Connectivity Service - Service Specifications

The Connectivity Service leverages robust AWS networking technologies to provide secure, high-performance connections between customer environments and iotcomms.io's cloud services. Below are the technical specifications that make the Connectivity Service ideal for enterprise-grade connectivity.

1. Network Connectivity Options

   • IPSEC VPN Tunnels

     Supports AWS Site-to-Site IPSEC VPNs with dual, redundant tunnels for each connection, ensuring resilience and automatic failover. BGP dynamic routing allows automated route management across customer and AWS environments, maintaining continuity of service in the event of network changes.

   • AWS Transit Gateway

     Acts as a centralized, scalable network hub for routing traffic across VPCs, Direct Connect connections, and VPN attachments. Transit Gateway supports routing up to 5,000 VPCs, peering across AWS regions, and Equal Cost Multipath (ECMP) routing for load balancing and enhanced bandwidth utilization. It integrates natively with SD-WAN appliances, allowing dynamic SD-WAN routing using GRE and BGP protocols.

   • AWS Direct Connect

     Provides a dedicated, private link between customer data centers and AWS, with support for high-throughput connections (up to 100 Gbps). Direct Connect minimizes latency and enhances performance for real-time applications, with support for Link Aggregation Groups (LAG) to combine multiple connections for greater bandwidth.

2. Routing and Traffic Management

   • Dynamic Routing Protocols

     The Connectivity Service supports BGP for dynamic routing, enabling automatic route propagation and updates between on-premise networks and AWS. This is critical for scaling large networks and ensuring failover across VPN tunnels and Direct Connect links.

   • Static Routing Options

     Customers can configure static routes as an alternative to dynamic BGP routing when route stability and simplicity are preferred. Static routes can be configured across all attachment types in Transit Gateway.

3. Performance and Scalability

   • MTU and Bandwidth Management

     AWS Transit Gateway offers a Maximum Transmission Unit (MTU) of up to 8,500 bytes for VPC, Direct Connect, and Transit Gateway Connect attachments, supporting efficient data transfer for large-scale applications. IPSEC VPN connections maintain an MTU of 1,500 bytes to ensure compatibility with most network environments.

   • Traffic Balancing with ECMP

     Transit Gateway's support for ECMP allows traffic to be balanced across multiple VPN connections, enhancing throughput and reducing latency, especially in distributed, high-demand environments.

   • Multi-Region Peering

     Supports cross-region peering with other AWS Transit Gateways, allowing global connectivity while maintaining private, encrypted routing paths.

4. Security and Compliance

   • MACsec and Private Connections

     Direct Connect offers optional MACsec encryption to secure traffic at the physical layer for data transferred between on-premise locations and AWS, meeting stringent data integrity requirements. Data transmitted through Direct Connect and Transit Gateway remains within the AWS network and does not traverse the public Internet, enhancing security.

   • Compliance with AWS Security Standards

     Transit Gateway and Direct Connect adhere to AWS security and compliance certifications, including PCI DSS, SOC 1/2/3, ISO 27001, and HIPAA eligibility, ensuring that sensitive data can be securely handled according to regulatory requirements.

5. Monitoring and Management

   (provided by AWS in customer's AWS account)

   • Amazon CloudWatch and Flow Logs Integration

     AWS provides real-time monitoring and metrics for bandwidth utilization, connection status, and packet flow via Amazon CloudWatch within the customer's AWS account. VPC Flow Logs are also available, capturing detailed IP traffic information for auditing and troubleshooting.

   • AWS Management Console and APIs

     AWS offers full management support through AWS Console, CLI, and APIs, enabling customers to provision, configure, and monitor network connections independently within their AWS accounts.

These specifications ensure that the Connectivity Service provides secure, compliant, and high-performance connectivity, built on AWS's advanced networking standards and protocols. This technology foundation enables iotcomms.io services to deliver reliable access for mission-critical communications.