Q. What is Direct Connect Gateway?

Direct Connect Gateway is a grouping of Virtual Private Gateways (VGWs) and Private Virtual Interfaces (VIFs) that belongs to the same AWS account.

Q. Why is Direct Connect Gateway needed?

It provides two main functions. First; Direct Connect Gateway will enable you to interface with VPCs in any AWS Region (except AWS China Region), enabling you to use your AWS Direct Connect connections to interface with more than one AWS Regions.

Second; you can share private virtual interface to interface with more than one Virtual Private Clouds (VPCs), enabling you to reduce the number of Border Gateway Protocol sessions between your on premise network and AWS deployments.

Q. Are there additional fees when using Direct Connect Gateway and working with remote regions?

You will pay applicable egress data charges and port hour charges as per AWS Direct Connect Pricing.

Q. Do the private Virtual Interfaces(s), Direct Connect Gateway, and VGWs need to be in the same account to use Direct Connect Gateway functionality?

Yes, private virtual interface, direct connect gateway, and VGW (associated with VPC) must be in the same AWS account to use Direct Connect Gateway functionality.

Q. Can I continue to use all my VPC features if I associate VGW (associated with VPC) to Direct Connect Gateway?

Yes, Networking features such as Elastic File System, Elastic Load Balancer, Application Load Balancer, Security Groups, Access Control List, will still work with Direct Connect Gateway.

Direct Connect Gateway will not support CloudHub functionality, but if you are using AWS Classic VPN or AWS VPN connection to VGW that is associated with your Direct Connect Gateway, you will be able to use your VPN connection to failover.

Features that are currently not supported by Direct Connect, AWS Classic VPN, or AWS VPN, such as edge-to-edge routing, VPC peering, VPC endpoint, will not be supported by Direct Connect Gateway.

Q. I am working with one of the AWS Direct Connect partners to get private virtual interface provisioned for my account, can I use Direct Connect Gateway?

Yes, you can associate provisioned Private Virtual Interface with your Direct Connect Gateway when you confirm your provisioned Private Virtual Interface in your AWS account.

Q. What if I just want to connect to VPCs in my local region?

You can continue to use the current practice of attaching your VIF to VGW; you will continue to have intra-region VPC connectivity, and will be charged egress rate that is applicable based on geographical regions.

Q. What are the limits associated with Direct Connect Gateway usage?

Please refer to AWS Direct Connect Limits to get limits associated with the Direct Connect Gateway feature.

Q. Can a VGW (associated with a VPC) be part of more than one Direct Connect Gateway?

No, a VGW-VPC pair can not be part of more than one Direct Connect Gateway.

Q. Can a Private Virtual Interface be attached to more than one Direct Connect Gateway?

No, one Private Virtual Interface can only attach to a single Direct Connect Gateway OR a single VGW.

Q. Can I assocate multiple VGWs (each associated with a VPC) to a Direct Connect Gateway?

Yes, this will be allowed as long as the IP CIDR blocks of the VPC associated with the VGW do not overlap.

Q. How do I connect to the remote VPC?

Once the Private VIF has been associated with your Direct Connect Gateway, you can configure BGP as you would with a traditional Private Virtual Interface. For each VGW that is then associated with the Direct Connect Gateway, you will recieve a BGP announcement for the additional CIDR ranges.

Q. Does Direct Connect Gateway break existing CloudHub functionality for customers?

No, Direct Connect Gateway does not break existing CloudHub for customers. Direct Connect Gateway enables connectivity between on-premise networks and ANY AWS region's VPC. CloudHub enables connectivity between on-premise network using Direct Connect or VPN within the same region the VIF is associated with the VGW directly. Existing CloudHub functionality will continue to be supported.

Q. What type of traffic is supported, and not supported by Direct Connect Gateway?

Please refer to AWS Direct Connect User Guide to review supported and not supported traffic patterns.

Q. Will intra-region CloudHub continue to be supported?

Yes, customers will still be able to attach a Direct Connect VIF directly to a VGW to support CloudHub

Q. I currently have a VPN in us-east-1 attached to a VGW. I want to enable CloudHub in us-east-1 between that VPN and a new VIF. Can I do this with Direct Connect Gateway?

No, you cannot do this with a Direct Connect Gateway, but the option to attach a VIF directly to a VGW is available to enable the VPN <-> Direct Connect CloudHub use case.

Q. I have an existing private virtual interface associated with VGW, can I associate my existing private virtual interface with Direct Connect Gateway?

No, an existing private virtual interface associated with VGW can not be associated with the Direct Connect Gateway. Please create a new private virtual interface, and at the time of creation, associate with your Direct Connect Gateway.

Q. Does Direct Connect Gateway deprecate CloudHub functionality?

No. You can continue using your already created CloudHub.

Q. Can I create a new CloudHub between my VPN connection and Direct Connect VIF?

Yes, you can create a new CloudHub between your VPN and Direct Connect VIF by using a VGW attachment instead of a Direct Connect Gateway attachement.

Q. If I have a VGW attached to a VPN and a Direct Connect Gateway and my Direct Connect circuit goes down, will my VPC traffic route out the VPN?

Yes, as long as the VPC route table still has routes to the VGW towards the VPN.

Q. Can I attach a VGW that is not attached to a VPC to a Direct Connect Gateway?

No, you cannot associate an unattached VGW to Direct Connect Gateway.

Q. I have created a Direct Connect Gateway with one Direct Connect Private Virtual Interface, and three non-overlapping VGWs (each associated with a VPC), what happens if I detach one of the VGW from the VPC?

Traffic from your on-premise network to the detached VPC will stop, and VGW's association with the Direct Connect Gateway will be deleted.

Q. I have created a Direct Connect Gateway with one Direct Connect VIF, and three non-overlapping VGW-VPC pairs, what happens if I detach one of the VGW from the Direct Connect Gateway?

Traffic from your on-premise network to the detached VGW (associated with a VPC) will stop.

Q. Can I send traffic from one VPC associated with a Direct Connect Gateway to another VPC associated to the same Direct Connect Gateway?

No, Direct Connect Gateway only supports routing traffic from Direct Connect VIFs to VGW (associated with VPC). In order to send traffic between 2 VPCs, you would configure a VPC peering connection, the same as you do today.

Q. I currently have a VPN in us-east-1 attached to a VGW. If I associate this VGW to a Direct Connect Gateway, can I send traffic from that VPN to a VIF attached to the Direct Connect Gateway in a different region?

No, a Direct Connect Gateway will not route traffic between a VPN and a Direct Connect VIF. To enable this use case, you would create a VPN in the region of the VIF and attach the VIF and the VPN to the same VGW.

Q. How do I detach my VGW-VPC pair from a Direct Connect Gateway?

You can detach a VGW-VPC pair from a Direct Connect Gateway using the AWS Console or API.

Q. Do you provide any SLA for Direct Connect Gateway?

No, at this time we do not provide a SLA for Direct Connect Gateway.