Menu
AWS Direct Connect
User Guide

Creating a Virtual Interface

You can create a public virtual interface to connect to public resources (non-VPC services), or a private virtual interface to connect to your VPC.

Before you begin, ensure that you have read the information in Prerequisites for Virtual Interfaces.

To provision a public virtual interface

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. In the navigation pane, choose Connections, select the connection to use, and then choose Actions, Create Virtual Interface.

  3. In the Create a Virtual Interface pane, choose Public.

    
						Create a Virtual Interface screen
  4. In the Define Your New Public Virtual Interface dialog box, do the following:

    1. For Connection, select an existing physical connection on which to create the virtual interface.

    2. For Virtual Interface Name, enter a name for the virtual interface.

    3. For Virtual Interface Owner, select the My AWS Account option if the virtual interface is for your AWS account.

    4. For VLAN, enter the ID number for your virtual local area network (VLAN).

    5. If you're configuring an IPv4 BGP peer, choose IPv4, and do the following:

      • For Your router peer IP, enter the IPv4 CIDR destination address to which Amazon should send traffic.

      • For Amazon router peer IP, enter the IPv4 CIDR address to use to send traffic to Amazon.

    6. If you're configuring an IPv6 BGP peer, choose IPv6. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.

    7. For BGP ASN, enter the Border Gateway Protocol (BGP) Autonomous System Number (ASN) of your gateway.

    8. To have AWS generate a BGP key, select the Auto-generate BGP key check box .

      To provide your own BGP key, clear the Auto-generate BGP key check box. For BGP Authentication Key, enter your BGP MD5 key.

    9. For Prefixes you want to advertise, enter the IPv4 CIDR destination addresses (separated by commas) to which traffic should be routed over the virtual interface.

  5. Choose Continue.

After you've created the virtual interface, you can download the router configuration for your device. For more information, see Downloading the Router Configuration File.

To provision a private virtual interface to a VPC

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. In the navigation pane, choose Connections, select the connection to use, and choose Create Virtual Interface.

  3. In the Create a Virtual Interface pane, select Private.

    
						Create a Virtual Interface screen
  4. Under Define Your New Private Virtual Interface, do the following:

    1. For Virtual Interface Name, enter a name for the virtual interface.

    2. For Virtual Interface Owner, select the My AWS Account option if the virtual interface is for your AWS account.

    3. For Virtual Private Gateway, select the virtual private gateway to which to connect.

    4. For VLAN, enter the ID number for your virtual local area network (VLAN).

    5. If you're configuring an IPv4 BGP peer, choose IPv4, and do the following:

      • To have AWS generate your router IP address and Amazon IP address, select Auto-generate peer IPs.

      • To specify these IP addresses yourself, clear the Auto-generate peer IPs check box. For Your router peer IP, enter the destination IPv4 CIDR address to which Amazon should send traffic. For Amazon router peer IP, enter the IPv4 CIDR address to use to send traffic to AWS.

    6. If you're configuring an IPv6 BGP peer, choose IPv6. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.

    7. For BGP ASN, enter the Border Gateway Protocol (BGP) Autonomous System Number (ASN) of your gateway.

    8. To have AWS generate a BGP key, select the Auto-generate BGP key check box .

      To provide your own BGP key, clear the Auto-generate BGP key check box. For BGP Authentication Key, enter your BGP MD5 key.

  5. Choose Continue.

Note

If you use the VPC wizard to create a VPC, route propagation is automatically enabled for you. With route propagation, routes are automatically populated to the route tables in your VPC. If you choose, you can disable route propagation. For more information, see Enable Route Propagation in Your Route Table in the Amazon VPC User Guide.

After you've created the virtual interface, you can download the router configuration for your device. For more information, see Downloading the Router Configuration File.

To create a private virtual interface using the command line or API

To create a public virtual interface using the command line or API

Downloading the Router Configuration File

After you've created the virtual interface, you can download the router configuration file for your router, and then use the appropriate configuration to ensure that you can connect to AWS Direct Connect.

To download a router configuration

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. In the Virtual Interfaces pane, select the virtual interface, and then choose Actions, Download Router Configuration.

  3. In the Download Router Configuration dialog box, do the following:

    1. For Vendor, select the manufacturer of your router.

    2. For Platform, select the model of your router.

    3. For Software, select the software version for your router.

  4. Choose Download Router Configuration.

Example Router Configuration Files

The following are examples of router configuration files.

Cisco IOS

Copy
interface GigabitEthernet0/1 no ip address interface GigabitEthernet0/1.VLAN_NUMBER description "Direct Connect to your Amazon VPC or AWS Cloud" encapsulation dot1Q VLAN_NUMBER ip address YOUR_PEER_IP router bgp CUSTOMER_BGP_ASN neighbor AWS_PEER_IP remote-as 7224 neighbor AWS_PEER_IP password MD5_key network 0.0.0.0 exit ! Optionally configure Bidirectional Forwarding Detection (BFD). interface GigabitEthernet0/1.VLAN_NUMBER bfd interval 300 min_rx 300 multiplier 3 router bgp CUSTOMER_BGP_ASN neighbor AWS_PEER_IP fall-over bfd

Cisco NX-OS

Copy
feature interface-vlan vlan VLAN_NUMBER name "Direct Connect to your Amazon VPC or AWS Cloud" interface VlanVLAN_NUMBER ip address YOUR_PEER_IP/30 no shutdown interface Ethernet0/1 switchport switchport mode trunk switchport trunk allowed vlan VLAN_NUMBER no shutdown router bgp CUSTOMER_BGP_ASN address-family ipv4 unicast network 0.0.0.0 neighbor AWS_PEER_IP remote-as 7224 password 0 MD5_key address-family ipv4 unicast ! Optionally configure Bidirectional Forwarding Detection (BFD). feature bfd interface VlanVLAN_NUMBER bfd interval 300 min_rx 300 multiplier 3 router bgp CUSTOMER_BGP_ASN neighbor AWS_PEER_IP remote-as 7224 bfd

Juniper JunOS

Copy
configure exclusive edit interfaces ge-0/0/1 set description "Direct Connect to your Amazon VPC or AWS Cloud" set flexible-vlan-tagging set mtu 1522 edit unit 0 set vlan-id VLAN_NUMBER set family inet mtu 1500 set family inet address YOUR_PEER_IP top edit policy-options policy-statement EXPORT-DEFAULT edit term DEFAULT set from route-filter 0.0.0.0/0 exact set then accept up edit term REJECT set then reject top set routing-options autonomous-system CUSTOMER_BGP_ASN edit protocols bgp group EBGP set type external set peer-as 7224 edit neighbor AWS_PEER_IP set local-address YOUR_PEER_IP set export EXPORT-DEFAULT set authentication-key "MD5_key" top commit check commit and-quit # Optionally configure Bidirectional Forwarding Detection (BFD). set protocols bgp group EBGP neighbor AWS_PEER_IP bfd-liveness-detection minimum-interval 300 set protocols bgp group EBGP neighbor AWS_PEER_IP bfd-liveness-detection multiplier 3