AWS Direct Connect - Peering VPCs to Tier 1's and MPLS

James Bensley jwbensley at
Wed Mar 2 10:03:31 UTC 2016

On 1 March 2016 at 20:41, Michael O'Connor <moc at> wrote:
> Jay,
> VPC is supported over IPsec if your public path is sufficient into the AWS
> cloud.

^ This.

I work for a DirectConnect provider, albeit in the UK though. We have
fibre links to a AWS edge routers and we have multiple customers
seperated by VLANs over a fibre link, each terminating into different
VRFs on our edge and the AWS edge. For each customer we have an eBGP
session with a virtual gateway that lives inside the customer's VPC

Also for each customer they have backup tunnels using IPSec over the
Internet. Again we run eBGP over the IPSec tunnels to the virtual
gateway inside each customers VPC domain.

"just works".


More information about the NANOG mailing list