Resource Center

AWS Connectivity the Easy Way: Key Takeaways

This webinar explains how to connect your on-premises and cloud environments to AWS using Megaport’s Network as a Service (NaaS) and AWS Direct Connect.

It walks through when to use Internet VPN vs private connectivity, how hosted and dedicated Direct Connect work, what Megaport Cloud Router (MCR) and Megaport Virtual Edge (MVE) do, and how to actually spin up connections in the Megaport portal in just minutes instead of months.

Megaport + AWS: What You’re Really Getting

• Network as a Service, not traditional telco
  • Megaport lets you spin up and down connectivity on demand instead of locking into fixed, long-term circuits.
  • Bandwidth is elastic: scale up for migrations or peak periods, then scale back down.
• Tight integration with AWS
  • Megaport is an AWS Advanced Partner and listed in the AWS Marketplace – you can even consume Megaport through your AWS account.
  • One of the largest AWS Direct Connect partners globally, with thousands of Direct Connect links and over a thousand customers on AWS connectivity.
• Neutral, global footprint
  • Presence in 1000+ enabled data centers across major operators (Equinix, Digital Realty, CyrusOne, Evocative, OneNeck, and more).
  • Connectivity not only to hyperscalers (AWS, Azure, GCP, Oracle) but also SaaS, AI, storage, and financial platforms via the Megaport Marketplace.

Internet VPN vs Private AWS Direct Connect

When you use internet VPN

Pros:

• Simple to get started.
• Uses existing internet connectivity.
• Global reach by default.

Cons:

• Egress costs are higher: internet gateways typically charge significantly more per GB than Direct Connect.
• Often needs NAT gateways, adding more cost and complexity.
• Limited and unpredictable bandwidth – IPsec tunnels usually hit practical ceilings around 1.25–2.5 Gbps before you start bonding.
• No SLA on the public internet; performance varies with congestion and routing.

When you use Megaport + AWS Direct Connect

Advantages:

• Lower egress costs – Direct Connect pricing is typically a fraction of internet egress.
• Private connectivity – traffic never touches the public internet.
• Predictable latency and performance across Megaport’s backbone and AWS edge.
• Higher bandwidth options:
  • Hosted: from 50 Mbps up to 25 Gbps (in supported locations).
  • Dedicated: up to 100 Gbps per Direct Connect.
• SLAs from network providers and AWS for availability and performance.

Hosted vs Dedicated AWS Direct Connect with Megaport

Hosted Connection (most common)

• Megaport operates large 100 Gbps NNIs (network-to-network interfaces) into AWS.
• You:
  • Order a Megaport in a Megaport-enabled data centre.
  • Build a Virtual Cross Connect (VXC) from your port to AWS over that NNI.
  • Choose VLAN ID and bandwidth (e.g. 200 Mbps, 1 Gbps, 10 Gbps, up to 25 Gbps where supported).
• This is a Layer 2 connection; once it’s up, you configure BGP between your router and AWS.
• You can create multiple hosted connections (one per VXC) for different environments (prod, dev, test, etc.).

Dedicated Connection

• Megaport stands up:
  • A port handed off to you in your chosen data centre.
  • A dedicated physical port into AWS – no NNI sharing.
• Benefits:
  • Required when you want MACsec (link-layer encryption) – only supported over dedicated connections.
  • Lets you run multiple virtual interfaces (up to 50 private/public VIFs and 4 transit VIFs) over a single 10G or 100G pipe.
  • Often chosen for strict compliance or security requirements where auditors want hard separation.

Why Megaport Beats Traditional Private Connectivity

Traditional carrier model:

• Long provisioning times (60–90 days is normal).
• Fixed bandwidth options (often just 1G or 10G).
• Each cloud typically requires a separate physical circuit back to your data centre.
• You end up burning router ports and optics for every new cloud or region.

Megaport model:

• You order one Megaport in your data centre and cross-connect it to your equipment.
• That single port can support up to 100 VXCs to:
  • Multiple AWS regions and accounts.
  • Other clouds (Azure, GCP, Oracle, etc.).
  • SaaS and partner platforms in the marketplace.
• New connections are software-defined: provisioned in minutes, not months.
• Bandwidth is adjustable on demand, contract terms can be as short as month-to-month.

Built-In Resiliency: Red/Blue Zones and Diverse Hubs

Megaport designs resilience at several layers:

• Red / Blue zones in data centres
  • Two independent stacks of gear (red and blue) per facility.
  • You can place one port in the red zone and another in the blue for intra–data centre diversity.
  • Maintenance windows are staggered (e.g. red on Tuesday, blue on Thursday) so both sides aren’t touched at once.
• Diverse metro core hubs
  • Regional PoPs connect back to multiple core hubs in each metro (e.g. Chicago Digital Realty and Equinix).
  • Underlay is built using diverse 100G/400G waves between metros (Dallas–Phoenix, Dallas–Atlanta, etc.) with MPLS for optimal routing.
• AWS edge diversity
  • In Direct Connect locations, Megaport connects into multiple AWS availability zones (A/B side).
  • You can create dual VXCs or dual ports to build highly available topologies end-to-end.

Megaport Cloud Router (MCR): Cloud-to-Cloud and Migrations

MCR is a virtual routing platform inside the Megaport network:

• No hardware in your data centre – it’s “my first cloud router on a stick” running in Megaport PoPs.
• You can:
  • Connect MCR to AWS, GCP, Oracle, and other clouds via VXCs.
  • Form BGP sessions between MCR and each cloud.
  • Move data between clouds or between a cloud and your data centre over private links.

Typical use cases:

• Cloud migration: move workloads from GCP to AWS (or vice versa) without dragging everything back through your data centre.
• Hybrid Oracle + AWS: keep Oracle databases in Oracle Cloud while apps run in AWS, with low-latency, privately routed connectivity via MCR.
• Scales from 1G up to 100G virtual routers, with built-in Megaport licensing (no BYOL).

Megaport Virtual Edge (MVE): SD-WAN and Branch Connectivity

MVE is a virtual network function platform where you bring your own license:

• Think of it as a universal CPE living in the Megaport edge.
• You deploy your preferred virtual appliance (e.g. Palo Alto, SD-WAN, firewall, router).
• You build IPsec or SD-WAN tunnels from branches, remote users, or devices into the MVE.
• From the MVE, you create VXCs to AWS, other clouds, data centres, and marketplace services.

What this gives you:

• A central connectivity hub for branch, mobile, and IoT traffic without racking new hardware in every site.
• Full control in your chosen management platform (e.g. Palo Alto Strata Cloud Manager), while Megaport handles the underlay network.

Edge Options: AWS Outposts and Local Zones

Megaport also supports more specialised AWS edge architectures:

• AWS Outposts
  • AWS-managed racks hosted in your data centre for ultra-low-latency workloads that still tie back into AWS regions.
  • Megaport connects into Outposts via ports and MCR to reach the parent AWS region over Direct Connect.
  • Typically used by large enterprises with strict latency or locality requirements.
• AWS Local Zones
  • AWS compute and storage brought closer to specific metros (e.g. Kansas City) but logically part of a parent region (e.g. us-east-1).
  • Ideal for sub–5–6 ms latency use cases where a full regional round trip is too slow.
  • Megaport connects you into these Local Zones using the same Direct Connect and VXC model.

Inside the Megaport Portal: How Provisioning Actually Works

The webinar demo shows just how quickly you can build connectivity:

1. Create a Port
   • Choose the data centre (e.g. Equinix CH4 Chicago).
   • Pick speed (1G/10G/100G – 1G being phased out in favour of 10G at the same price).
   • Select contract term (month-to-month, 12, 24, 36 months).
   • Generate the LOA (Letter of Authorization) and give it to the facility to run the cross-connect.
2. Add an AWS Hosted Connection
   • In the same portal, select AWS → Hosted Connection.
   • Choose region (e.g. us-east-2 Ohio) and Direct Connect location (e.g. Equinix CH4 or QTS Columbus for diversity).
   • Set name, bandwidth, VLAN, and enter your AWS account ID.
   • Once ordered, the connection appears in the AWS console, waiting for your acceptance and association with a Direct Connect gateway.
3. Accept in AWS Console
   • In the AWS Direct Connect console, accept the pending connection.
   • Create a virtual interface (private/public/transit) with your BGP settings.
   • Attach it to a Direct Connect gateway, and from there to your VPC(s).

All of this can be driven via the Megaport API or Terraform, and the portal is free to explore before you ever commit to ordering live services.

Conclusion

• Private connectivity to AWS pays off in lower egress costs, better performance, and stronger security than internet VPN.
• Megaport turns networking into NaaS – fast provisioning, flexible bandwidth, and a single port that fan-outs to many clouds and services.
• You can choose between hosted and dedicated Direct Connect, depending on your bandwidth, encryption, and compliance needs.
• Resiliency is baked in with red/blue zones, diverse metro hubs, and dual on-ramp designs into AWS.
• MCR simplifies cloud-to-cloud and hybrid connectivity; MVE gives you a programmable edge for SD-WAN, firewalling, and branch access.
• Advanced architectures like AWS Outposts and Local Zones are supported when you need ultra-low-latency or local processing.
• The Megaport portal (and APIs/Terraform) make spinning up ports, VXCs, and AWS Direct Connect links a matter of minutes, not months.