惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
Security Archives - TechRepublic
Security Archives - TechRepublic
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
S
Security @ Cisco Blogs
S
Security Affairs
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
Lohrmann on Cybersecurity
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
A
Arctic Wolf
NISL@THU
NISL@THU
P
Proofpoint News Feed
W
WeLiveSecurity
S
Schneier on Security
AI
AI
Schneier on Security
Schneier on Security
N
News and Events Feed by Topic
L
LINUX DO - 最新话题
Cisco Talos Blog
Cisco Talos Blog
AWS News Blog
AWS News Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Know Your Adversary
Know Your Adversary
Scott Helme
Scott Helme
V
Vulnerabilities – Threatpost
Cyberwarzone
Cyberwarzone
I
Intezer
S
Securelist
Help Net Security
Help Net Security
Microsoft Security Blog
Microsoft Security Blog
量子位
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
小众软件
小众软件
Last Week in AI
Last Week in AI
Jina AI
Jina AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
WordPress大学
WordPress大学
罗磊的独立博客
月光博客
月光博客
雷峰网
雷峰网
A
About on SuperTechFans
The GitHub Blog
The GitHub Blog
T
The Blog of Author Tim Ferriss
MongoDB | Blog
MongoDB | Blog
大猫的无限游戏
大猫的无限游戏
博客园 - 司徒正美
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events

Megaport Blog

A Guide to NAT Gateway A Guide to Cloud Storage How the Data Center Is Evolving in 2026 What to Expect When Attending Your First Network Operator Group (NOG) Nine Ways to Connect to Cloud Using Private Connectivity Migrate Your On-premises to the Cloud: A Step-by-Step Guide How to Lower Your Egress Fees in 2026 How to Achieve Data Sovereignty in Europe Cisco and Megaport: Redefining the Edge of Modern Networking How to Reduce Latency in Your Multicloud Environment Introducing Megaport High-Speed Cross-Cloud Encryption Are Businesses Leaving the Cloud? Using Meraki and Megaport Virtual Edge for Multicloud Networking Equinix Metal® is Going Away: Here’s What You Can Do Introducing Megaport On-ramp as a Service Megaport’s Full Solution Portfolio Is Coming to India New Bare-metal GPU Instance Now Available with NVIDIA RTX Pro 6000 A Look Back at 2025: Megaport's Biggest Updates Megaport Expands Into India With Strategic Acquisition of Extreme IX Your 2026 Predictions From AWS re:Invent 2025 What’s Next for NaaS? Top Trends for 2026 What is IPsec? When to Move From Public Internet to Private Connectivity Megaport and Latitude.sh: Bringing Compute and Connectivity Together How to Improve Your Microsoft ExpressRoute Resilience with Megaport Connectivity Comparing Ways to Connect to AWS What is API-First Networking? The Hidden Cost of Running Cloud-Hosted SD-WAN for IaaS How to Overcome NaaS Integration Challenges Introducing SCION with Anapaya and Megaport How You Can Use Network as a Service (NaaS) to Future-Proof Your Network Introducing 400G Ports All the As-a-services, Compared Introducing Megaport IPsec Tunnels High Score: Megaport Hits 1,000 Locations A Guide to Colocation Data Centers Maximizing Peering Through Flow Analysis How to Build Resilient Networks for AI Production Workloads Introducing Packet Filtering on Megaport Cloud Router Building Resilient Government IT: Strategies for Secure, Compliant, and Scalable Connectivity Future-Proofing Government IT: Balancing Innovation, Security, and Sovereignty in a Changing World Telstra Programmable Network Is Being Discontinued. Here’s How to Migrate The Future of WAN Design Depends on Network as a Service (NaaS) Cisco Webex Edge Connect Launches on Megaport Voice and Video Exchange How to Prepare for APRA CPS 230 Regulations Comparing the SD-WAN Licensing Needs of Major Vendors A Guide to Improving Network Performance How Latitude.sh, Wasabi, and Megaport Unlock Cost-Effective Multicloud Four Ways to Connect Your Clouds SD-WAN and MPLS: Weighing the Similarities, Differences, and Benefits What is Network as a Service (NaaS)? How to Arrange Bilateral Peering Sessions Comparing Major SD-WAN Vendors Software Defined Networking in the Healthcare Industry Deploying A Global Network in Minutes With Megaport AWS Direct Connect Gateway (DGW) Data Transfer Outbound Rules Bilateral and Multilateral Peering: What’s the Difference? Multi-Region SD-WAN: Why Megaport SDCI is the Right Choice Microsoft Azure is Going Secure by Default. Are You Ready? Building Production-Ready AI Infrastructure: How Megaport and Vultr Are Solving the Enterprise Challenge Introducing Megaport NAT Gateway A Guide to AWS Security Tools How to Deploy Amazon Bedrock Using AWS Direct Connect and Megaport Azure Private Link, Explained Introducing 100G MCRs Your Questions Answered on Simplifying Hybrid and Multicloud Network Connectivity How to Fix Poor AWS Latency A Look Back at 2024: Megaport’s Biggest Updates Your 2025 Predictions From AWS re:Invent 2024 Six Ways to Get a More Resilient Network in 2025 Multicloud Security: Challenges and Solutions The Real Cost of High Network Latency Why Brazil is Your Key to Unlocking Business Growth in Latin America Why You Need Integrated Network Security Six Key Differences Between Major Cloud Providers How to Automate Your Megaport Infrastructure With APIs Why Italy is Europe’s Next Cloud Expansion Hotspot How to Lower Your Cloud Costs Peering: How Local Is Local? Introducing Megaport AI Exchange Two Scenarios for Hybrid Multicloud Deployment With IBM Cloud and Microsoft Azure How to Connect Equinix and Digital Realty Megaport Enables Microsoft Azure ExpressRoute Metro for More Resilient Network Connectivity Executives, Here’s What Your Network Team Wants You to Know Easy Ways to Interconnect Your Network The Role of the Data Center in Your Network 100G VXC Expansion: Now Available From 597 Data Centers Worldwide Top 10 How-To Guides To Improve Your Network Comparing Encryption in Transit Options A Sustainable Business Strategy Starts With Your Network Solutions to Common API Issues With Megaport Transforming Financial Connectivity: Introducing Megaport Financial Services Exchange (FSX) Megaport Enhancing Connectivity in Adelaide Megaport’s Latest Portal Features and Functionalities Automate Your Network Deployments With The New Megaport Terraform Provider A Recap of the Megaport World Tour 2024 Top 5 Cloud and Networking Announcements From Cisco Live 2024 Megaport Enhancing Connectivity in Canberra AWS PrivateLink, Explained How Megaport and Wasabi Are Simplifying Cloud Storage
AWS Hosted Connection Webinar Series Wrap Up and Q and A
Jason Bordujenko · 2020-06-30 · via Megaport Blog

By Jason Bordujenko, Global Head of Solutions Architects

We Answer the Top Five Questions from our Recent AWS Hosted Connection Webinar Series

We recently presented a webinar series on Megaport’s capabilities connecting to Amazon Web Services. This series focused on AWS Hosted Connection (HC), which can facilitate 1:1, diverse, uncontended capacity into AWS regions worldwide, including support for the new Transit Virtual Interface (VIF) type for native connection to AWS Transit Gateways (TGW).

As an Advanced Technology Partner, Megaport helps enterprise customers across four continents connect rapidly and privately to AWS. We have more AWS Direct Connect locations than any other provider worldwide. We were pleased to bring these sessions to life using the distributed talents of our global Solution Architecture teams.

Our customers tell us they overwhelmingly loved the series — in fact, we had over 650 customers attend these sessions held in multiple time zones and multiple languages. One of the best things about these sessions was the insights into what our customers wanted to hear about, and we are pleased to bring to you a compendium of the most frequently asked questions and their answers from the collective wisdom of the global Megaport Solution Architecture team.

Given the great insights we have been given into customer journeys in building out their solutions to AWS using Hosted Connection (both with and without direct Transit Gateway attachments), we have taken the opportunity to consolidate the top five questions and answers from the webinar series across all regions. Enjoy!

About the AWS Direct Connect Hosted Connection Service Offering

Hosted Connections to AWS can be provisioned starting from 50 Mbps up to a full, uncontended 10 Gbps of bandwidth in a single Megaport VXC. A Hosted Connection with a capacity of 500 Mbps or less can support one private or public virtual interface. When provisioned at a capacity of 1 Gbps or more, the Hosted Connection can support one private, public, or transit virtual interface.

Key features include:

  • AWS port hourly fee is billed to customer via Amazon Web Services
  • Dedicated, uncontended bandwidth at hand-off port
  • Fixed speed increments from 50 Mbps to 10 Gbps (VIF speed cannot be changed once provisioned)
  • Support for AWS Transit Gateway at provisioned speeds of 1 Gbps or above
  • Support for diverse ports for building resilient solutions (colour coding highlights diverse ports)

Top Five Questions from the Hosted Connection/Transit Gateway Webinar Series

Q1: We already have a lot of VPCs and a lot of gateways in our AWS account. What will Transit Gateway provide me and what other gateways do I need to be aware of in building a full solution?

A1: This is a very commonly asked question! The pace of change with cloud can sometimes be hard to keep up with, and that’s one of the key reasons that Megaport is way out in front of the pack keeping our sales and technical teams up to speed on new innovations.

Transit Gateway in itself isn’t new. We have previously written about its availability in our blog post, The Enterprise’s Guide to AWS Direct Connect and Transit Gateway. The concept of connectivity options for AWS Direct Connect customers has previously been predicated on the differences between Private and Public peering types. Customers who required routed access to their Transit Gateways had to implement a workaround of IPsec VPN tunnels across Public peering paths on Hosted VIF. Now, with Hosted Connection as an option, Private and Public peering VIFs remain available for all bandwidths, however Transit VIFs become available only on Hosted Connection VXCs that are 1Gbps or larger.

Let’s take a quick look at the gateway types that are available within AWS, how you get there, and what their functions are before we get to the Q&A from the webinar series.

First, it’s important to note there are three primary gateway types to understand:

  1. Virtual Private Gateways (VGW)
  2. Direct Connect Gateways (DXGW)
  3. Transit Gateways (TGW)

If you have an established AWS account, you probably already have one or more of these gateway types already deployed.

The most commonly used gateway type is the VGW, which is also commonly referred to as a VPN Gateway — you can access it by logging into your AWS account using the following link: https://console.aws.amazon.com/vpc/home?VpnGateways=&#VpnGateways. Bear in mind that the menu structure you will need to traverse to access these gateways is between VPC/gateways and under AWS Direct Connect menus (for DXGW type).

vpn AWS Direct Connect

A good primer on the different gateway types appears in our earlier blog post at AWS VGW vs DGW vs TGW: Exploring the evolution of the AWS network gateway and choosing the best option for your business. In terms of this Q&A, it should suffice to say you will be needing to cascade these three gateway types to access a VPC via an AWS Direct Connect Transit VIF on Hosted Connection.

Current AWS side limits dictate that you may have up to 5 Transit Gateways per account, and a maximum of 5 Transit Gateway attachments per VPC. There’s also a limit of 20 Direct Connect gateways per AWS Transit Gateway, and keep in mind that if you are using IPsec VPN endpoints in the PaaS domain, these will be capped at 1.25 Gbps each. There’s some good news though! That is, by the very nature (and definition) by deploying a Transit Gateway, you gain access to the networking holy grail of transitive VPC peering combined with DX route propagation. What does that mean? Essentially you can go from having a complex and manually defined inter-VPC peering structure that can be difficult to maintain at scale to a routing mesh that you can define once, deploy redundantly (easily) and scale up/out as needed. Also those bandwidth limits can be overcome as Transit Gateway allows equal-cost multi-path routing (ECMP), which helps treat multiple single lane paths as a single aggregated data highway. Easy!

For more information on scaling tunnels, or using NVA within a VPC, see Scaling VPN throughput using AWS Transit Gateway.

Q2: Can we connect Transit Gateway with multiple AWS regions?

A2: Yes, the Transit Gateway construct supports inter-region peering across multiple AWS locations. This capability was launched late 2019 (AWS Transit Gateway now supports Inter-Region Peering) and updated for availability across greater regions in April 2020, AWS Transit Gateway now Supports Inter-Region Peering in 11 additional regions. As of the time of publishing, the functionality is available natively in multiple AWS Regions across the globe, though it is possible to use the combination of Megaport and the AWS global backbone for connectivity wherever your AWS Hosted Connection edge location is connected via Megaport, even in AWS regions that Megaport does not serve directly with VXC connectivity. Martin Beeby (AWS) has published a very useful blog post on the topic and what you may achieve with it at AWS Transit Gateway Adds Multicast and Inter-Regional Peering.

Q3: Does Megaport provide highly available connections at each DC?

A3: For AWS Hosted Connections, we are building out a completely new highly available architecture with consideration of potential single points of failure (SPOF) when designing cloud connections. One of the best references is the AWS Direct Connect ‘Resiliency Recommendations’ page, AWS Direct Connect Resiliency Recommendations, that defines some of the core principles to deploying Direct Connect with your cloud workload(s). Prior to the introduction of Hosted Connection, the Hosted VIF model was in use that provided shared (port group) capacity at a given data centre, and diversity was best achieved using multiple VXCs to different physical AWS locations. Now with Hosted Connection, it is possible to achieve port diversity by building a VXC to two locations within a single data centre, avoiding single points of failure other than full DC unavailability, or to build to the ‘Maximum Resiliency for Critical Workloads’ standard by deploying two VXCs to two separate data centre locations as AWS region edge location.

It’s possible to see an example of how this separation would occur by logging into Megaport’s Portal at https://portal.megaport.com and selecting a new Hosted Connection target. For the example below, we can see that for the region ‘us-east-1’ there are two (diverse) target endpoints available, denoted by the orange and blue diversity zone identifiers at CoreSite NY1, and a further ‘us-east-1’ target locations (again diverse) at CoreSite VA1.

AWS Diversity Zone

For designing maximum resilience with Direct Connect, AWS strongly recommend the following:

  1. Ensure that each VGW is associated with a private virtual interface on AWS Direct Connect connections at two or more AWS Direct Connect locations.
  2. Confirm that each private virtual interface advertises the same routes.
  3. For public virtual interfaces, ensure that you have a public virtual interface on each AWS Direct Connect connection at two or more Direct Connect locations.
  4. Regularly test your configuration to ensure proper failover between AWS Direct Connect locations (AWS Direct Connect Failover Test can also help testing this).

You can rest assured that Megaport is taking care at the highest levels of availability to get your data the protection it deserves as customers move more and more critical workloads to the cloud.

Q4: Is it possible to dynamically scale Hosted Connection bandwidth via VXC?

A4: Once a Hosted Connection has been deployed via a Virtual Cross Connect (VXC) through the Megaport portal (or API), the bandwidth assigned between the A-end and B-end is fixed and cannot be modified without tearing down the VXC and creating a new connection. This answer suffices in most cases where bandwidths are known or perhaps a circuit speed change is appropriate when you have started with a too-small/too-large connection initially when in development and changed after a service is almost ready for prime time production. This generally doesn’t pose too much of an issue when the VXC is deployed where the A and B ends of the connection are in the same metropolitan area for billing purposes.

Of course, Megaport has a solution for you when the connection may be long-hauled across our network, and that is Hosted Connection works fantastically well when combined with Megaport Cloud Router (MCR).

A customer with a Megaport that is physically connected on one side of the continent may be consuming resources from an AWS region on the other side of the continent. By specifying and locating an MCR within the metropolitan zone of the AWS destination for the Hosted Connection, you may deploy a port-to-MCR VXC and a MCR-to-cloud VXC. The long-haul port-to-MCR VXC would retain full flexibility with minute-to-minute speed changes possible at the per megabit per second level, and the MCR-to-cloud VXC would be our fixed-tier metropolitan pricing construct for the Hosted Connection itself. Additionally, if you are using public peering as an option for your VIF, you may use the Megaport public IP space for peering with AWS and also have us provide NAT back across your port-to-MCR VXC leg, all at no additional cost above the MCR price itself. This is perfect for access to S3 storage and other public AWS offerings, especially where traffic and workloads may be bursty across a day/week/month.

Q5: What are some of the best practices I should follow when designing for Transit Gateway?

A5: One primary design fundamental is to ensure that your CIDR (subnet ranges) are kept unique across all VPCs that will be connecting to the Transit Gateway, as AWS do not support routing between Amazon VPCs where there are overlapping CIDRs — the attachment routes will simply fail to propagate. Use a tool such as VPC Design Studio to design your VPC CIDR ranges with consideration for the regions and availability zones you wish your VPCs to be mapped to.

Also use a separate subnet for each transit gateway VPC attachment. For each subnet, use a small CIDR block (such as a /28), keeping the space available for EC2 resources. When separate subnets are in use, you may configure access control lists (NACLs) independently; best practice dictates keeping NACLs associated with the transit gateway subnets open and secure NACLs tied to your workload subnets based on inbound/outbound traffic flows. Use a common route table for all subnets associated with a transit gateway, unless your network design requires multiple VPC route tables (for example, a middle-box VPC that routes traffic through multiple NAT gateways).

Lastly, make sure you remember to enable route propagation! And don’t forget, there is no need to specify multiple transit gateways for high availability (HA) as transit gateways are highly available constructs by design. Ensure that you build HA from the customer ports all the way to the cloud provider edge locations, and build in pairs of circuits with different diversity zones.

Let’s Stay Connected

One thing our customers made clear was the desire to hear more from our Solution Architects on other topics such as connectivity into other cloud service providers as well as our internet exchange offering, MegaIX. Make sure you are subscribed to Megaport updates to be informed of our upcoming information sessions.

You can view the webinar, AWS Hosted Connection and Transit Gateway, on our website.