How to Enable AWS Direct Connect Redundancy Using Azure ExpressRoute

Cloud Computing

If you are working in a multi-cloud environment involving Microsoft Azure and Amazon Web Services, you may be using AWS Direct Connect or Azure ExpressRoute to set up a private interconnection to your on-premises resources. In this article, I’ll explain how you can enable AWS Direct Connect redundancy with Microsoft’s Azure ExpressRoute by using physical or virtual connections.

Even if you don’t use the full capacity of those expensive private connections, it’s important to set up redundancy just in case something goes wrong in your cloud environment. This article will focus on building a redundant AWS Direct Connect connection using Azure ExpressRoute, as this is the most common scenario. However, the solution I’m going to detail should also work with the Google Cloud Platform and other cloud providers.

How to Build Redundant AWS Direct Connect Connections Using Azure ExpressRoute

When enabling private connections to AWS or Azure in your multi-cloud environment, AWS Direct Connect and Azure ExpressRoute are the way to go.

Setting up AWS Direct Connect and Azure ExpressRoute connections

AWS Direct Connect lets you set up a private connection between your on-premises resources to the AWS cloud, and Azure ExpressRoute does the same with Microsoft’s Azure cloud. With these private connections set up, your cloud environment will look like the one shown below.

Setting up AWS Direct Connect and Azure ExpressRoute private connections
Setting up AWS Direct Connect and Azure ExpressRoute private connections

Adding redundancy in your environment

As soon as you make progress with your multi-cloud environment, you should be looking into creating redundancy for the two private connections to your on-premises network. Most customers may just be tempted to implement additional Azure ExpressRoute and AWS Direct Connect connections. In that case, this environment would look like the one in the schema beneath.

Adding new physical connections is possible, though it's not optimal
You can create redundancy by adding new Azure ExpressRoute and AWS Direct connections

Such additional private connections usually have high costs as you need additional WAN connections, and regular providers tend to have high charges and long-term contracts. However, there are alternative solutions to set up redundancy while reducing costs for your organization.

Creating AWS Direct Connect and Azure ExpressRoute redundancy with virtual routers

To build a better redundancy solution, I’ll explain how you can add another Azure ExpressRoute and AWS Direct Connect private connection in your multi-cloud environment without using physical connections. You can create these additional private connections by using virtual routers and interconnection services.

Virtual routers and interconnection providers

There are various providers such as phoenixNAP’s Megaport Cloud Router and the German Internet Exchange operator DE-CIX which offer versatile interconnection services. In the example that follows, I’ll be using Megaport as they provide a SaaS-based model with pay-as-you-need pricing.

After creating your Megaport account, you can start building your virtual network with a Megaport Cloud Router.

Connecting to AWS and Azure with a Megaport Cloud Router

Once you have set up your Megaport Cloud Router, you can create virtual Azure ExpressRoute and AWS Direct Connect connections using Megaport’s AWS Direct Connect Gateway and a virtual cross-connection to the Microsoft Cloud. However, You should choose a peering location that’s near the Azure and AWS data centers you chose. You should also make sure to set your AWS Direct Connect and Azure ExpressRoute peering locations in the same location.

Megaport lets you create virtual Azure ExpressRoute and AWS Direct Connect connections
Megaport lets you create virtual Azure ExpressRoute and AWS Direct Connect connections

After deployment your virtual private connections, your environment architecture should look like the one shown in the image below: In addition to our physical private connection between our on-premises router to AWS and Azure, we now have the additional Cloud Router from Megaport to route the traffic between both cloud environments.

The Megaport Cloud Router can now route traffic between AWS and Azure
The Megaport Cloud Router can now route traffic between AWS and Azure

Building redundancy with virtual Azure ExpressRoute and AWS Direct Connect connections

The next step is to connect our Azure ExpressRoute connection to Megaport’s Azure Virtual Gateway, and our AWS Direct Connect connection to Megaport’s AWS Direct Connect Gateway.

We connect our virtual private connections to the Megaport Cloud Router
We connect our virtual private connections to the Megaport Cloud Router

Afterward, the gateways will receive the Border Gateway Protocol (BGP) routes from the Megaport Cloud Router, and your AWS and Azure workloads will be able to access other workloads across your cloud environment.

For your Azure resources, you’ll need to add Azure Route Server, Network Virtual Appliances or ExpressRoute Global Reach to interconnect your two ExpressRoute connections and enable the on-premises to AWS routing. 

We can interconnect our two ExpressRoute connections with ExpressRoute Global Reach
We can interconnect our two ExpressRoute connections with ExpressRoute Global Reach

If you are using Microsoft’s Azure Virtual WAN virtual networking service, no additional change is needed. Azure Virtual WAN can let you avoid setting up additional user-defined routes, Azure Route Server, and Network Virtual Appliances to route traffic between your different branches.

Once everything is configured properly, you will have redundant connectivity between your on-premises resources and your AWS and Azure workloads. If one connection to your on-premises environment fails, AWS traffic would transit through your Azure ExpressRoute connections and the Megaport Cloud Router.

AWS traffic can now transit through your Azure ExpressRoute connections and the Megaport Cloud Router
AWS traffic can now transit through your Azure ExpressRoute connections and the Megaport Cloud Router

Conclusion

As you can see with this solution, you can leverage AWS Direct Connect, Azure Express Route, and a Megaport Cloud Router to create redundancy in your hybrid cloud environment. You will still have slightly higher costs with this solution that uses virtual private connections to AWS and Azure, but it’s still much cheaper than adding additional on-premises connections for redundancy.

With a Megaport Cloud Router, you can have a reduced Azure ExpressRoute and AWS Direct Connect capacity until you are in a redundancy and disaster case. As soon as you enter a disaster or failover situation, you can increase the traffic capacity. When the situation is solved, you’re free to reduce the capacity again and redeploy your connections.

Related Article: