Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
How do I set up a dedicated connection in Direct Connect?
I want to set up a dedicated connection in AWS Direct Connect.
Resolution
Create a Direct Connect dedicated connection or a LAG
Create a dedicated connection
To create a Direct Connect connection, see Request a Direct Connect dedicated connection.
Choose a Direct Connect location that's near your network.
For Port Speed, you can choose a connection bandwidth of 1 Gbps, 10 Gbps, 100 Gbps, or 400 Gbps. AWS supports a 400 Gbps bandwidth for only specific Direct Connect locations in the United States.
If you require high availability, then create multiple connections.
Note: After Direct Connect creates the connection, the status of the connection changes to Requested. Before you proceed, wait at least 72 hours for AWS to provision the connection.
Create a LAG
To create a link aggregation group (LAG), see Create a LAG at a Direct Connect endpoint. If you require point-to-point security on Ethernet links, then under Additional Settings, select Request a MACsec capable port. Then, associate the media access control security (MACsec) with your LAG.
Download the LOA-CFA
To download a Letter of Authorization and Connecting Facility Assignment (LOA-CFA), see Download the LOA-CFA.
Provide your AWS Direct Connect Partner or service provider with your LOA-CFA, and request a cross-network connection at a Direct Connect location.
Note: If you can't download the LOA-CFA, then check your inbox for an email from AWS that requests more information.
Create a virtual interface
To create a public, private, or transit virtual interface, see Create a virtual interface.
To communicate between your on-premises environment and a virtual private cloud (VPC), use a virtual private gateway. You can use a Direct Connect gateway with a private virtual interface to communicate between an on-premises environment and multiple VPCs without transitive routing. To communicate between your on-premises environment and multiple VPCs with transitive routing, use a transit gateway.
Configure your on-premises router
To establish a BGP peering session with AWS, you must configure your on-premises router. It's a best practice to work with your network team or Internet Service Provider (ISP) to configure it. If you incorrectly configure your router, then connectivity issues can occur.
Test the connection
After you configure your virtual interface and on-premises router, complete the following steps:
- Open the Direct Connect console.
- In the navigation pane, choose Virtual interfaces.
- In the State column, verify that your virtual interface is set to Available.
- Check the BGP neighbor status of your on-premises router to confirm that you established a BGP peering session.
- For a private virtual interface, ping the resources in your VPC to test connectivity. For a public virtual interface, ping the resources in your public AWS endpoints.
If you encounter issues, take the following actions:
- Verify that your virtual interface configuration matches your on-premises router configuration.
- Check that you correctly configured your VPC route tables to route traffic to the virtual gateway or AWS Transit Gateway.
- Confirm that your security groups and network access control lists (network ACLs) allow your required traffic.
Related information
Direct Connect virtual interfaces and hosted virtual interfaces
- Language
- English
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 5 years ago
- AWS OFFICIALUpdated 2 years ago
