AARNet4 VPN connections using Shared AWS ports

In this option, AARNet delivers AARNet4 Layer-2 or Layer-3 VPN services to AWS Direct Connect using shared 10Gbps ports, managed by AARNet. Services are available at 200Mbps, 500Mbps or 1Gbps to:

  • Equinix SY3 Data Centre in Sydney
  • Global Switch Data Centre in Sydney

AARNet4 VPN Services can be either:

  • AARNet4 Layer-2 Point-to-Point VPN, or
  • AARNet4 Layer-3 routed VPN.


  • No need for a dedicated AWS port and cross-connect (saves time and cost)
  • Can be provisioned quickly, where AARNet4 is in place at customer site.
  • Multi-point capable. Can connect to diverse points at both Customer and Service Provider ends.
  • (Layer-3 VPN) Will be able to link multiple service providers to the same cloud in future.
  • (Layer-3 VPN) Easier. Customer does not need to know about routing and VLAN allocations.


  • (Layer-3 VPN) Suited for limited numbers of VPCs from each provider. Larger and complex environments are more suited to a Layer-2 VPN or dedicated ports with direct transmission.
  • (Multi-point VPN) slightly higher cost than point-to-point option, particularly at larger bandwidths.
  • (Layer-2 VPN) Customer must configure all VLANS, Sub-IFs, VPCs and be technically capable with BGP routing.
  • (Layer-2 VPN) Creates a complex environment which is best handled by building an automated VPC management system using AWS APIs. This takes significant knowledge and commitment.


  • The customer orders an AWS Direct Connect Service from AARNet.
  • AARNet configures the service end-to-end and assign the Virtual Gateway (VGW) to the customer’s account code
  • Customer gets a message in the AWS console “AARNet wishes to assign this Virtual Gateway to you”. Customer accepts.
  • Customer attaches the WVG to the desired VPC and it becomes reachable from the customer network. (AARNet can provide assistance for this part).