Hosted Amazon Direct Connect virtual interfaces - Amazon Direct Connect
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Hosted Amazon Direct Connect virtual interfaces

To use your Amazon Direct Connect connection with another account, you can create a hosted virtual interface for that account. The owner of the other account must accept the hosted virtual interface to begin using it. A hosted virtual interface works the same as a standard virtual interface and can connect to public resources or a VPC.

You can use transit virtual interfaces with Direct Connect dedicated or hosted connections of any speed. Hosted connections support only one virtual interface.

To create a virtual interface, you need the following information:

Resource Required information
Connection The Amazon Direct Connect connection or link aggregation group (LAG) for which you are creating the virtual interface.
Virtual interface name A name for the virtual interface.
Virtual interface owner If you're creating the virtual interface for another account, you need the Amazon account ID of the other account.
(Private virtual interface only) Connection For connecting to a VPC in the same Amazon Region, you need the virtual private gateway for your VPC. The ASN for the Amazon side of the BGP session is inherited from the virtual private gateway. When you create a virtual private gateway, you can specify your own private ASN. Otherwise, Amazon provides a default ASN. For more information, see Create a Virtual Private Gateway in the Amazon VPC User Guide. For connecting to a VPC through a Direct Connect gateway, you need the Direct Connect gateway. For more information, see Direct Connect Gateways.
VLAN A unique virtual local area network (VLAN) tag that's not already in use on your connection. The value must be between 1 and 4094 and must comply with the Ethernet 802.1Q standard. This tag is required for any traffic traversing the Amazon Direct Connect connection.

If you have a hosted connection, your Amazon Direct Connect Partner provides this value. You can’t modify the value after you have created the virtual interface.

Peer IP addresses A virtual interface can support a BGP peering session for IPv4, IPv6, or one of each (dual-stack). Do not use Elastic IPs (EIPs) or Bring your own IP addresses (BYOIP) from the Amazon Pool to create a public virtual interface. You cannot create multiple BGP sessions for the same IP addressing family on the same virtual interface. The IP address ranges are assigned to each end of the virtual interface for the BGP peering session.
  • IPv4:

    • (Public virtual interface only) You must specify unique public IPv4 addresses that you own. The value can be one of the following:

      • A customer-owned IPv4 CIDR

        These can be any public IPs (customer-owned or provided by Amazon), but the same subnet mask must be used for both your peer IP and the Amazon router peer IP. For example, if you allocate a /31 range, such as 203.0.113.0/31, you could use 203.0.113.0 for your peer IP and 203.0.113.1 for the Amazon peer IP. Or, if you allocate a /24 range, such as 198.51.100.0/24, you could use 198.51.100.10 for your peer IP and 198.51.100.20 for the Amazon peer IP.

      • An IP range owned by your Amazon Direct Connect Partner or ISP, along with an LOA-CFA authorization

      • An Amazon-provided /31 CIDR. Contact Amazon Support to request a public IPv4 CIDR (and provide a use case in your request)

        Note

        We cannot guarantee that we will be able to fulfill all requests for Amazon-provided public IPv4 addresses.

    • (Private virtual interface only) Amazon can generate private IPv4 addresses for you. If you specify your own, ensure that you specify private CIDRs for your router interface and the Amazon Direct Connect interface only. For example, do not specify other IP addresses from your local network. Similar to a public virtual interface, the same subnet mask must be used for both your peer IP and the Amazon router peer IP. For example, if you allocate a /30 range, such as 192.168.0.0/30, you could use 192.168.0.1 for your peer IP and 192.168.0.2 for the Amazon peer IP.

  • IPv6: Amazon automatically allocates you a /125 IPv6 CIDR. You cannot specify your own peer IPv6 addresses.

Address family Whether the BGP peering session will be over IPv4 or IPv6.
BGP information
  • A public or private Border Gateway Protocol (BGP) Autonomous System Number (ASN) for your side of the BGP session. If you are using a public ASN, you must own it. If you are using a private ASN, you can set a custom ASN value. For a 16-bit ASN, the value must be in the 64512 to 65534 range. For a 32-bit ASN, the value must be in the 1 to 2147483647 range. Autonomous System (AS) prepending does not work if you use a private ASN for a public virtual interface.

  • Amazon enables MD5 by default. You cannot modify this option.

  • An MD5 BGP authentication key. You can provide your own, or you can let Amazon generate one for you.

(Public virtual interface only) Prefixes you want to advertise

Public IPv4 routes or IPv6 routes to advertise over BGP. You must advertise at least one prefix using BGP, up to a maximum of 1,000 prefixes.

  • IPv4: The IPv4 CIDR can overlap with another public IPv4 CIDR announced using Amazon Direct Connect when either of the following is true:

    • The CIDRs are from different Amazon Regions. Make sure that you apply BGP community tags on the public prefixes.

    • You use AS_PATH when you have a public ASN in an active/passive configuration.

    For more information, see Routing policies and BGP communities.

  • Over a Direct Connect public virtual interface, you can specify any prefix length from /1 to /32 for IPv4 and from /1 to /64 for IPv6.

  • You may add additional prefixes to an existing public VIF and advertise those by contacting Amazon support. In your support case, provide a list of additional CIDR prefixes you want to add to the public VIF and advertise.

(Private virtual interface only) Jumbo frames The maximum transmission unit (MTU) of packets over Amazon Direct Connect. The default is 1500. Setting the MTU of a virtual interface to 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. Jumbo frames apply only to propagated routes from Amazon Direct Connect. If you add static routes to a route table that point to your virtual private gateway, then traffic routed through the static routes is sent using 1500 MTU. To check whether a connection or virtual interface supports jumbo frames, select it in the Amazon Direct Connect console and find Jumbo frame capable on the virtual interface General configuration page.
(Transit virtual interface only) Jumbo frames The maximum transmission unit (MTU) of packets over Amazon Direct Connect. The default is 1500. Setting the MTU of a virtual interface to 8500 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. Jumbo frames are supported up to 8500 MTU for Direct Connect. Static routes and propagated routes configured in the Transit Gateway Route Table will support Jumbo Frames, including from EC2 instances with VPC static route table entries to the Transit Gateway Attachment. To check whether a connection or virtual interface supports jumbo frames, select it in the Amazon Direct Connect console and find Jumbo frame capable on the virtual interface General configuration page.