If your business relies on or is considering the two leading hyperscalers for your network, you could take your connectivity to the next level by integrating them. Here’s how to do it.
In 2022, having a secure and reliable network for your business isn’t just a nice thing to have: It’s a necessity. As speed, bandwidth, and accessibility needs have increased alongside businesses’ remote expansion, we’ve also seen a surge in multicloud adoption – with a predicted 94% of organizations having a multicloud network by 2024 , many are realizing the benefits of using multiple clouds to support their business-critical applications.
As more and more enterprise workloads migrate to the cloud, many organizations need ways to connect securely and reliably to Amazon Web Service (AWS) and Microsoft Azure, the world’s two largest hyperscalers, to future-proof their networks and ensure the best compatibility between workloads.
And we’ve covered this before: In our blog ‘3 Ways to Connect Your AWS and Microsoft Azure Environments ’, we shared the different methods (along with their pros and cons) to connect your AWS and Azure cloud environments for a more secure and performant multicloud experience. But did you know that you can take it a step further and connect the cloud providers’ dedicated private connections, AWS’ Direct Connect and Azure’s ExpressRoute, to each other?
A dedicated connection is a private connection created by the Cloud Service Provider (CSP) to connect a single business’ network to their cloud. Both Direct Connect and ExpressRoute enable customers to connect to their cloud workloads over a private connection not shared with any other providers or customers. This then provides a path for your business-critical data that does not route through the public internet (which can threaten your network’s reliability, performance, and most importantly, security ).
AWS Direct Connect is the “shortest path to your AWS resources .” With Direct Connect, your network traffic remains on AWS’ global network and therefore never touches the public internet, reducing the chances of bottlenecking or latency.
Azure ExpressRoute acts similarly and allows you to create private connections between Azure data centers and your own data centers or on-premises infrastructure. Connecting via ExpressRoute can be useful for companies heavily relying on Microsoft cloud for services such as virtual compute, database service, or cloud storage, as is also the case with AWS cloud products.
Both Direct Connect and ExpressRoute allow you to transfer data into their cloud for free, but data coming out (egress) is charged by the gigabyte, with pricing depending on region and destination (see our ExpressRoute pricing explanation for more information).
Connectivity speeds offered are also similar ranging from 50Mbps to 100Gbps. Both cloud providers require layer 3 routing with eBGP (External Border Gateway Protocol) for sharing route prefixes.
One technical difference you’ll want to consider is how VLAN (Virtual Local Area Networks) tagging is supported across these two solutions. With AWS Direct Connect, a Virtual Interface (VIF) – which can be configured as private, transit, or public – will be associated with a single VLAN. This will be presented as a single 802.1q subinterface on the Layer 3 endpoint peering with AWS.
With Azure ExpressRoute, QinQ 802.1ad is supported. The outer VLAN tag or S-tag is associated with the ExpressRoute itself and inner tag or C-tag is associated with the peering type.
Azure offers private peering and Microsoft Peering across ExpressRoute – which we’ve explained when to use more in our previous blog. You’ll need to make sure your Layer 3 endpoint supports QinQ. Many providers, such as Megaport, have solutions to work with Layer 3 endpoints that do not support QinQ.
Other technical differences you’ll need to consider are Maximum Transmission Unit (MTU) sizing and BGP Route Prefix Limits. These vary based on cloud provider and in some cases can be configured based on product SKU and configuration options.
There are some product offering differences related to pricing models and service-level agreement (SLAs) available from each CSP.
Compare the private connectivity of AWS and Microsoft Azure, as well as Google Cloud, with our guide .
There are numerous benefits to using a CSP’s dedicated network connection such as Direct Connect and ExpressRoute to connect to their respective cloud rather than the public internet, similar to the benefits of using a private cloud over a public one.
There are a handful of common use cases for connecting the two dedicated cloud connectivity paths. This means that a customer’s ExpressRoute can communicate directly to their Direct Connect path, rather than just connecting their entire AWS and Azure clouds.
Learn how to further integrate your cloud stack for a high-performing multicloud environment.
There are three recommended ways you can connect your Direct Connect and ExpressRoute workloads for better performance and compatibility:
Each of these connection methods can prove beneficial for your enterprise, depending on how you intend to design and take advantage of your multicloud network.
By utilizing one of your existing data centers and establishing two point-to-point circuits from a network service provider (one to AWS Direct Connect and the second to Azure ExpressRoute), you can effectively connect your two workloads.
Establish connection by terminating on a new or existing layer 3 endpoint and use your data center as the hybrid multicloud node between AWS and Azure.
Once complete, you will have established a private data path between AWS and Azure through your data center. The Direct Connect and ExpressRoute location shown will be chosen based on cloud provider region and data center location (this is often the same location for both cloud providers, but it may also be different locations).
Once BGP is established between the data center router and each cloud provider edge, traffic can then pass between Azure and AWS.
This virtual network device can become your Layer 3 endpoint to exchange traffic between AWS and Azure. Network as a Service (NaaS) providers like Megaport offer cloud-based solutions that allow you to easily connect your dedicated connections. While offerings vary by provider, you can typically order a pre-packaged solution that includes licensing and route functionality.
One thing to consider is whether the NaaS provider is also an AWS Direct Connect and Azure ExpressRoute partner. This will become important as you can then more seamlessly build these virtual cross connects (VXCs) from your VNF to the respective cloud providers.
The VNF solution gives you the flexibility to either just deploy a simple router between the two CSPs, create a firewall to implement security policies, or to fully integrate with your SD-WAN solution already in place.
In the below diagram, the router instance is brought closer to the cloud in comparison to the data solution. The data path between Azure and AWS will typically traverse less physical distance. BGP will now terminate between cloud providers and the VNF instance establishing the data paths between the two clouds.
As some network carriers are also AWS and Azure partners, they can provide connectivity from their Private IP-VPN (Internet Protocol Virtual Private Network) solution.
IP-VPNs use multiprotocol label switching (MPLS) technology to avoid connecting via public gateways. This technology has similar benefits to other private solutions including bolstered security, high availability, and improved performance. If your current carrier already provides this type of service to you, it may be worth looking into to accomplish this connectivity need.
With this architecture, the traffic between the two cloud providers will now traverse through your IP-VPN Provider Edge (PE) Router. Unlike the prior solutions discussed, this device is not physically or virtually managed by you.
The right AWS to Azure connection method for your business will depend on a number of factors, from your budget, to the type of applications involved, to network performance, speed, and bandwidth requirements.
Using your data center as the hybrid or multicloud network node can be beneficial to enterprises who have an existing data center and want to more seamlessly connect their workloads. This solution also provides greater oversight and visibility over data migration.
Virtual Network Function (VNF), on the other hand, works best for networks wanting a quick connection solution, as you can deploy the virtual network devices using your NaaS provider’s portal interface or API within minutes. And as it’s placed closer to the workload’s cloud region, you can enjoy higher network performance.
Megaport Cloud Router (MCR) ’s virtual network function capabilities make networking easier by allowing you to connect at Layer 3 in an instant, taking the complexity out of setup. There’s no need to learn the ins and outs of network engineering: Simply log in to your Megaport account and start building your virtual network in a few clicks.
MCR also supports multicloud, and allows you to privately peer between leading cloud providers.
Megaport Virtual Edge (MVE) , our on-demand Network Function Virtualization (NFV) service, allows you to spin up new connections between your clouds, without having to deploy hardware.
If your enterprise wishes to leverage on existing MPLSs, the carrier-managed MPLS option can be beneficial for connectivity that requires less management by your enterprise, leaving it to the experts.
No matter which multicloud network design is right for your business, Megaport has solutions that are quick and simple to deploy, improve network performance, and can reduce costs.
Schedule a free demo with Megaport today and discover your enterprise’s multicloud potential.