[AusNOG] AWS Direct Connect - Connectivity to SaaS app for customers

Rhys Hanrahan rhys at nexusone.com.au
Mon Feb 3 10:47:58 EST 2020 

Hi Everyone,

We are looking to position ourselves to be a recommended connectivity provider to a major SaaS platform in Australia as part of a larger strategy. They host all of their cloud platform on AWS, so I am looking at ways we can differentiate ourselves from “normal” connectivity by providing some level of superior connectivity to this platform in terms of performance and being able to provide a higher level of support of the connectivity from our customer to the SaaS app. For a lot of customers using the app, it would be mission-critical for them.

Obviously a part of this will be to try and partner with the SaaS provider themselves and see what we can work out, but I wanted to see if anyone else has attempted something like this, and if there’s a middle-ground we can reasonably achieve, and hopefully provide a tangibly better experience. And also get feedback on what the outcomes were of undertaking something like this – is it worth it?

We don’t use AWS currently, so I am starting from scratch and will likely need to get in touch with AWS to confirm this approach.

We would be starting with just the cross-connects and a public interface to reach the SaaS platform – my main concerns here are:


  *   Anyone who’s done this – do you actually a notice tangible performance benefit on your AWS app? I feel like any latency benefits would be minimal for an average application.


  *   Is there any solid real-world benefits you can point to? To me the main thing would be having a clearly defined support path more than anything actually technical – but a clear technical benefit to point to would be great.


  *   Does anyone know any stats in terms of latency differences of being on AWS Direct connect dedicated connections vs. transit (bonus: vs. just peering on an IX) to paint a picture of network performance differences.



  *   In terms of getting an official SLA with AWS this seems to require a min $15K USD/month enterprise support contract, so realistically we’re not going to have that in place for some time (maybe ever) because we’ll just be using AWS for the connectivity component. So without this SLA actually in place, what has the reliability of direct connect been like, and how hard is it to get AWS themselves to work with you in the event there is some kind of issue that requires their support? While we can provide a high level of support, AWS is part of the equation and would need to make sure this is solid too.



  *   With Direct Connect in place - are there any issues with just shutting down the AWS Direct connect BGP session and falling back to transit in the event of an issue? I imagine this would be fine. (I am assuming traffic is public but otherwise would need a fallback IPSec tunnel).

My plan would be:


  *   Setup 2x dedicated cross-connects to AWS – one in Sydney and one in Melbourne. I know lots of partners offer AWS Direct Connect over peering, but AWS themselves say they can only offer an SLA on dedicated connections, and with one less point of failure I’m sure this is a more reliable scenario.



  *   Start with at least a “public interface” on the links – my understanding is that then all public AWS traffic would traverse this link based on advertisements done by us and Amazon.


  *   Work towards developing a relationship with the SaaS provider such that we could establish a “private interface” directly into their AWS infrastructure in some form – my understanding is that it’s possible to setup these private connections between two separate AWS accounts so it should be possible, if the SaaS provider is happy to do this.


  *   Work towards building expenditure with AWS to the point where we could get enterprise support for an official SLA on Direct Connect (a far-off target).

Hopefully I’m not missing anything. Appreciate any advice you can give.

Thanks everyone, as usual.

Rhys Hanrahan
Chief Information Officer
Nexus One Pty Ltd

E: support at nexusone.com.au<mailto:support at nexusone.com.au>
P: +61 2 9191 0606
W: http://www.nexusone.com.au/
M: PO Box A356 Sydney South, NSW 1235
A: Level 12 227 Elizabeth St, Sydney NSW 2000

[ttp://quintus.nexusone.com.au/~rhys/nexus1-email-sig.jpg]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200202/6c251f44/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 17047 bytes
Desc: image001.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20200202/6c251f44/attachment.jpg>

More information about the AusNOG mailing list