Friday, May 7, 2021

AWS DX / public VIF

Been reading about direct connects, specifically public VIFs. Their documentation makes sense WRT how the IP and VLAN on the DX is supposed to work. Per the AWS documentation, you should use an IP you own or have authorization to use via your ISP. You can request public IPs from AWS to use for it but it sounds like you need to justify it.

How do folks do this in practice? Say I have dual homed Internet running BGP and advertising a leased /24 that I use for NATs. Each ISP lands in a vlan on an access switch and is then trunked to the firewall, and each handoff is a /29

ISP1 ----vlan10-----\ switch ---trunk: 10,20 ---- Firewall ISP2 ----vlan20-----/ 

Do I land the direct connect in a port on vlan 10 or 20, then give the VIF an IP from the respective /29 handoff? Do I carve out a /30 from the leased block and use that?



No comments:

Post a Comment