How do I add or remove IP address prefixes on my Direct Connect public virtual interface?

Resolution

You must own the IP address prefixes that you advertise to the AWS network in the public VIF. To advertise IP address prefixes that are owned by third parties or Internet Service Providers (ISPs), provide AWS Support with a Letter of Authorization (LOA). For more information on this process, see My Direct Connect public virtual interface is stuck in the "Verifying" state. How can I get it approved?

Verify the ownership of the public IP address prefix

Access the whois tool that belongs to your Regional Internet Registry (RIR):

• American Registry of Internet Numbers (ARIN)
• RIPE Network Coordination Center (RIPE NCC)
• The Internet Numbers Registry for Africa (AFRICNIC)
• Asia Pacific Network Information Centre (APNIC)
• Internet Address Registry for Latin America and the Caribbean (LACNIC)

Optional: You can also use the command line interface tool whois query on your preferred system.

On macOS or Linux:

whois -h whois.arin.net 192.0.2.20

Replace the following values with your values:

• whois.arin.net with the name of the ARIN's whois server
• 191.0.2.20 with the IP address that you want to check

The output looks similar to the following one:

NetRange: 192.0.2.0 - 192.0.2.255
CIDR: 192.0.2.0/24
NetName: TEST-NET-1
NetHandle: NET-192-0-2-0-1
Parent: NET192 (NET-192-0-0-0-0)
NetType: IANA Special Use
OriginAS:
Organization: Internet Assigned Numbers Authority (IANA)
RegDate: 2009-06-29
Updated: 2013-08-30

If you're the owner, then the values of the Organization and Point of Contact fields on the output match the information on your AWS account.

Add an IP address prefix that you own to an existing public VIF

Use the account that owns the public VIF to submit a support case to AWS Support. Provide the following details:

• Public virtual interface ID
• IPv4 or IPv6 address prefixes that you want to include in the existing public VIF

After you contact AWS Support, your case is forwarded to the Direct Connect team to complete the verification and allow-listing process.

Add an IP address prefix that's owned by a third party or ISP to an existing public VIF

Use the account that owns the public VIF to submit a support case to AWS Support. Provide the following details:

• Public virtual interface ID
• IPv4 or IPv6 address prefixes that you want to include in the existing Public VIF
• Letter of Authorization (LOA)

After you contact AWS Support, your case is forwarded to the Direct Connect team to complete the verification and allow-listing process.

Remove prefixes from the Direct Connect public VIF

Use the account that owns the public VIF to submit a support case to AWS Support. Provide the following details:

• Public virtual interface ID
• IPv4 or IPv6 address prefixes that you want to remove

Update BGP peer status

Wait until the new IP address prefixes are added for the public VIF. Then, initiate a Border Gateway Protocol (BGP) Outbound Soft Refresh action in the customer gateway device to resend the latest prefixes to the Direct Connect endpoint.

Cisco router example configuration

The following example BGP Outbound Soft Refresh command is for a Cisco router. For more information, see BGP command reference on the Cisco website.

Enter the following command in your router's terminal. Replace the example values with your own values for the Direct Connect public VIF peer IP address.

clear ip bgp 198.51.100.1 soft out

Juniper router example configuration

The following example BGP Outbound Soft Refresh command is for a Juniper router. For more information, see BGP user guide on the Juniper website.

Enter the following command in your router's terminal. Replace the example values with your own values for the Direct Connect public VIF peer IP address.

clear bgp neighbor 198.51.100.1 soft