How can I test the resiliency of my Direct Connect connection?

Resolution

Important: To avoid an outage, make sure that you have redundant Direct Connect virtual interfaces or VPN connections.

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

Perform a failover test

Note: You can run the test on public, private, or transit virtual interfaces. However, only the owner of the AWS account that includes the virtual interface can initiate the test.

To perform a failover test, use the Direct Connect console or the AWS CLI.

Direct Connect console

Note: You can stop the failover test at any time.

Complete the following steps:

1. Open the Direct Connect console.
2. In the navigation pane, choose Virtual interfaces.
3. Select your virtual interface.
4. Choose Actions, and then choose Bring down BGP.
5. In the Start failure test dialog box, complete the following steps:
   For Peerings, select the peering session for your test (IPv4 or IPv6).
   For Test maximum time, enter the duration of the test in minutes. The maximum value is 4,320 minutes (72 hours), and the default value is 180 minutes (3 hours).
   For To confirm test, enter Confirm, and then choose Confirm.
   Note: The Border Gateway Protocol (BGP) peering session immediately changes to the DOWN state.
6. To verify that there are no outages and validate the resiliency of your connection, send traffic to your virtual interface.

AWS CLI

Run the following start-bgp-failover-test AWS CLI command:

aws directconnect start-bgp-failover-test --virtual-interface-id dxvif-YOUR_VIRTUAL_INTERFACE_ID --test-duration-in-minutes NUMBER_OF_MINUTES

Note: Replace YOUR_VIRTUAL_INTERFACE_ID with your virtual interface ID and NUMBER_OF_MINUTES with the number of minutes for the BGP failover test to run.

Check for the testing state

To confirm that your virtual interface is in the Testing state, use either the Direct Connect console or AWS CLI.

Direct Connect console

Complete the following steps:

1. Open the Direct Connect console.
2. In the navigation pane, choose Virtual interfaces.
3. Select your virtual interface.
4. In the State column, confirm that your virtual interface is in the Testing state.

AWS CLI

1. Run the following describe-virtual-interfaces AWS CLI command:

   aws directconnect describe-virtual-interfaces --virtual-interface-id dxvif-YOUR_VIRTUAL_INTERFACE_ID

   Note: Replace YOUR_VIRTUAL_INTERFACE_ID with your virtual interface ID.
2. In the command's output, verify that virtualInterfaceState is in the Testing state.

Test virtual interface resiliency

To test the resiliency of your virtual interfaces, initiate traffic either from your on-premises resources to AWS or from AWS to your on-premises resources.

Then, use Amazon CloudWatch to check the health status of the following Direct Connect metrics for your failover traffic:

• VirtualInterfaceBpsEgress
• VirtualInterfacePpsEgress
• VirtualInterfaceBpsIngress
• VirtualInterfacePpsIngress

Confirm that traffic for your failover virtual interface increases.

If you initiated traffic from AWS to your on-premises resources, then check the health status of your outbound traffic metrics. If you initiated traffic from on-premises to AWS, then check the health status of your inbound traffic metrics.

You can also use a traceroute test from an IP address on AWS to an on-premises IP address or the other way around. In the output, confirm that the BGP peering IP addresses of your failover virtual interface appear in the traceroute hops.

View the failover test history

To view the history of your failover test, use the Direct Connect console or the AWS CLI. Your test history can help you validate network resilience, measure failover response times, and troubleshoot failover events.

Note: Direct Connect stores test history data for up to 365 days.

Direct Connect console

Complete the following steps:

1. Open the Direct Connect console.
2. In the navigation pane, choose Virtual interfaces.
3. Select your virtual interface.
4. In the Test history column, confirm that your virtual interface is in the Testing state and then review your test history.

AWS CLI

Run the following list-virtual-interface-test-history AWS CLI command:

aws directconnect list-virtual-interface-test-history --virtual-interface-id dxvif-YOUR_VIRTUAL_INTERFACE_ID

Note: Replace YOUR_VIRTUAL_INTERFACE_ID with your virtual interface ID.

Stop the failover test

To stop the failover test, use either the Direct Connect console or the AWS CLI.

Direct Connect console

Complete the following steps:

1. Open the Direct Connect console.
2. In the navigation pane, choose Virtual interfaces.
3. Select your virtual interface.
4. Choose Actions, and then choose Cancel test.

AWS CLI

Run the following stop-bgp-failover-test AWS CLI command:

aws directconnect stop-bgp-failover-test --virtual-interface-id dxvif-YOUR_VIRTUAL_INTERFACE_ID

Note: Replace YOUR_VIRTUAL_INTERFACE_ID with your virtual interface ID.

Check the state of your virtual interface

After you stop the failover test, make sure that your virtual interface is in the Available state.

Direct Connect console

Complete the following steps:

1. Open the Direct Connect console.
2. In the navigation pane, choose Virtual interfaces.
3. Select your virtual interface.
4. In the State column, confirm that your virtual interface is in the Available state.

AWS CLI

1. Run the following describe-virtual-interfaces AWS CLI command:

   aws directconnect describe-virtual-interfaces --virtual-interface-id dxvif-YOUR_VIRTUAL_INTERFACE_ID

   Note: Replace YOUR_VIRTUAL_INTERFACE_ID with your virtual interface ID.

2. In the command's output, confirm that virtualInterfaceState is in the Available state.

Related information

Direct Connect Failover Test

Configure redundant connections

Monitor with Amazon CloudWatch