How do I add or remove IP address prefixes on my Direct Connect public virtual interface?

Short description

You must own the IP address prefixes that you advertise to the AWS network in the public virtual interface. To advertise IP address prefixes that third parties or internet service providers (ISPs) own, you must provide AWS Support with a Letter of Authorization (LOA) from the prefix owner.

Resolution

Verify the ownership of the public IP address prefix

To find who owns the public IP address prefix, use the whois tool that belongs to your Regional Internet Registry (RIR). Or, run the whois command on your Mac or Linux machine.

Use the whois tool for your RIR

Review the following documentation for the RIR that you use:

• For American Registry of Internet Numbers (ARIN), see ARIN whois/RDAP on the ARIN website.
• For RIPE Network Coordination Center (RIPE NCC), see RIPE database query on the RIPE Database website.
• For Internet Numbers Registry for Africa (AFRICNIC), see Search query on the AFRINIC website.
• For Asia Pacific Network Information Centre (APNIC), see APNIC whois search on the APNIC website.
• For Internet Address Registry for Latin America and the Caribbean (LACNIC), see MiLACNIC query on the MilLACNIC website.

Run the whois command

In a macOS or Linux environment, run the following command:

whois -h whois.server.net YOUR_IP_ADDRESS

Note: Replace whois.server.net with your RIR's whois URL and YOUR_IP_ADDRESS with the IP address that you want to check.

Example output:

NetRange: 192. 0.2. 0 - 192. 0.2. 255
CIDR: 192. 0.2. 0/24
NetName: TEST-NET-1
NetHandle: NET-192-0-2-0-1
Parent: NET192 (NET-192-0-0-0-0)
NetType: IANA Special Use
OriginAS:
Organization: Internet Assigned Numbers Authority (IANA)
Point of Contact: YOUR_CONTACT_DETAILS

If you're the owner of the AWS account, then the values for Organization and Point of Contact match the information in your AWS account.

Add an IP address prefix to an existing public virtual interface

Use the account that owns the public virtual interface to create a support case.

If you own the prefix, then include the following information in your support case:

• Public virtual interface ID
• IPv4 or IPv6 address prefixes that you want to include in the existing public virtual interface

If a third party or ISP owns the prefix, then include an LOA in addition to the preceding information.

Update the BGP peer status

After AWS adds the new IP address prefixes to the public virtual interface, initiate a Border Gateway Protocol (BGP) outbound soft refresh action in your gateway device. The action must resend the latest prefixes to the Direct Connect endpoint.

Cisco router example configuration

To perform an outbound soft refresh of BGP routes, run the following command in your Cisco router's terminal:

clear ip bgp YOUR_IP_ADDRESS soft out

Note: Replace YOUR_IP_ADDRESS with your public virtual interface peer IP address.

For more information, see the BGP command reference on the Cisco website.

Juniper router example configuration

To perform an outbound soft refresh of BGP routes, run the following command in your Juniper router's terminal:

clear bgp neighbor YOUR_IP_ADDRESS soft

Note: Replace YOUR_IP_ADDRESS with your public virtual interface peer IP address.

For more information, see the Junos CLI reference on the Juniper website.

Remove prefixes from the Direct Connect public virtual interface

Use the account that owns the public virtual interface to create a support case.

Include the following information in your support case:

• Public virtual interface ID
• IPv4 or IPv6 address prefixes that you want to remove