I want to troubleshoot my virtual interface on AWS Direct Connect when it's in the DOWN status in the AWS Management Console.
Your virtual interface on Direct Connect can go down for multiple reasons:
- Physical connection is down or flapping
- OSI layer 2 configuration issues
- Border Gateway Protocol (BGP) configuration issues
- Bidirectional Forwarding Detection (BFD) configuration issues
Physical connection is down or flapping
If your physical connection isn't in the UP status and stable, then you must troubleshoot your layer 1 (physical) issues. For more information, see How do I troubleshoot when my Direct Connect connection is DOWN and the Tx/Rx optical signal receives no or low light readings?
OSI layer 2 configuration issues
Check your OSI layer 2 for the following configurations:
- Your VLAN ID with dot1Q encapsulation on your device is configured correctly, as shown in your Direct Connect console.
- The configuration of peer IP addresses is identical on your device in the Direct Connect console.
- All the intermediate devices along the path are configured correctly for dot1Q VLAN tagging with the correct VLAN ID. Also, make sure that VLAN-tagged traffic is preserved on the AWS end of the Direct Connect device.
- Your device learns the MAC address of the Direct Connect device of the configured VLAN ID from the ARP table.
- Your device can ping the Amazon peer IP address sourcing from your peer IP address.
Note: Some network providers use Q-in-Q tagging that alters your tagged VLAN. Direct Connect doesn't support Q-in-Q tagging.
For more information, see Troubleshooting layer 2 (data link) issues.
BGP configuration issues
If your OSI layer 2 configuration is correct, then check your BGP for the following configurations:
- Your local and remote ASNs are correct, as provided in the downloaded configuration file.
- Your neighbor IP address and BGP MD5 password are correct, as provided in the downloaded configuration file.
- Your device isn't blocking inbound or outbound traffic on TCP port 179 and other ephemeral ports.
- Your device isn't advertising more than 100 prefixes to AWS by the BGP. By default, AWS accepts up to 100 prefixes using a BGP session on Direct Connect. For more information, see Direct Connect quotas.
If the preceding configurations are correct, then your BGP status indicates UP.
For more information, see How can I troubleshoot BGP connection issues over Direct Connect?
BFD configuration issues
BFD is a detection protocol that provides fast forwarding path failure detection times. Fast failure detection times facilitate faster routing reconvergence times. AWS supports asynchronous BFD and is automatically turned on for Direct Connect virtual interfaces on AWS.
If your OSI layer 2 and BGP configurations are correct, then check your BFD for the following configurations:
- BFD is turned on for your router. If it's turned on, then check that your BFD is configured correctly on your router.
- Your BFD session is in the UP status on your router.
- Your BFD events or logs on your router for any further issues.
Note: The default AWS BFD liveness detection minimum interval is 300 ms. The default BFD liveness detection multiplier is three.
Troubleshooting AWS Direct Connect