At a high level, it can be considered as an alternative to your familiar MPLS service.
Typical Hybrid Cloud InterConnect
Figure 1 illustrates a common high resiliency network setup for AWS cloud migration. You have two private data centers which are interconnected through redundant L2/L3 WAN links. As you migrate workloads to AWS, multiple DX connections are provisioned at both data centers and connect to two AWS regions.
As workloads gradually shift to the cloud, you start noticing significant changes in traffic patterns. Network traffic between private data centers is not as high as it used to be. Is it possible to reduce WAN capacity for cost-saving and still maintain desired SLA? One option is to utilize your network investment on AWS Direct Connect to route inter-DC traffic over the AWS network. It is technically possible but lots of hassle. As Direct Connect Gateway (DXGW) doesn’t support transit, you would need two separated DXGWs. Since TGW peering doesn’t support dynamic routing protocol yet, it’s challenging to dynamically failover between this AWS path and private WAN path. Additional network latency is introduced because traffic needs to transverse through extra network hops like TGW and so on. Lastly, there is also extra AWS cost from this approach.
Data Center InterConnect with SiteLink
The new Direct Connect SiteLink service simplifies customer site-to-site network connectivity dramatically. With a few GUI clicks or API calls, you can bring up a new inter-DC network path utilizing the existing DX investment.
Advantages of SiteLink
Security
Securing data in transit has become an important consideration, or requirement, for many enterprises. A multi-level encryption approach is suggested that includes both network and application layers. It offers a stronger defense against attacks. MPLS does not offer native encryption. Direct Connect SiteLink makes it possible to have an encrypted network path at the network layer. First, AWS Direct Connect offers MACsec encryption between customer edges and AWS edges. Once traffic gets on AWS backbone, it is automatically encrypted at the physical layer before it leaves AWS secured facilities.
SD-WAN arguably can also support encryption at the network layer. However, SD-WAN solutions typically do not offer enough bandwidth at a reasonable price.
Availability
I had experience with a number of telco service providers. AWS seems to be the most reliable one with the exception of the telco network I used to manage. 🙂
Bandwidth on Demand and Better Lead Time
It only needs a few clicks to provision SiteLink. Assuming you have existing DX connections already, you can have a new site-to-site network path up and running within minutes.
Even if you do not have DX yet, ordering DX takes a much shorter lead time than MPLS or private circuits.
Easy Network Segmentation
In case you need to connect different VRFs on your routers for network segmentation, you can simply light up new VIFs for SiteLink.
Visibility
AWS Direct Connect offers quite a bit of telemetry information that covers SiteLink as well.
Coverage
AWS network has a global footprint. You can create or augment a global network that connects your data centers, branches and partners quickly.
Customer Support
“Customer Obsession” is the top one on AWS leadership principle. It is manifested in my experiences working with AWS support, account, and other teams. Their first-line support teams are knowledgeable and responsive. Having said that, I haven’t had much need to use their support at first place.
Some Additional Thoughts
Enterprise on-prem data centers used to be central network hubs. With Cloud migration, public cloud infrastructures are introduced. Now you have a mesh of hub locations to interconnect. Cloud Providers have been offering solutions to connect on-prem Datacenters to Cloud. Now AWS SiteLink is another step forward from Cloud Providers to connect customers’ on-prem locations. Will that change the landscape of Telco MPLS? Let us wait and see. Your traffic might still run on Telco’s network behind the scene but your direct relationship could be shifted to Cloud Providers.
What makes me feel excited, under Software Defined Everything context, is the programmability of network services from Cloud Providers. For traditional MPLS vendors, there are phone calls/support cases between me and the network services I’m using, even there’s not much I can change anyway. With Cloud network, what between me and my network is API calls. Once I have physical connections in place, I have a lot more control of my network topology in a self-service way. AWS SiteLink gives me another lego block in my box.
