How do I prepare for maintenance on my Direct Connect connection?

Short description

To prepare for downtime, create a redundant Direct Connect connection. Or, you can configure a VPN connection for a short-term, low-cost solution.

To check for maintenance notifications, view your AWS account events on the AWS Health Dashboard.

AWS sends maintenance notifications through your AWS Health Dashboard when the following events occur:

• Maintenance successfully completed.
• You extended the maintenance window by a few hours.
• You cancelled the maintenance.

You can also use the AWS Direct Connect Resiliency Toolkit to perform scheduled failover tests that verify the resiliency of your connections. It's a best practice not to use the toolkit to perform scheduled failover tests during a Direct Connect maintenance period. This is because the Border Gateway Protocol (BGP) session might be prematurely restored either during or after the maintenance.

Resolution

Create a new dedicated connection

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

If you create multiple connections to the same colocation site from the same AWS account, then AWS configures them on separate routers. Direct Connect performs maintenance on a single router at a time so that one connection always stays up. If you create a new dedicated connection at a different colocation site, then you have a secondary connection when the first connection is down for maintenance. If an infrastructure event affects the entire colocation site, then you can use the secondary connection.

To create a secondary dedicated connection, see Request a Direct Connect dedicated connection. After the new dedicated connection is available, create a virtual interface.

To make sure that your secondary connection works as a redundant connection, take the following actions for both the primary and secondary connections:

• Associate both connections with different AWS logical devices.
  Note: Direct Connect performs maintenance on one AWS logical device at a time. To identify an AWS logical device ID, run the describe-connections command.
• Associate the virtual interfaces for both connections with the same gateway, either a private virtual gateway or Direct Connect gateway.
• Use the BGP on both virtual interfaces to make sure that your router advertises the same prefixes. For more information, see How do I set an Active/Passive Direct Connect connection to AWS?

For information about redundant virtual interfaces, see How do I set up an Active/Active or Active/Passive Direct Connect connection from a private or transit virtual interface?

Configure a VPN connection as a backup

Configure an AWS Site-to-Site VPN as a failover option for a Direct Connect connection. VPN connections generally offer less bandwidth than Direct Connect connections. Make sure that your use case or application can handle less bandwidth.

Related information

Hybrid connectivity

Connect your VPC to remote networks using AWS VPN