AWS Outposts requires a persistent network connection between the AWS Outposts and an AWS Region to transmit control plane traffic back to the AWS Region. AWS Outposts also needs to establish connectivity to the local on-premises network. The organization is responsible for providing both the local connectivity to the on-premises network and the service link network connectivity back to the AWS Region.
Figure 10.7 – VMC on AWS Outposts underlying connectivity overview
Physical connectivity
Two physical network devices known as ONDs are present on each Outposts rack to enable connectivity to the Customer Network Devices (CNDs) that connect to the organization’s local network. At a minimum, two physical links must exist between the OND and the CND. The ONDs can accommodate multiple speeds and have symmetrical uplink speeds and the same number of uplinks.
The required uplink speeds and number of uplinks between each OND and CND depend on factors such as the make, model, and configuration and the availability of physical ports on the CND. Table 10.2 provides various options for the uplink speeds and quantities for each OND:
| Uplink speed | Number of uplinks |
| 1 Gbps | 1, 2, 4, 6, or 8 |
| 10 Gbps | 1, 2, 4, 8, 12, or 16 |
| 40 Gbps | 1, 2, or 4 |
| 100 Gbps | 1, 2, or 4 |
Table 10.2 – Physical connectivity uplink speeds and quantity of uplinks
AWS Outposts uses the Link Aggregation Control Protocol (LACP) to establish two Link Aggregation Group (LAG) connections, one between each OND and CND. The uplinks from each OND are combined into an Ethernet LAG, representing a single network connection. The organization should configure the LAG on the CNDs, while AWS is responsible for the LAG configuration on the ONDs. Figure 10.7 depicts four uplinks between each OND and CND. Configuring the LAGs using IEEE 802.1q Ethernet trunks is essential to facilitate the transmission of traffic from multiple VLANs between the ONDs and CNDs.
AWS uses Virtual LANs (VLANs) to segregate the traffic between the CND and OND. To separate the responsibilities between AWS and organizations, a demarcation line is established at the network ports of the OND. AWS is responsible for managing any infrastructure on its side of the connection, while organizations are responsible for managing any infrastructure on their side. The traffic that flows between the on-premises network and the network of each AWS Outpost includes the following:
- Service link VLAN: The service link VLAN facilitates traffic between the VMC on an AWS Outposts rack and the AWS Region, which includes the following:
- Control plane traffic, including telemetry, state, and health data of the rack and its components
- Data plane traffic, including traffic that needs to communicate with workloads that reside in the AWS Region
- Local Gateway (LGW) VLAN: The LGW VLAN carries workload traffic between VMC on AWS Outposts SDDC network segments and the organization’s on-premises network. Additionally, this VLAN facilitates communication between the AWS Outposts rack and the internet via the on-premises network.
The service link VLAN and LGW VLAN are configured on the uplinks connecting the OND and CND and do not have to be extended across the organization’s distribution and access switches.
Figure 10.8 – Physical connectivity and LAG between the OND and CND
Once the uplinks are established, the LAGs are configured, and VLANs are created to segregate the traffic, then the Layer 3 connectivity is established using the Border Gateway Protocol (BGP) between the OND and CND. Table 10.3 provides a list of VLANs and their associated traffic (either service link or Local Gateway) that is transmitted on the corresponding uplinks or link aggregations enabled between the CNDs and the ONDs.
| VLAN A | Service link BGP 1 | OND1 to CND1 | LAG 1 |
| VLAN B | Local gateway BGP 1 | ||
| VLAN A | Service link BGP 2 | OND2 to CND2 | LAG 2 |
| VLAN B | Local gateway BGP 2 |
Table 10.3 – List of VLANs required for AWS Outposts service links and LGWs
Table 10.3 shows that four BGP sessions, two each on each of the LAGs for service link and LGW traffic, are required.