AWS-ANS-C01 & AWS CERTIFICATION | DX Resiliency & High Availability Patterns (HA) - AWS Certified Advanced Networking

2.3.3.2. DX Resiliency & High Availability Patterns (HA)

AWS Direct Connect (DX) resiliency patterns fundamentally ensure continuous hybrid cloud connectivity by implementing redundancy across connections, locations, and network devices, minimizing downtime and supporting mission-critical workloads.

Scenario: You need to ensure continuous connectivity between your on-premises data center and your AWS VPCs for a mission-critical application. Your primary connection is a 10 Gbps AWS Direct Connect link. You need to design for maximum resilience, including protection against failure of the Direct Connect connection itself or the DX location.

For mission-critical hybrid cloud architectures, ensuring continuous connectivity between on-premises and AWS is paramount. AWS Direct Connect (DX) offers various patterns to achieve high availability (HA).

Key DX Resiliency & HA Patterns:

Single Connection (Non-HA):
- Concept: One DX connection to a single DX location.
- Limitation: Single Point of Failure (SPOF) at the connection, router, or DX location.
Resiliency (via Multiple Connections):
- Dedicated Connections to a Single DX Location:
  - Concept: Two DX connections to the same DX location, but terminated on redundant AWS devices.
  - Benefit: Protects against single AWS device failure.
- Dedicated Connections to Multiple DX Locations in the Same Region:
  - Concept: Two DX connections to different DX locations within the same AWS Region.
  - Benefit: Protects against failures at a single DX location.
- Dedicated Connections to Multiple DX Locations in Different Regions:
  - Concept: Two DX connections to different DX locations in different AWS Regions.
  - Benefit: Highest level of HA and disaster recovery.
VPN as Backup: Use AWS Site-to-Site VPN as a failover path for Direct Connect. Often used for a "less critical" backup path if DX is the primary.
BGP (Border Gateway Protocol): Essential for dynamic routing and fast failover between DX connections or to a VPN backup.

Practical Implementation: BGP AS_PATH Prepending for DX Failover (Conceptual)

Loading diagram...

⚠️ Common Pitfall: Not implementing redundancy on the on-premises side. Even with redundant DX connections to AWS, a single point of failure in your on-premises network (e.g., a single router) can still cause an outage.

Key Trade-Offs:

RTO/RPO vs. Cost: The lower your RTO and RPO (i.e., the faster you need to recover with less data loss), the more expensive and complex your DX resiliency strategy will be.

Reflection Question: How do AWS Direct Connect (DX) resiliency patterns, by implementing redundancy across connections (e.g., multiple DX connections), locations (e.g., different DX locations), and potentially using VPN as a backup, fundamentally ensure continuous hybrid cloud connectivity and minimize downtime for mission-critical workloads?