AWS Direct Connect for PureCloud FAQ
Amazon Web Services (AWS) Direct Connect links a customer’s network to an AWS Direct Connect location over a 1-Gb or 10-Gb Ethernet fiber-optic cable. With this connection in place, you can create virtual interfaces directly to the AWS cloud, bypassing Internet service providers in your network path. An AWS Direct Connect location provides access to all AWS regions except AWS China (Beijing). For example, you can provision a single connection in AWS region us-east-1 and access public AWS services in region ap-southeast-2 using the Direct Connect connection. For more information about how you can filter AWS public IP prefixes, see “Does AWS set community strings?” on this page.
Does PureCloud support Direct Connect with private virtual interfaces?
No. AWS offers two types of virtual interfaces through Direct Connect. PureCloud only supports one type, a public virtual interface. The other virtual interface, private, allows connections directly into an AWS Virtual Private Cloud (VPC), and is not supported for PureCloud. For more information, see Set up AWS Direct Connect for use with PureCloud.
I already have a Direct Connect connection. Can I use it with PureCloud?
Yes. As noted previously, you cannot use an existing private virtual interface or a new private virtual interface because private virtual interfaces are not supported—PureCloud is only compatible with public virtual interfaces. If you want to use an existing connection, also ensure that there is enough bandwidth available on your Direct Connect connection to support both your current services and PureCloud’s services.
Is an AWS account required?
Yes. An AWS account is an Amazon.com account that can use AWS products. PureCloud does not provide this account. You need to either create your own Amazon.com account or use your own existing Amazon.com account for use with AWS Direct Connect. For more information about creating an AWS account, see Create AWS Account. Log in to AWS with this account to configure the AWS Direct Connect.
Does AWS offer redundant Direct Connect connections?
Yes. Each connection consists of a single dedicated connection between ports on your router and an Amazon router. If you require redundancy, then we recommend establishing a second connection. When you request multiple ports at the same AWS Direct Connect location, they are provisioned on redundant Amazon routers.
What traffic will go across a Direct Connect connection?
Any traffic that is destined for AWS public services. This traffic would include any traffic connecting to PureCloud services that are hosted out of AWS. Please note, any other services hosted out of AWS may also use this connection. For more information, see the question on this page, “Will I access other AWS hosted services besides PureCloud across the Direct Connect, for example Netflix, Workday, and Atlassian?”
Will I access other AWS hosted services besides PureCloud across the Direct Connect, for example Netflix, Workday, and Atlassian?
Yes. AWS advertises all its public IP prefixes, except for AWS China (Beijing), down the Direct Connect connection. For example, if you are trying to access Workday, and that connection is hosted out of any AWS region, then you will use the Direct Connect connection. For more information about how you can filter AWS public IP prefixes, see “Does AWS set community strings?” on this page.
If I am not located in an AWS Direct Connect Location, can I still get Direct Connect?
Yes. To do so, contact an AWS Partner Network Technology and Consulting Partner.
What costs are associated with Direct Connect?
There are port costs and data transfer out costs (there are no costs for data transfer in). For information about costs, see AWS Direct Connect Pricing.
Who should I contact for Direct Connect help?
Refer to Amazon’s documentation and either Amazon support or your APN Partner for help implementing Direct Connect. Direct Connect is an external service that we have tested for compatibility with PureCloud, but Direct Connect works independently of PureCloud.
What are the requirements for the connection?
1000BASE-LX or 10GBASE-LR connections over singlemode fiber using Ethernet transport. Your device must support 802.1Q VLANs.
What are the requirements for public virtual interfaces to public AWS services?
- A public or private autonomous system number (ASN). If you are using a public ASN, then you must own it. If you are using a private ASN, then it must be in the 64512–65535 range.
- A new unused VLAN tag that you select.
- Public IPs (/30 or /31) allocated by you for the BGP session. If you don’t have public IPv4 addresses available, then open an AWS support ticket.
What dynamic routing protocols are supported?
Currently, BGP is the only dynamic routing protocol supported.
Are private IP addresses (RFC 1918) allowed for communication with AWS services?
No. Private IP addresses are not allowed while using AWS Direct Connect with a public virtual interface. Also, 100.64.0.0/10 (RFC 6598) is not allowed.
What IP prefixes do I receive from AWS?
You receive all Amazon IP prefixes except those prefixes originating from China (Beijing). These prefixes include prefixes necessary to reach AWS services, and may include prefixes for other Amazon affiliates, including those of www.amazon.com. For the current list of prefixes advertised by AWS, see AWS IP Address Ranges.
What IP prefixes should I advertise to AWS?
Advertise appropriate public IP prefixes that you own over BGP. Traffic from AWS services destined for these prefixes will be routed over your AWS Direct Connect connection. You can advertise masks greater than the prefix provided to AWS during the virtual interface configuration. Example: You provide 126.96.36.199/24 as a prefix for the virtual interface. You can advertise the full /24 or you can advertise >= 25. The smallest network that Genesys tested was a /31.
Can I connect to the Internet over Direct Connect?
Is IPv6 supported for BGP peering?
Does AWS set community strings?
Yes. AWS advertises their prefixes with BGP communities. AWS sets a community string of ‘no–export’ that prevents your router from advertising the networks to an eBGP peer. In addition, AWS sets community strings for the local AWS region and all AWS regions for a continent. For more information, see Routing Policies and BGP Communities.
Is BFD available?
Yes. Each virtual interface has it enabled by default. BFD does not take effect until you configure your equipment. AWS has set BFD detection to minimum interval of 300 and a detection multiplier of 3.
Is QoS supported?
No. AWS does not queue or prioritize traffic based on IP Precedence or DSCP values. However, if your traffic is marked, AWS does not strip or modify the markings.