How do I prepare for maintenance on my Direct Connect connection?

Short description

When a Direct Connect connection is down for maintenance, that connection can be down from a few minutes to a few hours. To prepare for this downtime, take one of the following actions:

• Request a redundant Direct Connect connection.
• Configure a virtual private network (VPN) connection as a backup.

Note: It's a best practice to shift your traffic to another circuit during Direct Connect maintenance. To prevent any production traffic disruption, use one of the preceding options before the scheduled maintenance period. You can also use the AWS Direct Connect Resiliency Toolkit to perform scheduled failover tests and verify the resiliency of your connections.

Resolution

Request a redundant Direct Connect connection

If you request multiple connections to the same colocation site from the same AWS account, then AWS configures them on separate routers. Direct Connect performs maintenance on a single router at a time, so one connection stays up.

If you request a redundant connection at a different colocation site, then you have a secondary connection when the first is down for maintenance. If an infrastructure event affects the entire colocation site, then you can use this second connection.

For information on requesting a new Direct Connect connection, see Request an AWS Direct Connect dedicated connection.

After your secondary connection becomes available, create a virtual interface on the secondary connection for redundancy. To make sure that the secondary connection works as a redundant connection, make sure of the following on the primary and secondary connections:

• Both connections are associated to different AWS logical devices (ALD). ALD represents the logical device on the AWS side. Direct Connect performs maintenance on a single ALD at a time. To make sure that both connections are redundant setup, confirm that both connections are associated to a different ALD. You can identify an ALD ID using the AWS Command Line Interface (AWS CLI) or AWS Management Console (see View your connection details).
• Both virtual interfaces are associated to the same gateway (private virtual gateway or Direct Connect gateway).
• Your router is advertising the same prefixes using the BGP on both virtual interfaces. For more information, see How do I set an Active/Passive Direct Connect connection to AWS?

For information about setting up redundant virtual interfaces, see Set up a Direct Connect connection to AWS from a private or transit virtual interface.

Configure a VPN connection as a backup

For a short-term or lower-cost solution, configure an AWS Site-to-Site VPN as a failover option for a Direct Connect connection. VPN connections generally offer less bandwidth than Direct Connect connections. Make sure that your use case or application can tolerate a lower bandwidth.

Related information

VPN connection as a backup to AWS Direct Connect connection example

What is AWS Direct Connect?

Connect your VPC to remote networks using AWS Virtual Private Network