AWS Direct Connect User Guide - Documentation
Contents
1. Effect Allow Action directconnect Describe l Resource API Version 2013 10 22 46 AWS Direct Connect User Guide Calculating AWS Direct Connect Monthly Costs AWS Direct Connect services are billed by hourly port usage that is port hours and by the amount of outbound data transferred through each virtual interface For more information see Pricing Each dedicated AWS Direct Connect connection can have multiple virtual interfaces to public Amazon Web Services resources and to Amazon Virtual Private Cloud Amazon VPC Data transferred over AWS Direct Connect is billed in the same month in which the usage occurs Data transferred over the Internet when using other AWS services is billed the following month You can calculate your estimated monthly costs using the example below or by using the Simple Monthly Calculator In the example below if you have a 1 Gbps AWS Direct Connect link and transfer 50 GB of data outbound the first month and you also transfer 50 GB outbound through the Internet the charges for the data transferred appears across two separate bills Month 1 Bill Usage Cost 1 Gbps port charge of 0 30 per hour x 24 hours 223 20 x 31 days Total data transfer of 100 GB at 0 00 per GB 0 00 AWS Direct Connect data transfer of 50 GB at 1 00 0 02 per GB Month 2 Bill Usage Cost Internet data transfer of 50 GB at 0 12 per GB 6 002. API Version 2013 10 22 65
3. 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 Select the region that you would like to connect to AWS Direct Connect From the navigation bar select the region that meets your needs For more information see Regions and Endpoints API Version 2013 10 22 13 AWS Direct Connect User Guide Step 2 Submit AWS Direct Connect Connection Request US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo 3 On the Welcome to AWS Direct Connect screen click Get Started with Direct Connect Direct Connect Home Welcome to AWS Direct Connect Connections Get Started With Direct Connect Direct Connect at a Glance Select a Location and Connect Your Order a Connection Network to AWS AWS Direct Connect locations You can connect your data allow you to establish a center office or colocation dedicated network connection environment to AWS Direct from your premises to a specific Connect Contact an APN AWS region Select the region Partner for connectivity you wish to connect to and then options select an AWS Direct Connect location 4 Inthe Create a Connection dialog box do the following AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS Virtual Interfaces Using AWS Direct Connec
4. v AnyCompany Hosting Demo Hosted Connection Equinix SG2 Singapore 50Mbps 0 pending acceptance Connection Name Demo Hosted Connection Connection ID dxcon fh6ajycc Type Hosted Connection Port Speed 50Mbps Location Equinix SG2 Singapore VLAN Assigned 100 Provided By AnyCompany Hosting Virtual Interfaces 0 State pending acceptance Before this connection can be active and used you must accept it If you accept connectivity between your data center and AWS will be provided by partner BI understand that Direct Connect port charges apply once click Accept Connection pecine act 5 Select understand that Direct Connect port charges apply once I click Accept This Connection and then click Accept Connection API Version 2013 10 22 34 AWS Direct Connect User Guide View Virtual Interface Details Working With AWS Direct Connect Virtual Interfaces You must create a virtual interface to begin using your AWS Direct Connect connection You can create a public virtual interface to connect to public resources or a private virtual interface to connect to your VPC You can configure multiple virtual interfaces on a single AWS Direct Connect connection and you ll need one private virtual interface for each VPC to connect to Each virtual interface needs a VLAN ID interface IP address ASN and BGP key To use your AWS Direct Connect connection with another AWS account you can create a hosted virtual interface for that
5. AWS Direct Connect User Guide API Version 2013 10 22 nae mazon webservices a m lar zw m AWS Direct Connect User Guide AWS Direct Connect User Guide AWS Direct Connect User Guide Table of Contents What is AWS Direct Connect ccccccec ee ec eee ee eee non cence ee eea ee eeeeceeeeeeceeeeeeeeeeeeeeeseeeeseeeeseeeeeeseeaeges 1 Requirements coi died 1 AWS Direct Connect Limits oococcccoccncncocnncononnnconnncononnononcononnnrrnnnrrnnnrrnrnrnnrnrnrrnnnrnnnnrrninrnnnnnnnns 2 TOW DOs RO 2 Getting Stated et sur aid cue an Here ae een Ran SEE Herren cues 3 Getting Started at an AWS Direct Connect Location u4s suss sesnennennnennnnenenn ne nnnnen anne nne nn 3 Step 1 Sign Up for Amazon Web Services ooccoccoccoccoccnccnccnccnconccnconccnconcnnconconcnnconconccnnnnens 3 Step 2 Submit AWS Direct Connect Connection Request oocooccoccnccnccnccnccnccnconccnconcnnconccnccnos 4 Step 3 Complete the Cross Connect cece teeter ee ee ne eee eee ee nn nent eter nent 6 optional Step 4 Configure Redundant Connections with AWS Direct Connect 6 Step 5 Create a Virtual Interface ocoooccooccoccoccnccnoconccnconccnconccnconcnnconcnnconcnncnnronconcnnnonccncnnens 7 Step 6 Download Router Configuration ocooconccnccnccnconccnconcnnconccnconnnnconnnnronnnnconnnnrnnnnncanass 10 Step 7 Verify Your Virtual Interface 44444444404H
6. AWS Direct Connect Resources The following related resources can help you as you work with this service AWS Direct Connect Technical FAQ The top questions developers have asked about this product AWS Direct Connect Release Notes A high level overview of the current release as well as notes about any new features corrections and known issues Discussion Forums A community based forum for developers to discuss technical questions related to Amazon Web Services AWS Direct Connect Product Information The primary web page for information about AWS Direct Connect AWS Training and Courses Links to role based and specialty courses as well as self paced labs to help sharpen your AWS skills and gain practical experience AWS Developer Tools Links to developer tools and resources that provide documentation code samples release notes and other information to help you build innovative applications with AWS AWS Support Center The hub for creating and managing your AWS Support cases Also includes links to other helpful resources such as forums technical FAQs service health status and AWS Trusted Advisor AWS Support The primary web page for information about AWS Support a one on one fast response support channel to help you build and run applications in the cloud Contact Us A central contact point for inquiries concerning AWS billing account events abuse and other issues AWS Site Terms Detailed info
7. Delete a Connection You can delete a connection as long as there are no virtual interfaces attached to it Deleting your connection stops all port hour charges for this connection AWS Direct Connect data transfer charges are associated with virtual interfaces Any cross connect or network circuit charges are independent of AWS Direct Connect and must be cancelled separately For more information about how to delete a virtual interface see Delete a Virtual Interface p 36 To delete a connection 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 If necessary change the region From the navigation bar select the region that meets your needs For more information see Regions and Endpoinis API Version 2013 10 22 32 AWS Direct Connect User Guide Accept a Hosted Connection US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo 3 In the navigation pane click Connections 4 Inthe Connections pane select the connection to delete and then click Delete Connection Create Virtual Interface Delete Connection a O Filter Q Search for a Connection gt 4 Viewing 3 of 3 Connections Provided By Name Location Bandwidthy Vis State y Amazon Web Services Far East Offices Equinix SG2 Singapore 1Gbps 0 down 5 Inthe Delete Con
8. Location Region Served How to Request Connection Equinix Ashburn US East N Virginia Requests for cross connect can be submitted by Equinix DC1 DC6 and downloading the corresponding order forms at ht DC10 DC11 tp equinix com careforms Send the completed forms to the Equinix Customer Response ECR team at care forms equinix com CoreSite 32 Avenue of US East N Virginia Requests for cross connect can be submitted by the Americas New York placing an order at the CoreSite Customer Portal After you complete the form review the order for accuracy and then approve it using the MyCoreSite website API Version 2013 10 22 42 AWS Direct Connect User Guide Location Equinix Silicon Valley Equinix SV1 and SV5 CoreSite One Wilshire and 900 North Alameda Equinix Seattle Equinix SE2 and SE3 Switch SUPERNAP 8 Las Vegas NV Terremark NAP do Brasil Sao Paulo Eircom Clonshaugh TelecityGroup Sovereign House Har bor Exchange 6 7 Har bor Exchange 8 9 and London Meridian Gate Equinix Frankfurt Equinix FR5 Sinnet Jiuxiangiao IDC Equinix Tokyo Equinix TY2 Equinix Singapore Equinix SG2 Region Served US West N California US West N California US West Oregon US West Oregon South America Sao Paulo EU Ireland EU Ireland EU Frankfurt China Beijing Asia Pacific Tokyo Asia Pacific Singapore How to Request Connection R
9. Request a sub 1G connection from an APN Partner supporting AWS Direct Connect p 22 Step 3 Accept Your Hosted Connection p 23 optional Step 4 Configure Redundant Connections with AWS Direct Connect p 24 Step 5 Create a Virtual Interface p 24 Step 6 Download Router Configuration p 28 Step 7 Verify Your Virtual Interface p 29 Step 1 Sign Up for Amazon Web Services To use AWS Direct Connect you need an AWS account if you don t already have one To sign up for an Amazon Web Services account 1 Open http www amazonaws cn and then click Sign Up 2 Follow the on screen instructions Part of the sign up procedure involves receiving a phone call and entering a PIN using the phone keypad Step 2 Request a sub 1G connection from an APN Partner supporting AWS Direct Connect You must request a sub 1G connection from an APN partner You cannot order Sub 1G services from the AWS Direct Connect console For a list of APN partners that support AWS Direct Connect see APN Partners supporting AWS Direct Connect Your partner will create a hosted connection for you and it will appear in your AWS Direct Connect console API Version 2013 10 22 22 AWS Direct Connect User Guide Step 3 Accept Your Hosted Connection Step 3 Accept Your Hosted Connection Your selected partner will create a hosted connection for you You will need to accept it in the AWS Direct Connect console before you can create a virtual in
10. no charges Internet data transfer of approx 20 30 20 GB 13GB Usage report no charges Internet data transfer of approx 10 30 20 GB 7GB The aggregate data transfer totals of 10 GB of AWS Direct Connect data transfer and 20 GB of Internet data transfer are billed to payer Account 1 Data transfer usage for linked Accounts 2 and 3 are reported as estimates and may not match actual usage by each of the accounts API Version 2013 10 22 AWS Direct Connect User Guide Consolidated Billing In this example although Account 2 used 10 GB of Internet data transfer AWS computes an approximate amount of 13 GB using proportional allocation Similarly AWS computes 7 GB of Internet data transfer for Account 3 whereas the actual usage is 10 GB The following table shows the characteristics for AWS Direct Connect identified in this example Characteristic Port charge AWS Direct Con nect data transfer Internet data trans fer Metric 0 30 per hour 0 02 per GB 0 12 per GB Description An hourly usage charge for the physical 1 Gbps or 10 Gbps port Data transfer over AWS Direct Connect is billed in the same month in which the usage occurred Standard Internet data transfer usage incurred by using other AWS products is charged the following month In the example below the total monthly cost is the sum of the cost for the number of ports used plus the amount of data in gigabytes transferred using AWS
11. 0 00 per GB 0 00 Month 2 Bill for Accounts 1 2 and 3 Account Cost 1 2 2 Internet data transfer of 10 GB at 0 12 per GB 1 20 API Version 2013 10 22 48 AWS Direct Connect User Guide Consolidated Billing Account 3 Consolidated Billing Cost Internet data transfer of 10 GB at 0 12 per GB 1 20 AWS allows you to receive a single bill for multiple accounts which is also known as consolidated billing The payer account is responsible for all AWS service charges including those incurred by linked accounts With consolidated billing the aggregate data transfer usage totals shown in the payer account are accurate but the data transfer totals for each linked account are approximations derived by proportionally allocating aggregate usage across the linked accounts Using the previous example assume that Account 1 consolidates the bills for Accounts 2 and 3 that is Account 1 is the payer account The monthly bills for all three accounts are shown in the following table Month 1 Bill Account 4 Month 2 Bill Account 4 Note Cost 1 Gbps port charge at 0 30 per hour 223 20 Total data transfer of 30 GB at 0 00 per GB 0 00 AWS Direct Connect data transfer of 10 GB at 0 02 per GB 0 20 Usage report no charges Total data transfer of 20 GB Usage report no charges Total data transfer of 10 GB Cost Internet data transfer of 20 GB at 0 12 per GB 2 40 Usage report
12. AWS Direct Connect Getting Started Guide Connection dxcon ffs3dp1s Far East Offices i Interface Name i Interface Owner My AWS Account D Another AWS Account i VGW vgw e01f67b2 y i Enter the VLAN ID if not already supplied by your AWS Direct Connect partner and the IP Addresses for your router interface and the AWS Direct Connect interface VLAN i Auto generate peer IPs Y i Before you can use your virtual interface we must establish a BGP session You must provide an ASN for your router You will also need an MD5 key to authenticate the BGP session We can generate one for you or you can supply your own BGP ASN i Auto generate BGP key Y i Cancel Continue 5 Under Define Your New Private Virtual Interface do the following API Version 2013 10 22 9 AWS Direct Connect User Guide Step 6 Download Router Configuration a In the Interface Name field enter a name for the virtual interface b In Interface Owner select the My AWS Account option if the virtual interface is for your AWS account ID c In the VGW list select the virtual gateway to connect to d In the VLAN field enter the ID number for your virtual local area network VLAN for example a number between 1 and 4094 e To have AWS generate your router IP address and Amazon IP address select Auto generate peer IPs To specify these IP addresses yourself clear the Auto generate peer IPs check box and then in the Your router
13. After you have established virtual interfaces to the AWS cloud or to Amazon VPC you can verify your AWS Direct Connect connections using the following procedures To verify your virtual interface connection to the AWS cloud Run traceroute and verify that the AWS Direct Connect identifier is in the network trace To verify your virtual interface connection to Amazon VPC 1 Using a pingable AMI such as one of the Amazon Linux AMls launch an Amazon EC2 instance into the VPC that is attached to your virtual private gateway The Amazon Linux AMIs are available in the Quick Start tab when you use the instance launch wizard in the AWS Management Console For more information about launching an Amazon EC2 instance using an Amazon Linux AMI see Launch an Amazon EC2 Instance in the Amazon EC2 User Guide for Linux Instances API Version 2013 10 22 21 AWS Direct Connect User Guide Getting Started with a Sub 1G AWS Direct Connect Partner 2 After the instance is running get its private IP address for example 10 0 0 4 The AWS Management Console displays the address as part of the instance s details 3 Ping the private IP address and get a response Getting Started with a Sub 1G AWS Direct Connect Partner If you want to purchase a sub 1G connection through a partner follow the steps listed in the table below Note A sub 1G connection only supports one virtual interface Step 1 Sign Up for Amazon Web Services p 22 Step 2
14. Flow Chart Troubleshooting a Remote Connection to AWS Direct Connect cceeeeeeeeeeeeeees 58 Troubleshooting a Remote Connection to AWS Direct Connect ococcococcccnconcncononcncnncnnonincnnnncnnonanos 60 Resources nannten iin 61 Documents nee Han a tte edt en ne nd eaten tee eee 62 AWS GIOSSALY nn ai Lea 65 API Version 2013 10 22 iv AWS Direct Connect User Guide Requirements What is AWS Direct Connect AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1 gigabit or 10 gigabit Ethernet fiber optic cable One end of the cable is connected to your router the other to an AWS Direct Connect router With this connection in place you can create virtual interfaces directly to the AWS cloud for example to Amazon Elastic Compute Cloud Amazon EC2 and Amazon Simple Storage Service Amazon S3 and to Amazon Virtual Private Cloud Amazon VPC bypassing Internet service providers in your network path An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with as well as access to other US regions For example you can provision a single connection to any AWS Direct Connect location in the US and use it to access public AWS services in all US Regions and AWS GovCloud US The following diagram shows how AWS Direct Connect interfaces with your network Requirements To use AWS Direct Connect your network must meet one of the
15. In the Your router peer IP field enter the IPv4 CIDR destination address where traffic should be sent In the Amazon router peer IP field enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services In the BGP ASN field enter the Border Gateway Protocol BGP Autonomous System Number ASN of your gateway for example a number between 1 and 65534 Select Auto generate BGP key check box to have AWS generate one To provide your own BGP key clear the Auto generate BGP key check box and then in the BGP Authorization Key field enter your BGP MD5 key In the Prefixes you want to advertise field enter the IPv4 CIDR destination addresses separated by commas where traffic should be routed to you over the virtual interface API Version 2013 10 22 8 AWS Direct Connect User Guide Step 5 Create a Virtual Interface 6 Click Continue and then download your router configuration For more information see Step 6 Download Router Configuration p 10 To provision a private virtual interface to a VPC After you have placed an order for an AWS Direct Connect connection you can create a virtual interface to use to connect to AWS Direct Connect When you create a private virtual interface to a VPC you ll need a private virtual interface for each VPC you want to connect to e g You ll need three private virtual interfaces to connect to three VPCs Before you begin you need the following additional informa
16. Step 3 Complete the Cross Connect AWS will send you an email within 72 hours with either a Letter of Authorization and Connecting Facility Assignment LOA CFA or a request for more information If you receive a request for more information please respond within 5 days or the connection will be deleted After you receive the LOA CFA follow these steps to establish the dedicated connection 1 Contact the colocation provider to request a cross network connection This is frequently referred to as a cross connect You must be a customer of the colocation provider and you must present them with the LOA CFA that authorizes the connection to the AWS router The contact process can vary for each colocation provider For more information about each AWS Direct Connect location see Requesting Cross Connects at AWS Direct Connect Locations p 42 2 Give the colocation provider the necessary information to connect to your network The diagram in What is AWS Direct Connect p 1 shows various placement options You should verify that your equipment meets the specifications set out in Requirements p 1 optional Step 4 Configure Redundant Connections with AWS Direct Connect To provide for failover we recommend that you request and configure two dedicated connections to AWS as shown in the following figure These connections can terminate on one or two routers in your network VPC AWS Pirect Connect Router 2 AWS Direct Cannec
17. account These hosted virtual interfaces work the same as standard virtual interfaces and can connect to public resources or a VPC Topics View Virtual Interface Details p 35 Delete a Virtual Interface p 36 Create a Hosted Virtual Interface p 37 Accept a Hosted Virtual Interface p 39 View Virtual Interface Details You can view the current status of your virtual interface the connection state name and location VLAN and BGP details and peer IP addresses To view details about a virtual interface 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 If necessary change the region From the navigation bar select the region that meets your needs For more information see Regions and Endpoints API Version 2013 10 22 35 AWS Direct Connect User Guide Delete a Virtual Interface US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo 3 Inthe navigation pane click Virtual Interfaces 4 Inthe Virtual Interfaces pane select a virtual interface and then click the arrow next to the virtual interface to view its details Create Virtual Interface Delete Virtual Interface Filter Q Search for a Virtual Interface Xx Viewing Name ID Connection VLAN Type gt State v Tokyo dxvif fgbem54w dxcon fgtose4q 1 pr
18. and then click Create Your connection is listed on the Connections pane of the AWS Direct Connect console Step 3 Send Your Network Provider the LOA and Request That They Order a Cross Connect for You AWS will send you an email within 72 hours with a Letter of Authorization and Connecting Facility Assignment LOA CFA After you receive the LOA CFA forward it to your network provider so they can order a cross connect for you You will not be able to order a cross connect for yourself in the AWS Direct Connect location if you do not have equipment there Your network provider will have to do this for you optional Step 4 Configure Redundant Connections with AWS Direct Connect To provide for failover we recommend that you request and configure two dedicated connections to AWS as shown in the following figure These connections can terminate on one or two routers in your network API Version 2013 10 22 15 AWS Direct Connect User Guide Step 5 Create a Virtual Interface BB VPC MAM A AWS Direct C nnect AWS Pirect Connect Router 1 Router 2 There are different configuration choices available when you provision two dedicated connections Active Active BGP multipath Network traffic is load balanced across both connections If one connection becomes unavailable all traffic is routed through the other This is the default configuration Active Passive failover One connection is handling traffic an
19. arn arn aws iam 123456789012 user Alice accountId 123456789012 accessKeyId EXAMPLE_KEY_ID userName Alice sessionContext attributes mfaAuthenticated false creationDate 2014 04 04T12 23 052 eventTime 2014 04 04T17 37 532 eventSource directconnect amazonaws com eventName DescribeVirtuallnterfaces awsRegion us west 2 API Version 2013 10 22 54 AWS Direct Connect User Guide Understanding AWS Direct Connect Log File Entries Ey sourcelPAddress 127 0 0 1 userAgent Coral Jakarta requestParameters connectionId dxcon fhajolyy Py responseElements null additional entries API Version 2013 10 22 55 AWS Direct Connect User Guide Flow Chart Troubleshooting a Cross Connection to AWS Direct Connect Troubleshooting AWS Direct Connect The following table lists troubleshooting resources that you ll find useful as you work with AWS Direct Connect Resource Description Flow Chart Troubleshooting a Cross Flow chart that provides the steps necessary to diagnose Connection to AWS Direct Con troubleshoot and repair a faulty cross connection to AWS nect p 56 Direct Connect within a colocation facility Troubleshooting a Cross Connection to Task list that provides the steps necessary to diagnose AWS Direct Connect p 58 troubleshoot and repair a faulty cross connection
20. check box if you would like AWS to generate one for you To provide your own BGP key clear the Auto generate BGP key check box and then in the BGP Authorization Key field enter your BGP MD5 key Click Continue The new interface is added to the list of virtual interfaces on the Virtual Interfaces pane Accept a Hosted Virtual Interface Before you can begin using a hosted virtual interface you must have an existing virtual gateway and you must accept the virtual interface To accept a hosted virtual interface 1 2 Open the AWS Direct Connect console at https console amazonaws cn directconnect If necessary change the region From the navigation bar select the region that meets your needs For more information see Regions and Endpoints US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo In the navigation pane click Virtual Interfaces In the Virtual Interfaces pane select the check box next to the virtual interface you want to accept and then click the arrow to expand details about the virtual interface API Version 2013 10 22 39 AWS Direct Connect User Guide Accept a Hosted Virtual Interface 6 1 Virtual Interface Needs to be Accepted 1 virtual interface has been created for you by another account and will not be usable until you accept it Create Virtu
21. propagation Step 6 Download Router Configuration After you have created a virtual interface for your AWS Direct Connect connection you can download the router configuration file To download router configuration 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 Inthe Virtual Interfaces pane select a virtual interface click the arrow to show more details and then click Download Router Configuration Create Virtual Interface Delete Virtual Interface 7 o Filter Q Search for a Virtual Interface x Viewing 3 of 3 Virtual Interfaces Name ID Connection VLAN Type State y o v Tokyo dxvif igbem54w dxcon fgtose4q 1 private down Name Tokyo VLAN 1 ID dxvif fgbem54w BGP ASN 1 Type private BGP Auth Key vKOsuoyD60y5PLESOOWhS8N9H State down Amazon Peer IP 169 254 251 5 30 Connection dxcon fgtose4q Your Peer IP 169 254 251 6 30 Location EqSG2 Virtual Gateway vgw e01f67b2 Download Router Configuration 3 Inthe Download Router Configuration dialog box do the following a In the Vendor list select the manufacturer of your router b In the Platform list select the model of your router c In the Software list select the software version for your router Download Router Configuration x Select the router details Vendor Cisco Systems Inc wi Platform 2900 Series Routers wi Software 105 12 4 i 4 Click Download and then use the appropriate conf
22. received from Amazon To view details about a connection 1 Open the AWS Direct Connect console at https console amazonaws cn directconnect 2 If necessary change the region From the navigation bar select the region that meets your needs For more information see Regions and Endpoints API Version 2013 10 22 31 AWS Direct Connect User Guide Delete a Connection US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo 3 In the navigation pane click Connections 4 Inthe Connections pane select a connection and then click the arrow next to the connection to view its details The service provider associated with the connection is listed in the Provided By column Create Virtual Interface Delete Connection o o e Filter Q Search for a Connection x Viewing 3 of 3 Connections Provided By Name Location Bandwidthy Vlis State v GaP Web Services Far East Offices Equinix SG2 Singapore 1Gbps 0 down Connection Name Far East Offices Connection ID dxcon ffs3dp1s Type Regular Connection Port Speed 1Gbps Location Equinix SG2 Singapore Virtual Interfaces 0 State down Create Virtual Interface gt Amazon Web Services Tokyo Office Equinix SG2 Singapore 1Gbps 2 down gt AnyCompany Hosting Demo Hosted Connection Equinix SG2 Singapore 50Mbps 0 pending acceptance
23. services Create dedicated network connection environment to AWS Direct a Public Virtual Interface for from your premises to a specific Connect Contact an APN public services like Amazon EC2 AWS region Select the region Partner for connectivity and Amazon 3 or use a you wish to connect to and then options Private Virtual Interface to select an AWS Direct Connect connect to you VPC location 4 Inthe Create a Connection dialog box do the following Create a Connection You are currently operating in Asia Pacific Singapore Use the region selector to change to another AWS region To begin name your new Connection select the AWS Direct Connect location in Asia Pacific Singapore where you would like to connect and the port speed you are requesting If these choices don t fit your use case contact one of our partners for other options to connect Connection Name i Location Equinix SG2 Singapore i Port Speed 1Gbps D 10Gbps i a In the Connection Name field type a name for the connection b In the Location list select the appropriate AWS Direct Connect location Note If you don t have equipment at an AWS Direct Connect location click contact one of our partners c Select the appropriate port speed and then click Create Your connection is listed on the Connections pane of the AWS Direct Connect console API Version 2013 10 22 5 AWS Direct Connect User Guide Step 3 Complete the Cross Connect
24. to AWS Direct Connect within a colocation facility Flow Chart Troubleshooting a Remote Flow chart that provides the steps necessary to diagnose Connection to AWS Direct Con troubleshoot and repair a faulty connection to AWS Direct nect p 58 Connect when connecting remotely through a service provider Troubleshooting a Remote Connection Task list that provides the steps necessary to diagnose to AWS Direct Connect p 60 troubleshoot and repair a faulty connection to AWS Direct Connect when connecting remotely through a service provider Flow Chart Troubleshooting a Cross Connection to AWS Direct Connect You can use the following flow chart to diagnose troubleshoot and repair a faulty cross connection to AWS Direct Connect within a colocation facility For a text based version of this flow chart see Troubleshooting a Cross Connection to AWS Direct Connect p 58 API Version 2013 10 22 56 AWS Direct Connect User Guide Flow Chart Troubleshooting a Cross Connection to AWS Direct Connect AWS Direct Connect isn t working Get a device that meets requirements Is your device supported Yes Work with colocation provider to establish a cross connect Are cross onnects done Verify cabling with colocation provider Turn device on active port On your device turn off Auto Are link lights lit Negotiation set to Full Duplex and set to corre
25. to connect to d The VLAN field will already be filled in and grayed out e To have AWS generate your router IP address and Amazon IP address select Auto generate peer IPs To specify these IP addresses yourself clear the Auto generate peer IPs check box and then in the Your router peer IP field enter the destination IPv4 CIDR address that Amazon should send traffic to In the Amazon router peer IP field enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services f In the BGP ASN field enter the Border Gateway Protocol BGP Autonomous System Number ASN of your gateway for example a number between 1 and 65534 g Select Auto generate BGP key check box to have AWS generate one To provide your own BGP key clear the Auto generate BGP key check box and then in the BGP Authorization Key field enter your BGP MD5 key Click Continue and then download your router configuration For more information see Step 6 Download Router Configuration p 28 API Version 2013 10 22 27 AWS Direct Connect User Guide Step 6 Download Router Configuration Note If you use the VPC wizard to create a VPC route propagation is automatically enabled for you For more information on enabling route propagation see Enable Route Propagation in Your Route Table in the Amazon VPC User Guide With route propagation routes are automatically populated to the route tables in your VPC If you choose you can disable route
26. your Amazon Web Services resources Permissions granted using IAM cover all the Amazon Web Services resources you use with AWS Direct Connect so you cannot use IAM to control access to AWS Direct Connect data for specific resources For example you cannot give a user access to AWS Direct Connect data for only a specific virtual interface Important Using AWS Direct Connect with IAM doesn t change how you use AWS Direct Connect There are no changes to AWS Direct Connect actions and no new AWS Direct Connect actions related to users and access control For an example of a policy that covers AWS Direct Connect actions see Example Policy for AWS Direct Connect p 46 No AWS Direct Connect ARNs AWS Direct Connect itself has no specific resources for you to control access to Therefore there are no AWS Direct Connect ARNs for you to use in an IAM policy You use an asterisk as the resource when writing a policy to control access to AWS Direct Connect actions For more information about ARNs see ARNs in IAM User Guide AWS Direct Connect Actions In an IAM policy you can specify any and all actions that AWS Direct Connect offers The action name must include the lowercase prefix directconnect For example directconnect DescribeConnections directconnect CreateConnection or directconnect for all AWS Direct Connect actions For a list of the actions see the AWS Direct Connect API Reference API Version 2013 10 22
27. 4 2014 11 10 2014 10 23 2014 10 23 2014 07 14 API Version 2013 10 22 62 AWS Direct Connect User Guide Change Support for AWS CloudTrail Support for ac cessing re mote AWS re gions Support for hosted connec tions Support for the new location in the EU lre land Region Support for the new Seattle location in the US West Ore gon Region Support for us ing IAM with AWS Direct Connect Support for the new Asia Pa cific Sydney Region Support for the new AWS Dir ect Connect console and the US East N Virginia and South America Sao Paulo Re gions Support for the EU Ireland Asia Pacific Singapore and Asia Pa cific Tokyo Regions Support for the US West Northern Cali fornia Region Description Release Date Added a new topic to explain how you can use CloudTrail to log 2014 04 04 activity in AWS Direct Connect For more information see Logging AWS Direct Connect API Calls in AWS CloudTrail p 51 Added a new topic to explain how you can access public resources 2013 12 19 in a remote region For more information see Accessing a Remote AWS Region in the US p 41 Updated topics to include support for hosted connections 2013 10 22 Updated topics to include the addition of the new AWS Direct Connect 2013 06 24 location serving the EU Ireland Region Updated topics to include the addition of the new AWS Direct Connect 2013 05 08 locati
28. 45 AWS Direct Connect User Guide AWS Direct Connect Keys AWS Direct Connect Keys AWS Direct Connect implements the following policy keys aws CurrentTime for date time conditions aws EpochTime the date in epoch or UNIX time for use with date time conditions aws SecureTransport Boolean representing whether the request was sent using SSL aws Sourcelp the requester s IP address for use with IP address conditions aws UserAgent information about the requester s client application for use with string conditions If you use aws SourceIp and the request comes from an Amazon EC2 instance the instance s public IP address is used to determine if access is allowed Note For services that use only SSL such as Amazon Relational Database Service and Amazon Route 53 the aws SecureTransport key has no meaning Key names are case insensitive For example aws CurrentTime is equivalent to AWS currenttime For more information about policy keys see Condition in AM User Guide Example Policy for AWS Direct Connect This section shows a simple policy for controlling user access to AWS Direct Connect Note In the future AWS Direct Connect might add new actions that should logically be included in the following policy based on the policy s stated goals Example The following sample policy allows a group to retrieve any AWS Direct Connect data but not create or delete any cloud resources Statement
29. AMI see Launch an Amazon EC2 Instance in the Amazon EC2 User Guide for Linux Instances 2 After the instance is running get its private IP address for example 10 0 0 4 The AWS Management Console displays the address as part of the instance s details 3 Ping the private IP address and get a response Getting Started with a Partner or Network Carrier If you don t have equipment hosted in the same facility as AWS Direct Connect you can use a network provider to connect to AWS Direct Connect The provider does not have to be a member of the Amazon Partner Network APN partner to connect you You can get started using a network provider to connect to AWS Direct Connect by completing the steps shown in the following table Step 1 Sign Up for Amazon Web Services p 13 Step 2 Submit AWS Direct Connect Connection Request p 13 API Version 2013 10 22 12 AWS Direct Connect User Guide Step 1 Sign Up for Amazon Web Services Step 3 Send Your Network Provider the LOA and Request That They Order a Cross Connect for You p 15 optional Step 4 Configure Redundant Connections with AWS Direct Connect p 15 Step 5 Create a Virtual Interface p 16 Step 6 Download Router Configuration p 20 Step 7 Verify Your Virtual Interface p 21 Step 1 Sign Up for Amazon Web Services To use AWS Direct Connect you need an AWS account if you don t already have one To sign up for an Amazon Web Services account 1 Open ht
30. API Version 2013 10 22 47 AWS Direct Connect User Guide Multiple Amazon Web Services Accounts Multiple Amazon Web Services Accounts If you have multiple Amazon Web Services accounts the physical 1 Gbps or 10 Gbps port can be associated with one Amazon Web Services account and virtual interfaces can be associated with another Amazon Web Services account Relevant AWS Direct Connect usage charges will appear for each account associated with the service For example You sign up for a 1 Gbps AWS Direct Connect port and provision two virtual interfaces under Account 4 The virtual interface L1 is associated with Account 2 The virtual interface L2 is associated with Account 3 The table below shows usage details for the month Usage Details for Accounts 1 2 and 3 Account AWS Direct Connect Data Internet Data Transfer Transfer 1 7 2 10 GB 10 GB 3 10 GB The following two tables shows billing amounts for all three accounts Account 1 does not show any data transfer charges Accounts 2 and 3 are billed for AWS Direct Connect data transfer charges in month 1 and Internet data transfer charges in month 2 Month 1 Bill for Accounts 1 2 and 3 Account Cost 1 1 Gbps port charge at 0 30 per hour 223 20 2 Total data transfer of 20 GB at 0 00 per GB 0 00 AWS Direct Connect data transfer of 10 GB at 0 02 per GB 0 20 3 Total data transfer of 10 GB at 0 00 per GB 0 00 Total data transfer of 10 GB at
31. AWS Direct Connect 24 Step 5 Create a Virtual Interface cooccoccnccononccononccononccnnoncnononncononnnononnnnnencnnnencnnnonannnon 24 Step 6 Download Router Configuration 00 cceceeenee eee eee ee nese nenne nenne nenne nennen nnnn nennen 28 Step 7 Verify Your Virtual Interface 02 cee eeeeeee nett eee eee tees eee e nenne nenne nenne nenne nenne nenn 29 Working With Connections 2 0 2 0 ccceeceee eee eee eee eee eee eee eee ttn eee eee eee ee eee eee rr nr rnronrnnronrrnrenccnreninncen 31 View Connection Details cccccceceec cence eee ec eee eeeeeeeeceee sense eeeeeeeeeeeeeeeeneceeaeeeeeeseeeseeseeeeeeeeees 31 Deleted COMMECHON iii 32 Accept a Hosted Connection oocooconconccnconccnconnonconnoncon eee eee een ese eee r ner n een esaeeaesaesaesaeeaesaeeneeaeege 33 Working With Virtual Interfaces ooccoccoccoccnccoccnccnconconconconconcnnconcnncnnconconconconcnnconconnoncnnnnnrnncnninnnenens 35 View Virtual Interface Details cccececeec een ecee eee ee eens ee eeneneeeeeeeeeeeseeeeeeeneaeseeeeseeeeseeeeenenees 35 Delete a Virtual Interface ica an el 36 Create a Hosted Virtual Interface oocooccocconicccononccononccononccononccononcnnnonnnnronnnnnonnnnnoncnnnoncnnneness 37 Accept a Hosted Virtual Interface 2 0 2 0 cece tect etre et nenne nea eta eea nea nennen 39 Accessing a Remote AWS Region ccc eter ee ee etnies 41 Requesting Gross
32. Amazon EC2 instance into the VPC that is attached to your virtual private gateway The Amazon Linux AMIs are available in the Quick Start tab when you use the instance launch wizard in the AWS Management Console For more information about launching an Amazon EC2 instance using an Amazon Linux AMI see Launch an Amazon EC2 Instance in the Amazon EC2 User Guide for Linux Instances API Version 2013 10 22 29 AWS Direct Connect User Guide Step 7 Verify Your Virtual Interface 2 After the instance is running get its private IP address for example 10 0 0 4 The AWS Management Console displays the address as part of the instance s details 3 Ping the private IP address and get a response API Version 2013 10 22 30 AWS Direct Connect User Guide View Connection Details Working With AWS Direct Connect Connections You can manage your AWS Direct Connect connections and view connection details accept hosted connections and delete connections For information about how to create a new connection see Step 2 Submit AWS Direct Connect Connection Request p 4 Topics View Connection Details p 31 Delete a Connection p 32 Accept a Hosted Connection p 33 View Connection Details You can view the current status of your connection You can also view your connection ID which looks similar to this example dxcon xxxx and verify that it matches the connection ID on the Letter of Authorization LOA that you
33. BGP MD5 key i Inthe Prefixes you want to advertise field enter the IPv4 CIDR destination addresses separated by commas where traffic should be routed to you over the virtual interface 6 Click Continue and then download your router configuration For more information see Step 6 Download Router Configuration p 20 To provision a private virtual interface to a VPC After you have placed an order for an AWS Direct Connect connection you can create a virtual interface to use to connect to AWS Direct Connect When you create a private virtual interface to a VPC you ll need a private virtual interface for each VPC you want to connect to e g You ll need three private virtual interfaces to connect to three VPCs Before you begin you need the following additional information A new unused VLAN tag that you select A public or private BGP ASN If you are using a public ASN you must own it If you are using a private ASN it must be in the 65000 range The network prefixes to advertise Any advertised prefix must include only your ASN in the BGP AS PATH The virtual private gateway to connect to For more information about creating a virtual private gateway see Adding a Hardware Virtual Private Gateway to Your VPC in the Amazon VPC User Guide Verify that the VLAN is not already in use on this connection Open the AWS Direct Connect console at https console amazonaws cn directconnect In the Connections pane select the conne
34. Connect cross connects are established If they are not work with your service provider to establish them Verify that your router s link lights are working If they are not turn on your device and activate the ports Verify with your service provider that there are no cabling problems Ask your service provider to turn off Auto Negotiation on their device to set their device to Full Duplex and to set their device to the correct speed On your device turn off Auto Negotiation set the device to Full Duplex and set the device to the correct speed If you cannot ping the Amazon IP address verify that the interface IP address is in the VLAN that you provided to Amazon Web Services and then verify your firewall settings If you still cannot connect to AWS Direct Connect open a support ticket with AWS support for assistance and include the original ticket number from your letter of authorization LOA If you cannot establish Border Gateway Protocol BGP after verifying the password provided by Amazon open a support ticket with AWS support for assistance and include the original ticket number from your LOA If you are not receiving Amazon routes and you cannot verify public BGP routing policy private route table security groups or access control lists ACLs open a support ticket with AWS support and include your connection ID from your LOA API Version 2013 10 22 60 AWS Direct Connect User Guide
35. Connects mecanico diciones Dana ana nn a Weta plies a Ha nn nn anne la ra cued nee 42 O ENGE 45 No AWS Direct Connect ARNS 0 ccceceeceeeeceeeec eee ee ee eeeeeeeeseeneceeeeeeeneseseeaeseseseeeeseseeseeeeeees 45 AWS Direct Connect Actions 0 cccceecee cece eee e cee e eee nent ce rr nene rre rre nr rn esa esa een esa tea esa esa eea een ern nnn 45 AWS Direct Connect Keys a ala cen na seed cute dat aid paa 46 Example Policy for AWS Direct Connect c cee eee cece e ee eee ee nenne nnnnnn nenne nnnnnnnnnnnn nenne nennen 46 Calculating Monthly Costs 00 0 0 een nnnnnennnnnn nenne nnnnnn nenn 47 Multiple Amazon Web Services Accounts 0 ceeeeee nett eee e eee teeta eee eee nent nennen nenne nennen 48 Consolidated Billig ociosa pare Obit aes an ah Da ne abs ne aba na ee 49 LOGGING ARIS Calls sanos rios oido IO Otaola 51 AWS Direct Connect Information in CloudTrail ooccoccoccoccoccnccnconccncnnccnconcnncnnconconcnnconcnnccnncnnnns 51 Understanding AWS Direct Connect Log File Entries ooooncocconcoccoccnccnconcnnconcnncnnccnnonccnnoncnnncnnos 52 MOUDIESHOOUING succionar ia a A a A a sd eats nen 56 Flow Chart Troubleshooting a Cross Connection to AWS Direct Connect ocoocococcncoccncnconcnccncncononons 56 API Version 2013 10 22 iii AWS Direct Connect User Guide Troubleshooting a Cross Connection to AWS Direct Connect cceceececeeeee eee ee eee eeeeeeeeeeeeeeees 58
36. Direct Connect This example assumes that you use one port for 31 days to transfer 10 GB of data Variable Port charge AWS Direct Con nect data transfer Internet data trans fer Total cost per month Formula 0 30 per hour x number of ports x 24 hours x number of days in the month 0 02 per GB per month 0 12 per GB port charges data transfer total cost per month Calculation 0 30 x1 x 24 x 31 223 20 0 02 x 10 0 20 0 12 x 10 1 20 223 20 0 20 1 20 224 60 API Version 2013 10 22 50 AWS Direct Connect User Guide AWS Direct Connect Information in CloudTrail Logging AWS Direct Connect API Calls in AWS CloudTrail AWS Direct Connect is integrated with AWS CloudTrail a service that captures API calls made by or on behalf of your AWS account This information is collected and written to log files that are stored in an Amazon Simple Storage Service S3 bucket that you specify API calls are logged when you use the AWS Direct Connect API the AWS Direct Connect console a back end console or the AWS CLI Using the information collected by CloudTrail you can determine what request was made to AWS Direct Connect the source IP address the request was made from who made the request when it was made and so on To learn more about CloudTrail including how to configure and enable it see the AWS CloudTrail User Guide Topics AWS Direct Connect Information in Clou
37. ExampleConnection additional entries The following log file record shows that a user called the CreatePrivateVirtuallnterface action API Version 2013 10 22 52 AWS Direct Connect User Guide Understanding AWS Direct Connect Log File Entries Records eventVersion 1 0 userIdentity type IAMUser principalld EX_PRINCIPAL_ID arn arn aws iam 123456789012 user Alice accountId 123456789012 accessKeyId EXAMPLE_KEY_ID userName Alice sessionContext attributes mfaAuthenticated false creationDate 2014 04 04T12 23 052 eventTime 2014 04 04T17 39 552 eventSource directconnect amazonaws com eventName CreatePrivateVirtuallnterface awsRegion us west 2 sourcelPAddress 127 0 0 1 userAgent Coral Jakarta requestParameters connectionId dxcon fhajolyy newPrivateVirtuallnterface virtuallnterfaceName yVirtuallnterface customerAddress PROTECTED authKey PROTECTED Wasn Ll virtualGatewayld vgw bb09d4a5 amazonAddress PROTECTED Lan 123 hy responseElements virtuallnterfaceld dxvif fgg6lm6w authKey PROTECTED virtualGatewayld vgw bb09d4a5 customerRouterConfig PROTECTED vir
38. HRnnnnnnn nenne nenne een eee nenne nenne nenne nenn 12 Getting Started with a Partner or Network Carrier 2 44s4444444nnnnnn nenne nenne nenne nnnnnn nennen 12 Step 1 Sign Up for Amazon Web Services cooccoccoccnccoconccnconccnconccnconcnnnoncnnroncnnconicnconicnnon 13 Step 2 Submit AWS Direct Connect Connection Request ceeeeeeneeeeeeeeeeeneeeeeneeeeenes 13 Step 3 Send Your Network Provider the LOA and Request That They Order a Cross Connect nn en ee ee tanctelnncaies 15 optional Step 4 Configure Redundant Connections with AWS Direct Connect 15 Step 5 Create a Virtual Interface ooooccoccocccccnccoconcnoconconconcnnconconconcnnroncnnroncnnroncnncnnccnnon 16 Step 6 Download Router Configuration ocoocooconconccnconccnconncnconncncnnnnnconnnnnonrnnconnnnranannnans 20 Step 7 Verify Your Virtual Interface 00 ceeeeee eee cee eects eee c eee e nese nen nnnnnn nennen nenne nenne nenn 21 Getting Started with a Sub 1G AWS Direct Connect Partner cccceceececeeceeeeeeeeeeeeeeeeeeeeeees 22 Step 1 Sign Up for Amazon Web Services ocooccoccoccnccoconccnconccnconccnconcnnnoncnnconcnnnoncnnconinncon 22 Step 2 Request a sub 1G connection from an APN Partner supporting AWS Direct COMMOG ee ee ee ie 22 Step 3 Accept Your Hosted Connection 444444Hs4Hen nennen nenn nnnn nn nnnnnnn nennen nenne nen 23 optional Step 4 Configure Redundant Connections with
39. RESS router bgp CUSTOMER_BGP_ASN neighbor NEIGHBOR_IP_ADDRESS remote as 7224 neighbor NEIGHBOR_IP_ADDRESS password MD5_key network 0 0 0 0 exit EJ API Version 2013 10 22 11 AWS Direct Connect User Guide Step 7 Verify Your Virtual Interface Juniper edit interfaces ge 0 0 1 set description AWS Direct Connect set flexible vlan tagging set mtu 1522 edit unit 0 set vlan id VLAN_ID set family inet mtu 1500 set family inet address IP_ADDRESS exit exit edit protocols bgp group ebgp set type external set authentication key MD5_KEY set peer as 7224 set neighbor NEIGHBOR IP ADDRESS Step 7 Verify Your Virtual Interface After you have established virtual interfaces to the AWS cloud or to Amazon VPC you can verify your AWS Direct Connect connections using the following procedures To verify your virtual interface connection to the AWS cloud Run traceroute and verify that the AWS Direct Connect identifier is in the network trace To verify your virtual interface connection to Amazon VPC 1 Using a pingable AMI such as one of the Amazon Linux AMls launch an Amazon EC2 instance into the VPC that is attached to your virtual private gateway The Amazon Linux AMls are available in the Quick Start tab when you use the instance launch wizard in the AWS Management Console For more information about launching an Amazon EC2 instance using an Amazon Linux
40. S Direct Connect Locations After you have received your Letter of Authorization and Connecting Facility Assignment LOA CFA you need to complete your cross network connection also known as a cross connect If you already have equipment located in an AWS Direct Connect location contact the appropriate provider to complete the cross connect For specific instructions for each provider see the table below Contact your provider for cross connect pricing After the cross connect is established you can create the virtual interfaces using the AWS Direct Connect console If you do not already have equipment located in an AWS Direct Connect location you can work with one of the partners in the AWS Partner Network APN to help you to connect to an AWS Direct Connect location For a list of partners in the APN with experience connecting to AWS Direct Connect see APN Partners supporting AWS Direct Connect You need to share the LOA CFA with your selected provider to facilitate your cross connect request An AWS Direct Connect location provides access to AWS in the region it is associated with You can establish connections with AWS Direct Connect locations in multiple regions but a connection in one region does not provide connectivity to other regions Note If the cross connect is not completed within 90 days the authority granted by the LOA CFA expires To renew a LOA CFA that has expired log on to AWS and then open a ticket with AWS Support
41. al Interface Delete Virtual Interface Sa oo Filter Q Search for a Virtual Interface x Viewing 3 of 3 Virtual Interfaces Name ID Connection VLAN Type State v gt Tokyo dxvif fgbem54w dxcon fgtose4q 1 private down gt Tokyo Office dxvif fihqiqd2 dxcon fgtose4q 2 private down a Hosted 1 dxvif fgvb6c8r dxcon fg6gb0ef 104 private pending acceptance Select the understand that will be responsible for data transfer charges incurred for this interface check box and then click Accept Virtual Interface Create Virtual Interface Delete Virtual Interface cy o 0 Filter Q Search for a Virtual Interface x Viewing 3 of 3 Virtual Interfaces Name v D gt Connection VLAN Type State y gt Tokyo dxvif fgbem54w dxcon fgtose4q 1 private down gt Tokyo Office dxvif fingiqd2 dxcon fgtose4q 2 private down a v Hosted 1 dxvif fgvb6c8r dxcon fg6gb0ef 104 private pending acceptance Name Hosted 1 VLAN 104 ID dxvif fgvb6c8r BGP ASN 65000 Type private BGP Auth Key QjHGQq9y5GEF ySUFNxNwO0wG State pending acceptance Amazon Peer IP Connection dxcon fg6gb0ef Your Peer IP Location EqsG2 Virtual Gateway Before this virtual interface can be active and used you must accept it Y 1 understand that will be responsible for data transfer charges incurred for this interface Accept Virtual Interface Decline Virtual Interface In the Accept Virtual Interface dialog box select a virtual private gateway and then click Accept A
42. ate the BGP session We can generate one for you or you can supply your own BGP ASN i Auto generate BGP key Y i Prefixes you want to advertise i It may take up to 72 hours to verify that your IP prefixes are valid for use with Direct Connect Cancel Continue In the Define Your New Public Virtual Interface dialog box do the following a In the Connection field select an existing physical connection on which to create the virtual interface b In the Interface Name field enter a name for the virtual interface c In Interface Owner select the My AWS Account option if the virtual interface is for your AWS account ID d In the VLAN field enter the ID number for your virtual local area network VLAN for example a number between 1 and 4094 API Version 2013 10 22 17 AWS Direct Connect User Guide Step 5 Create a Virtual Interface e In the Your router peer IP field enter the IPv4 CIDR destination address where traffic should be sent f In the Amazon router peer IP field enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services g In the BGP ASN field enter the Border Gateway Protocol BGP Autonomous System Number ASN of your gateway for example a number between 1 and 65534 h Select Auto generate BGP key check box to have AWS generate one To provide your own BGP key clear the Auto generate BGP key check box and then in the BGP Authorization Key field enter your
43. ccept Virtual Interface x Select a Virtual Gateway to attach to this Virtual Interface VGW vgw e01f67b2 i API Version 2013 10 22 40 AWS Direct Connect User Guide Accessing a Remote AWS Region in the US AWS Direct Connect locations in the United States can access public resources in any US region You can use a single AWS Direct Connect connection to build multi region services To connect to a VPC in a remote region you can use a virtual private network VPN connection over your public virtual interface To access public resources in a remote region you must set up a public virtual interface and establish a border gateway protocol BGP session For more information about creating virtual interfaces see Step 5 Create a Virtual Interface p 7 After you have created a public virtual interface and established a BGP session to it your router learns the routes of the other AWS regions in the US You can then also establish a VPN connection to your VPC in the remote region To learn more about configuring VPN connectivity to a VPC see Scenarios for Using Amazon Virtual Private Cloud in the Amazon VPC User Guide Any data transfer out of a remote region is billed at the remote region data transfer rate For more information about data transfer pricing see the Pricing section on the AWS Direct Connect detail page API Version 2013 10 22 41 AWS Direct Connect User Guide Requesting Cross Connects at AW
44. ct speed Yes Verify settings 1 Interface IP is in Can you ping the the VLAN you Amazon P address provided to AWS 2 Check firewall settings Is BGP Check BGP password established provided by AWS Are you receiving AWS routes Open a support ticket with AWS support and include your connection ID from your LOA API Version 2013 10 22 57 AWS Direct Connect User Guide Troubleshooting a Cross Connection to AWS Direct Connect Troubleshooting a Cross Connection to AWS Direct Connect You can use the following tasks to diagnose troubleshoot and repair a faulty cross connection to AWS Direct Connect within a colocation facility To see these tasks in a flow chart see Flow Chart Troubleshooting a Cross Connection to AWS Direct Connect p 56 1 2 Verify that your device is supported by AWS Direct Connect If not get a device that meets the AWS Direct Connect requirements For more information see What is AWS Direct Connect p 1 Verify that your AWS Direct Connect cross connects are established If they are not work with your colocation provider to establish them Verify that your router s link lights are working If they are not turn on your device and activate the ports Verify with your colocation provider that there are no cabling problems If necessary on your device turn off Auto Negotiation set the device to Full Duplex and set the device to the correc
45. ction to use and then click Create Virtual Interface In the Create a Virtual Interface pane select Private IN API Version 2013 10 22 18 AWS Direct Connect User Guide Step 5 Create a Virtual Interface Create a Virtual Interface You may choose to create a private or public virtual interface Select the appropriate option below Private A private virtual interface should be used to access an Amazon VPC using private IP addresses Public A public virtual interface can access all AWS public services including EC2 S3 and DynamoDB using public IP addresses Define Your New Private Virtual Interface Enter the name of your virtual interface If you re creating a virtual interface for another account you ll need to provide the other AWS account ID For more information about virtual interface ownership see Hosted Virtual Interfaces in the AWS Direct Connect Getting Started Guide Connection dxcon ffs3dp1s Far East Offices i Interface Name i Interface Owner My AWS Account gt Another AWS Account i VGW vgw e01f67b2 i Enter the VLAN ID if not already supplied by your AWS Direct Connect partner and the IP Addresses for your router interface and the AWS Direct Connect interface VLAN i Auto generate peer IPs y i Before you can use your virtual interface we must establish a BGP session You must provide an ASN for your router You will also need an MD5 key to authenticate the BGP session We can generat
46. d an order for an AWS Direct Connect connection you must create a virtual interface to connect to AWS Direct Connect Public virtual interfaces are used by services such as Amazon S3 and Amazon Glacier that aren t in a VPC Before you begin you need the following information Anew unused VLAN tag that you select A public or private Border Gateway Protocol BGP Autonomous System Number ASN If you are using a public ASN you must own it If you are using a private ASN it must be in the 65000 range Autonomous System AS prepending will not work if you use a private ASN API Version 2013 10 22 16 AWS Direct Connect User Guide Step 5 Create a Virtual Interface w A unique CIDR for your interface IP addresses that does not overlap another CIDR announced via AWS Direct Connect A unique CIDR range to announce via AWS Direct Connect that does not overlap another CIDR announced via AWS Direct Connect Whether this connection will be paired with another AWS Direct Connect connection If this connection will be paired with another AWS Direct Connect connection for redundancy provide the other connection s connection ID which you can find in the AWS Direct Connect console and the pairing model for the connections either active passive failover or active active BGP multipath Verify that the VLAN is not already in use on this AWS Direct Connect connection for another virtual interface Open the AWS Direct Connect cons
47. d the other is on standby If the active connection becomes unavailable all traffic is routed through the passive connection How you configure the connections doesn t affect redundancy but it does affect the policies that determine how your data is routed over both connections We recommend that you configure both connections as active Step 5 Create a Virtual Interface The next step is to provision your virtual interfaces Each virtual interface must be tagged with a customer provided tag that complies with the Ethernet 802 1Q standard This tag is required for any traffic traversing the AWS Direct Connect connection You can provision virtual interface VLAN connections to the AWS cloud Amazon VPC or both To begin using your virtual interface you need to advertise at least one prefix using BGP up to a maximum of 100 prefixes We advertise appropriate Amazon prefixes to you so you can reach either your VPCs or other AWS products You can access all Amazon Web Services prefixes in your region through this connection for example Amazon Elastic Compute Cloud Amazon EC2 Amazon Simple Storage Service Amazon S3 and Amazon com You do not have access to non Amazon prefixes or prefixes outside of your region For the current list of IP prefixes advertised on AWS Direct Connect public connections see the list in the AWS Direct Connect Discussion Forum To provision a virtual interface connection to non VPC services After you have place
48. dTrail p 51 Understanding AWS Direct Connect Log File Entries p 52 AWS Direct Connect Information in CloudTrail If CloudTrail logging is turned on calls made to all AWS Direct Connect actions are captured in log files All of the AWS Direct Connect actions are documented in the AWS Direct Connect AP Reference For example calls to the CreateConnection CreatePrivateVirtuallnterface and DescribeConnections actions generate entries in CloudTrail log files Every log entry contains information about who generated the request For example if a request is made to create a new connection to AWS Direct Connect CreateConnection CloudTrail logs the user identity of the person or service that made the request The user identity information helps you determine whether the request was made with root credentials or AWS Identity and Access Management IAM user credentials with temporary security credentials for a role or federated user or by another service in AWS For more information about CloudTrail fields see CloudTrail Event Reference in the AWS CloudTrail User Guide You can store your log files in your bucket for as long as you want but you can also define Amazon S3 lifecycle rules to archive or delete log files automatically By default your log files are encrypted by using Amazon S3 server side encryption SSE API Version 2013 10 22 51 AWS Direct Connect User Guide Understanding AWS Direct Connect Log File Entries U
49. e one for you or you can supply your own BGP ASN i Auto generate BGP key Y i Under Define Your New Private Virtual Interface do the following a In the Interface Name field enter a name for the virtual interface b In Interface Owner select the My AWS Account option if the virtual interface is for your AWS account ID c In the VGW list select the virtual gateway to connect to d In the VLAN field enter the ID number for your virtual local area network VLAN for example a number between 1 and 4094 e To have AWS generate your router IP address and Amazon IP address select Auto generate peer IPs To specify these IP addresses yourself clear the Auto generate peer IPs check box and then in the Your router peer IP field enter the destination IPv4 CIDR address that Amazon should send traffic to In the Amazon router peer IP field enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services f In the BGP ASN field enter the Border Gateway Protocol BGP Autonomous System Number ASN of your gateway for example a number between 1 and 65534 g Select Auto generate BGP key check box to have AWS generate one To provide your own BGP key clear the Auto generate BGP key check box and then in the BGP Authorization Key field enter your BGP MD5 key Click Continue and then download your router configuration For more information see Step 6 Download Router Configuration p 20 API Ver
50. ect Connect User Guide Step 5 Create a Virtual Interface In the Define Your New Public Virtual Interface dialog box do the following a In the Connection field select an existing physical connection on which to create the virtual interface b In the Interface Name field enter a name for the virtual interface In Interface Owner select the My AWS Account option if the virtual interface is for your AWS account ID d The VLAN field will already be filled in and grayed out e In the Your router peer IP field enter the IPv4 CIDR destination address where traffic should be sent Inthe Amazon router peer IP field enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services In the BGP ASN field enter the Border Gateway Protocol BGP Autonomous System Number ASN of your gateway for example a number between 1 and 65534 Select Auto generate BGP key check box to have AWS generate one To provide your own BGP key clear the Auto generate BGP key check box and then in the BGP Authorization Key field enter your BGP MD5 key Inthe Prefixes you want to advertise field enter the IPv4 CIDR destination addresses separated by commas where traffic should be routed to you over the virtual interface Click Continue and then download your router configuration For more information see Step 6 Download Router Configuration p 28 To provision a private virtual interface to a VPC A
51. equests for cross connect can be submitted by downloading the corresponding order forms at ht tp equinix com careforms Send the completed forms to the Equinix Customer Response ECR team at care forms equinix com Requests for cross connect can be submitted by placing an order at the CoreSite Customer Portal After you complete the form review the order for accuracy and then approve it using the MyCoreSite website Requests for cross connect can be submitted by downloading the corresponding order forms at ht tp equinix com careforms Send the completed forms to the Equinix Customer Response ECR team at care forms equinix com Requests for cross connect can be submitted by contacting Switch SUPERNAP at orders super nap com Requests for cross connect can be submitted by contacting Terremark at implementationbrasil ter remark com Requests for cross connect can be submitted by contacting Eircom at awsorders eircom ie Requests for cross connect can be submitted by contacting the TelecityGroup Network Operations Center at amazon orders telecity com Requests for cross connect can be submitted by downloading the corresponding order forms at ht tp equinix com careforms Send the completed forms to the Equinix Customer Response ECR team at care forms equinix com Requests for cross connect can be submitted by contacting Sinnet at dx order sinnet com cn Requests for cross connect can be submitted by downloading
52. er that aren t in a VPC Before you begin you need the following information wo A new unused VLAN tag that you select A public or private Border Gateway Protocol BGP Autonomous System Number ASN If you are using a public ASN you must own it If you are using a private ASN it must be in the 65000 range Autonomous System AS prepending will not work if you use a private ASN A unique CIDR for your interface IP addresses that does not overlap another CIDR announced via AWS Direct Connect A unique CIDR range to announce via AWS Direct Connect that does not overlap another CIDR announced via AWS Direct Connect Whether this connection will be paired with another AWS Direct Connect connection If this connection will be paired with another AWS Direct Connect connection for redundancy provide the other connection s connection ID which you can find in the AWS Direct Connect console and the pairing model for the connections either active passive failover or active active BGP multipath Verify that the VLAN is not already in use on this AWS Direct Connect connection for another virtual interface Open the AWS Direct Connect console at https console amazonaws cn directconnect In the Connections pane select the connection to use and then click Create Virtual Interface In the Create a Virtual Interface pane select Public Create a Virtual Interface You may choose to create a private or public virtual interface Select t
53. erate peer IPs Y i Before you can use your virtual interface we must establish a BGP session You must provide an ASN for your router You will also need an MD5 key to authenticate the BGP session We can generate one for you or you can supply your own BGP ASN i Auto generate BGP key Y i coca ES Under Define Your New Private Virtual Interface do the following API Version 2013 10 22 38 AWS Direct Connect User Guide Accept a Hosted Virtual Interface a In the Interface Name field enter a name for the virtual interface b In Interface Owner select the Another AWS Account option and then in the Account ID field enter the ID number to associate as the owner of this virtual interface c In the VLAN field enter the ID number for your virtual local area network VLAN for example a number between 1 and 4094 d To have AWS generate your router IP address and Amazon IP address select Auto generate peer IPs To specify these IP addresses yourself clear the Auto generate peer IPs check box and then in the Your router peer IP field enter the destination IPv4 CIDR address that Amazon should send traffic to In the Amazon router peer IP field enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services e In the BGP ASN field enter the Border Gateway Protocol BGP Autonomous System Number ASN of your gateway for example a number between 1 and 65534 f Select the Auto generate BGP key
54. figuration dialog box do the following a In the Vendor list select the manufacturer of your router b In the Platform list select the model of your router c In the Software list select the software version for your router Download Router Configuration x Select the router details Vendor Cisco Systems Inc wi Platform 2900 Series Routers wi Software 105 12 4 i 4 Click Download and then use the appropriate configuration for your router to ensure that you can connect to AWS Direct Connect Cisco API Version 2013 10 22 20 AWS Direct Connect User Guide Step 7 Verify Your Virtual Interface interface GigabitEthernet0 1 no ip address speed 1000 full duplex interface GigabitEthernet0 1 VLAN_NUMBER description direct connect to aws encapsulation dot1Q VLAN_NUMBER ip address IP_ADDRESS router bgp CUSTOMER_BGP_ASN neighbor NEIGHBOR_IP_ADDRESS remote as 7224 neighbor NEIGHBOR_IP_ADDRESS password MD5_key network 0 0 0 0 exit Juniper edit interfaces ge 0 0 1 set description AWS Direct Connect set flexible vlan tagging set mtu 1522 edit unit 0 set vlan id VLAN_ID set family inet mtu 1500 set family inet address IP_ADDRESS exit exit edit protocols bgp group ebgp set type external set authentication key MD5_KEY set peer as 7224 set neighbor NEIGHBOR IP ADDRESS Step 7 Verify Your Virtual Interface
55. following conditions e Your network is colocated with an existing AWS Direct Connect location For more information on available AWS Direct Connect locations go to http www amazonaws cn directconnect You are working with an AWS Direct Connect partner who is a member of the AWS Partner Network APN For a list of AWS Direct Connect partners who can help you connect go to htip www amazonaws cn directconnect You are working with an independent service provider to connect to AWS Direct Connect In addition your network must meet the following conditions Connections to AWS Direct Connect require single mode fiber 1000BASE LX 1310nm for 1 gigabit Ethernet or 1OGBASE LR 1310nm for 10 gigabit Ethernet You must support 802 1Q VLANs across these connections Your network must support Border Gateway Protocol BGP and BGP MD5 authentication Optionally you may configure Bidirectional Forwarding Detection BFD To connect to Amazon Virtual Private Cloud Amazon VPC you must first do the following Provide a private Autonomous System Number ASN Amazon allocates a private IP address in the 169 x x x range to you API Version 2013 10 22 1 AWS Direct Connect User Guide AWS Direct Connect Limits Create a virtual private gateway and attach it to your VPC For more information about creating a virtual private gateway see Adding a Hardware Virtual Private Gateway to Your VPC in the Amazon VPC User Gu
56. fter you have placed an order for an AWS Direct Connect connection you must create a virtual interface to use to connect to AWS Direct Connect When you create a private virtual interface to a VPC you ll need a private virtual interface for each VPC you want to connect to e g You ll need three private virtual interfaces to connect to three VPCs Before you begin you need the following additional information A new unused VLAN tag that you select Pe Ne A public or private BGP ASN If you are using a public ASN you must own it If you are using a private ASN it must be in the 65000 range The network prefixes to advertise Any advertised prefix must include only your ASN in the BGP AS PATH The virtual private gateway to connect to For more information about creating a virtual private gateway see Adding a Hardware Virtual Private Gateway to Your VPC in the Amazon VPC User Guide Verify that the VLAN is not already in use on this connection Open the AWS Direct Connect console at https console amazonaws cn directconnect In the Connections pane select the connection to use and then click Create Virtual Interface In the Create a Virtual Interface pane select Private API Version 2013 10 22 26 AWS Direct Connect User Guide Step 5 Create a Virtual Interface Create a Virtual Interface You may choose to create a private or public virtual interface Select the appropriate option below Private A private virtua
57. he appropriate option below 5 Private A private virtual interface should be used to access an Amazon VPC using private IP addresses 9 Public A public virtual interface can access all AWS public services including EC2 S3 and DynamoDB using public IP addresses Define Your New Public Virtual Interface Enter the name of your virtual interface If you re creating a virtual interface for another account you ll need to provide the other AWS account ID For more information about virtual interface ownership see Hosted Virtual Interfaces in the AWS Direct Connect Getting Started Guide Connection dxcon ffs3dp1s Far East Offices i Interface Name i Interface Owner My AWS Account Another AWS Account i Enter the VLAN ID if not already supplied by your AWS Direct Connect partner and the IP Addresses for your router interface and the AWS Direct Connect interface VLAN i Your router peer IP i Amazon router peer IP i Before you can use your virtual interface we must establish a BGP session You must provide an ASN for your router and any prefixes you would like to announce to AWS You will also need an MD5 key to authenticate the BGP session We can generate one for you or you can supply your own BGP ASN i Auto generate BGP key V i Prefixes you want to advertise i It may take up to 72 hours to verify that your IP prefixes are valid for use with Direct Connect cae API Version 2013 10 22 25 AWS Dir
58. ice that meets requirements Yes service provider to establish a cross connect Venfy cabling with service provider Tur device on activate port Ask Service Provider On your device Has on site to turn off Auto turn off Auto cabling been Negotiation set to Negotiation set to verified Full Duplex and set Full Duplex and set to correct speed Work with your Can you ping the Amazon IP address 2 Check firewall settings Is BGP Check BGP password established provided by AWS Public verify BGP routing policy Are you receiving AWS Private verify en route table s security groups and ACLs Open a support ticket with AWS support and include your connection ID from your LOA API Version 2013 10 22 59 AWS Direct Connect User Guide Troubleshooting a Remote Connection to AWS Direct Connect Troubleshooting a Remote Connection to AWS Direct Connect You can use the following tasks to diagnose troubleshoot and repair a faulty connection to AWS Direct Connect when connecting remotely through a service provider To see these tasks in a flow chart see Flow Chart Troubleshooting a Remote Connection to AWS Direct Connect p 58 1 2 Verify that your device is supported by AWS Direct Connect If not get a device that meets the AWS Direct Connect requirements For more information see What is AWS Direct Connect p 1 Verify that your AWS Direct
59. ide To connect to public AWS products such as Amazon EC2 and Amazon S3 you need to provide the following A public ASN that you own preferred or Public IP addresses 31 that is one for a private ASN each end of the BGP session for each BGP session If you do not have public IP addresses to assign to this connection log on to AWS and then open a ticket with AWS Support The public routes that you will advertise over BGP AWS Direct Connect Limits The following table lists the limits related to AWS Direct Connect Unless indicated otherwise you can request an increase for any of these limits by using the Amazon VPC Limits form Component Limit Comments Virtual interfaces per AWS Direct Connect 50 This limit can be increased upon request connection Active AWS Direct Connect connections per 10 This limit can be increased upon request region per account Routes per Border Gateway Protocol BGP 100 This limit cannot be increased session How Do How Dol Get a general product overview and in formation about pricing Sign up for AWS Direct Connect and configure a connection Work with AWS Direct Connect connec tions Calculate monthly costs Troubleshoot issues with AWS Direct Connect Relevant Topics AWS Direct Connect product information Getting Started at an AWS Direct Connect Location p 3 Working With AWS Direct Connect Connections p 31 Calculating AWS D
60. iguration for your router to ensure that you can connect to AWS Direct Connect Cisco API Version 2013 10 22 28 AWS Direct Connect User Guide Step 7 Verify Your Virtual Interface interface GigabitEthernet0 1 no ip address speed 1000 full duplex interface GigabitEthernet0 1 VLAN_NUMBER description direct connect to aws encapsulation dot1Q VLAN_NUMBER ip address IP_ADDRESS router bgp CUSTOMER_BGP_ASN neighbor NEIGHBOR_IP_ADDRESS remote as 7224 neighbor NEIGHBOR_IP_ADDRESS password MD5_key network 0 0 0 0 exit Juniper edit interfaces ge 0 0 1 set description AWS Direct Connect set flexible vlan tagging set mtu 1522 edit unit 0 set vlan id VLAN_ID set family inet mtu 1500 set family inet address IP_ADDRESS exit exit edit protocols bgp group ebgp set type external set authentication key MD5_KEY set peer as 7224 set neighbor NEIGHBOR IP ADDRESS Step 7 Verify Your Virtual Interface After you have established virtual interfaces to the AWS cloud or to Amazon VPC you can verify your AWS Direct Connect connections using the following procedures To verify your virtual interface connection to the AWS cloud Run traceroute and verify that the AWS Direct Connect identifier is in the network trace To verify your virtual interface connection to Amazon VPC 1 Using a pingable AMI such as one of the Amazon Linux AMls launch an
61. irect Connect Monthly Costs p 47 Troubleshooting AWS Direct Connect p 56 API Version 2013 10 22 2 AWS Direct Connect User Guide Getting Started at an AWS Direct Connect Location Getting Started with AWS Direct Connect You can get started using AWS Direct Connect by choosing the scenario below that is appropriate for your environment Topics Getting Started at an AWS Direct Connect Location p 3 Getting Started with a Partner or Network Carrier p 12 Getting Started with a Sub 1G AWS Direct Connect Partner p 22 Getting Started at an AWS Direct Connect Location You can get started using AWS Direct Connect by completing the steps shown in the following table Step 1 Sign Up for Amazon Web Services p 3 Step 2 Submit AWS Direct Connect Connection Request p 4 Step 3 Complete the Cross Connect p 6 optional Step 4 Configure Redundant Connections with AWS Direct Connect p 6 Step 5 Create a Virtual Interface p 7 Step 6 Download Router Configuration p 10 Step 7 Verify Your Virtual Interface p 12 Step 1 Sign Up for Amazon Web Services To use AWS Direct Connect you need an AWS account if you don t already have one API Version 2013 10 22 3 AWS Direct Connect User Guide Step 2 Submit AWS Direct Connect Connection Request To sign up for an Amazon Web Services account 1 Open http www amazonaws cn and then click Sig
62. ity between your data center and AWS will be provided by partner BI understand that Direct Connect port charges apply once click Accept Connection pecine act 5 Select understand that Direct Connect port charges apply once I click Accept This Connection and then click Accept Connection API Version 2013 10 22 23 AWS Direct Connect User Guide optional Step 4 Configure Redundant Connections with AWS Direct Connect optional Step 4 Configure Redundant Connections with AWS Direct Connect To provide for failover we recommend that you request and configure two dedicated connections to AWS as shown in the following figure These connections can terminate on one or two routers in your network CD VPC AWS Pirect Connect Router 2 AWS Direct C nnect Router 1 Router Customer Network There are different configuration choices available when you provision two dedicated connections Active Active BGP multipath Network traffic is load balanced across both connections If one connection becomes unavailable all traffic is routed through the other This is the default configuration Active Passive failover One connection is handling traffic and the other is on standby If the active connection becomes unavailable all traffic is routed through the passive connection How you configure the connections doesn t affect redundancy but it does affect the policies that determine how your da
63. ivate down Name Tokyo VLAN 1 ID dxvif figbem54w BGP ASN 1 Type private BGP Auth Key vKOsuoyD60ySPLESOOWh8N9H State down Amazon Peer IP 169 254 251 5 30 Connection dxcon fgtose4q Your Peer IP 169 254 251 6 30 Location EqSG2 Virtual Gateway vgw e01f67b2 Download Router Configuration Delete a Virtual Interface Before you can delete a connection you must delete its virtual interface The number of virtual interfaces configured on a connection is listed in the VIs column in the Connection pane Deleting a virtual interface stops AWS Direct Connect data transfer charges associated with the virtual interface To delete a virtual interface 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 If necessary change the region From the navigation bar select the region that meets your needs For more information see Regions and Endpoints API Version 2013 10 22 36 AWS Direct Connect User Guide Create a Hosted Virtual Interface US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo 3 Inthe navigation pane click Virtual Interfaces 4 Inthe Virtual Interfaces pane select a virtual interface and then click Delete Virtual Interface Create Virtual Interface Delete Virtual Interface SS oe Filter Q Search for a Virtual Interface X
64. l interface should be used to access an Amazon VPC using private IP addresses Public A public virtual interface can access all AWS public services including EC2 S3 and DynamoDB using public IP addresses Define Your New Private Virtual Interface Enter the name of your virtual interface If you re creating a virtual interface for another account you ll need to provide the other AWS account ID For more information about virtual interface ownership see Hosted Virtual Interfaces in the AWS Direct Connect Getting Started Guide Connection dxcon ffs3dp1s Far East Offices i Interface Name i Interface Owner My AWS Account gt Another AWS Account i VGW vgw e01f67b2 i Enter the VLAN ID if not already supplied by your AWS Direct Connect partner and the IP Addresses for your router interface and the AWS Direct Connect interface VLAN i Auto generate peer IPs y i Before you can use your virtual interface we must establish a BGP session You must provide an ASN for your router You will also need an MD5 key to authenticate the BGP session We can generate one for you or you can supply your own BGP ASN i Auto generate BGP key Y i Under Define Your New Private Virtual Interface do the following a In the Interface Name field enter a name for the virtual interface b In Interface Owner select the My AWS Account option if the virtual interface is for your AWS account ID c In the VGW list select the virtual gateway
65. n Up 2 Follow the on screen instructions Part of the sign up procedure involves receiving a phone call and entering a PIN using the phone keypad Step 2 Submit AWS Direct Connect Connection Request You can submit a connection request using the AWS Direct Connect console You need to provide the following information Your contact information The AWS Direct Connect Location to connect to Work with a partner in the AWS Partner Network APN to help you establish network circuits between an AWS Direct Connect location and your data center office or colocation environment or to provide colocation space within the same facility as the AWS Direct Connect location APN partners supporting AWS Direct Connect also provide connections for less than 1G For the list of AWS Direct Connect partners who belong to the AWS Partner Network APN go to http www amazonaws cn direciconnect partners Whether you need the services of an AWS Direct Connect partner who is a member of the AWS Partner Network APN The port speed you require either 1 Gbps or 10 Gbps For port speeds less than 1G contact an APN partner who supports AWS Direct Connect AWS Direct Connect supports two port speeds 1 Gbps 1000BASE LX 1310nm over single mode fiber and 10 Gbps 10GBASE LR 1310nm over single mode fiber Select a port speed compatible with your existing network To create a new AWS Direct Connect connection 1 Open the AWS Direct Connect c
66. nderstanding AWS Direct Connect Log File Entries CloudTrail log files can contain one or more log entries composed of multiple JSON formatted events A log entry represents a single request from any source and includes information about the requested action any input parameters the date and time of the action and so on The log entries do not appear in any particular order That is they do not represent an ordered stack trace of the public API calls The following log file record shows that a user called the CreateConnection action Records eventVersion 1 0 userIdentity type IAMUser principalld EX_PRINCIPAL_ID arn arn aws iam 123456789012 user Alice accountId 123456789012 accessKeyId EXAMPLE_KEY_ID userName Alice sessionContext attributes mfaAuthenticated false creationDate 2014 04 04T12 23 052 hy eventTime 2014 04 04T17 28 162 eventSource directconnect amazonaws com eventName CreateConnection awsRegion us west 2 sourcelPAddress 127 0 0 1 userAgent Coral Jakarta requestParameters location EqSE2 connectionName MyExampleConnection bandwidth 1Gbps Y responseElements location EqSE2 region us west 2 connectionState requested bandwidth 1Gbps ownerAccount 123456789012 connectionld dxcon fhajolyy connectionName My
67. nection dialog box click Delete Accept a Hosted Connection If you are interested in purchasing a hosted connection you must contact a partner in the AWS Partner Network APN The partner provisions the connection for you After the connection is configured it appears in the Connections pane in the AWS Direct Connect console Before you can begin using a hosted connection you must accept the connection To accept a hosted connection 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 If necessary change the region From the navigation bar select the region that meets your needs For more information see Regions and Endpoints US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo 3 In the navigation pane click Connections API Version 2013 10 22 33 AWS Direct Connect User Guide Accept a Hosted Connection 4 Inthe Connections pane select a connection and then click the arrow to expand details about the connection Create Virtual Interface Delete Connection o 0 Filter Q Search for a Connection Xx Viewing 3 of 3 Connections Provided By Name Location Bandwidthy Vis State y gt Amazon Web Services Far East Offices Equinix SG2 Singapore 1Gbps 0 down Amazon Web Services Tokyo Office Equinix SG2 Singapore 1Gbps 2 down
68. o advertise at least one prefix using BGP up to a maximum of 100 prefixes We advertise appropriate Amazon prefixes to you so you can reach either your VPCs or other AWS products You can access all Amazon Web Services prefixes in your region through this connection for example Amazon Elastic Compute Cloud Amazon EC2 Amazon Simple Storage Service Amazon 3 and Amazon com You do not have access to non Amazon prefixes or prefixes outside of your region For the current list of IP prefixes advertised on AWS Direct Connect public connections see the list in the AWS Direct Connect Discussion Forum To provision a virtual interface connection to non VPC services After you have placed an order for an AWS Direct Connect connection you must create a virtual interface to connect to AWS Direct Connect Public virtual interfaces are used by services such as Amazon S3 and Amazon Glacier that aren t in a VPC Before you begin you need the following information A new unused VLAN tag that you select A public or private Border Gateway Protocol BGP Autonomous System Number ASN If you are using a public ASN you must own it If you are using a private ASN it must be in the 65000 range Autonomous System AS prepending will not work if you use a private ASN A unique CIDR for your interface IP addresses that does not overlap another CIDR announced via AWS Direct Connect A unique CIDR range to announce via AWS Direct Connect that does not
69. ole at https console amazonaws cn directconnect In the Connections pane select the connection to use and then click Create Virtual Interface In the Create a Virtual Interface pane select Public Create a Virtual Interface You may choose to create a private or public virtual interface Select the appropriate option below D Private A private virtual interface should be used to access an Amazon VPC using private IP addresses 9 Public A public virtual interface can access all AWS public services including EC2 S3 and DynamoDB using public IP addresses Define Your New Public Virtual Interface Enter the name of your virtual interface If you re creating a virtual interface for another account you ll need to provide the other AWS account ID For more information about virtual interface ownership see Hosted Virtual Interfaces in the AWS Direct Connect Getting Started Guide Connection dxcon ffs3dp1s Far East Offices i Interface Name i Interface Owner My AWS Account Another AWS Account i Enter the VLAN ID if not already supplied by your AWS Direct Connect partner and the IP Addresses for your router interface and the AWS Direct Connect interface VLAN i Your router peer IP i Amazon router peer IP i Before you can use your virtual interface we must establish a BGP session You must provide an ASN for your router and any prefixes you would like to announce to AWS You will also need an MD5 key to authentic
70. on in Seattle serving the US West Oregon Region Added a topic about using AWS Identity and Access Management 2012 12 21 with AWS Direct Connect For more information see Using AWS Identity and Access Management with AWS Direct Connect p 45 Updated topics to include the addition of the new AWS Direct Connect 2012 12 14 location serving the Asia Pacific Sydney Region Replaced the AWS Direct Connect Getting Started Guide with the 2012 08 13 AWS Direct Connect User Guide Added new topics to cover the new AWS Direct Connect console added a billing topic added router configuration information and updated topics to include the addition of two new AWS Direct Connect locations serving the US East N Virginia and South America Sao Paulo Regions Added a new troubleshooting section and updated topics to include 2012 01 10 the addition of four new AWS Direct Connect locations serving the US West Northern California EU Ireland Asia Pacific Singapore and Asia Pacific Tokyo Regions Updated topics to include the addition of the US West Northern 2011 09 08 California Region API Version 2013 10 22 63 AWS Direct Connect User Guide Change Description Release Date Public release The first release of AWS Direct Connect 2011 08 03 API Version 2013 10 22 64 AWS Direct Connect User Guide AWS Glossary For the latest AWS terminology see the AWS Glossary in the AWS General Reference
71. onsole at https console amazonaws cn directconnect 2 Select the region that you would like to connect to AWS Direct Connect From the navigation bar select the region that meets your needs For more information see Regions and Endpoints US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo 3 Onthe Welcome to AWS Direct Connect screen click Get Started with Direct Connect API Version 2013 10 22 4 AWS Direct Connect User Guide Step 2 Submit AWS Direct Connect Connection Request Direct Connect Home Welcome to AWS Direct Connect 4 Connections i 7 y a x AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS Virtual Interfaces Using AWS Direct Connect you can establish private connectivity between AWS and your datacenter office or colocation environment which in many cases can reduce your network costs increase bandwidth throughput and provide a more consistent network experience than Internet based connections Get Started With Direct Connect Direct Connect at a Glance Select a Location and Connect Your Configure Virtual Order a Connection Network to AWS Interfaces AWS Direct Connect locations You can connect your data Virtual Interfaces allow you to allow you to establish a center office or colocation access all AWS
72. overlap another CIDR announced via AWS Direct Connect Whether this connection will be paired with another AWS Direct Connect connection If this connection will be paired with another AWS Direct Connect connection for redundancy provide the other connection s connection ID which you can find in the AWS Direct Connect console and the pairing model for the connections either active passive failover or active active BGP multipath 1 Verify that the VLAN is not already in use on this AWS Direct Connect connection for another virtual interface 2 Open the AWS Direct Connect console at https console amazonaws cn directconnect In the Connections pane select the connection to use and then click Create Virtual Interface In the Create a Virtual Interface pane select Public gt 0 API Version 2013 10 22 7 AWS Direct Connect User Guide Step 5 Create a Virtual Interface Create a Virtual Interface You may choose to create a private or public virtual interface Select the appropriate option below 5 Private A private virtual interface should be used to access an Amazon VPC using private IP addresses Public A public virtual interface can access all AWS public services including EC2 S3 and DynamoDB using public IP addresses Define Your New Public Virtual Interface Enter the name of your virtual interface If you re creating a virtual interface for another account you ll need to provide the other AWS account ID Fo
73. peer IP field enter the destination IPv4 CIDR address that Amazon should send traffic to In the Amazon router peer IP field enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services f In the BGP ASN field enter the Border Gateway Protocol BGP Autonomous System Number ASN of your gateway for example a number between 1 and 65534 g Select Auto generate BGP key check box to have AWS generate one To provide your own BGP key clear the Auto generate BGP key check box and then in the BGP Authorization Key field enter your BGP MD5 key 6 Click Continue and then download your router configuration For more information see Step 6 Download Router Configuration p 10 Note If you use the VPC wizard to create a VPC route propagation is automatically enabled for you For more information on enabling route propagation see Enable Route Propagation in Your Route Table in the Amazon VPC User Guide With route propagation routes are automatically populated to the route tables in your VPC If you choose you can disable route propagation Step 6 Download Router Configuration After you have created a virtual interface for your AWS Direct Connect connection you can download the router configuration file To download router configuration 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 Inthe Virtual Interfaces pane select a virtual interface click the arrow to show mo
74. r more information about virtual interface ownership see Hosted Virtual Interfaces in the AWS Direct Connect Getting Started Guide Connection dxcon ffs3dp1s Far East Offices i Interface Name i Interface Owner My AWS Account Another AWS Account i Enter the VLAN ID if not already supplied by your AWS Direct Connect partner and the IP Addresses for your router interface and the AWS Direct Connect interface VLAN i Your router peer IP i Amazon router peer IP i Before you can use your virtual interface we must establish a BGP session You must provide an ASN for your router and any prefixes you would like to announce to AWS You will also need an MD5 key to authenticate the BGP session We can generate one for you or you can supply your own BGP ASN i Auto generate BGP key Y i Prefixes you want to advertise i It may take up to 72 hours to verify that your IP prefixes are valid for use with Direct Connect In the Define Your New Public Virtual Interface dialog box do the following a In the Connection field select an existing physical connection on which to create the virtual interface b In the Interface Name field enter a name for the virtual interface c In Interface Owner select the My AWS Account option if the virtual interface is for your AWS account ID In the VLAN field enter the ID number for your virtual local area network VLAN for example a number between 1 and 4094
75. re details and then click Download Router Configuration API Version 2013 10 22 10 AWS Direct Connect User Guide Step 6 Download Router Configuration Create Virtual Interface Delete Virtual Interface a o e Filter Q Search for a Virtual Interface x Viewing 3 of 3 Virtual Interfaces Name ID Connection VLAN Type State v o v Tokyo dxvif igbem54w dxcon fgtose4q 1 private down Name Tokyo VLAN 1 ID dxvif igbem54w BGP ASN 1 Type private BGP Auth Key vKOsuoyD60y5PLESOOWh8N9H State down Amazon Peer IP 169 254 251 5 30 Connection dxcon fgtose4q Your Peer IP 169 254 251 6 30 Location EqsG2 Virtual Gateway vgw e01f67b2 Download Router Configuration In the Download Router Configuration dialog box do the following a In the Vendor list select the manufacturer of your router b In the Platform list select the model of your router c In the Software list select the software version for your router Download Router Configuration x Select the router details Vendor Cisco Systems Inc wi Platform 2900 Series Routers wi Software 105 12 4 i Click Download and then use the appropriate configuration for your router to ensure that you can connect to AWS Direct Connect Cisco interface GigabitEthernet0 1 no ip address speed 1000 full duplex T interface GigabitEthernet0 1 VLAN_NUMBER description direct connect to aws encapsulation dot1Q VLAN_NUMBER ip address IP_ADD
76. rmation about our copyright and trademark your account license and site access and other topics API Version 2013 10 22 61 AWS Direct Connect User Guide Document History API version 2012 10 25 Latest document update April 14 2015 The following table describes the important changes since the last release of the AWS Direct Connect User Guide Change Support for the new Beijing location in the China Beijing Region Support for the new Las Ve gas location in the US West Oregon Re gion Support for the new EU Frankfurt Re gion New Getting Started Topics Support for the new locations in the Asia Pa cific Sydney Region Description Updated topics to include the addition of the new Beijing location in the China Beijing Region Updated topics to include the addition of the new AWS Direct Connect Las Vegas location in the US West Oregon Region Updated topics to include the addition of the new AWS Direct Connect locations serving the EU Frankfurt Region Added two new getting started topics to cover AWS Direct Connect partners network carriers and sub 1G partners For more informa tion see Getting Started with a Partner or Network Carrier p 12 and Getting Started with a Sub 1G AWS Direct Connect Part ner p 22 Updated topics to include the addition of the new AWS Direct Connect locations serving the Asia Pacific Sydney Region Release Date 2015 04 1
77. sion 2013 10 22 19 AWS Direct Connect User Guide Step 6 Download Router Configuration Note If you use the VPC wizard to create a VPC route propagation is automatically enabled for you For more information on enabling route propagation see Enable Route Propagation in Your Route Table in the Amazon VPC User Guide With route propagation routes are automatically populated to the route tables in your VPC If you choose you can disable route propagation Step 6 Download Router Configuration After you have created a virtual interface for your AWS Direct Connect connection you can download the router configuration file To download router configuration 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 Inthe Virtual Interfaces pane select a virtual interface click the arrow to show more details and then click Download Router Configuration Create Virtual Interface Delete Virtual Interface 7 o Filter Q Search for a Virtual Interface x Viewing 3 of 3 Virtual Interfaces Name ID Connection VLAN Type State y o v Tokyo dxvif igbem54w dxcon fgtose4q 1 private down Name Tokyo VLAN 1 ID dxvif fgbem54w BGP ASN 1 Type private BGP Auth Key vKOsuoyD60y5PLESOOWhS8N9H State down Amazon Peer IP 169 254 251 5 30 Connection dxcon fgtose4q Your Peer IP 169 254 251 6 30 Location EqSG2 Virtual Gateway vgw e01f67b2 Download Router Configuration 3 Inthe Download Router Con
78. t Router 1 Router Customer Network There are different configuration choices available when you provision two dedicated connections Active Active BGP multipath Network traffic is load balanced across both connections If one connection becomes unavailable all traffic is routed through the other This is the default configuration Active Passive failover One connection is handling traffic and the other is on standby If the active connection becomes unavailable all traffic is routed through the passive connection You will need to AS path prepend the routes on one of your links for it to be the passive link API Version 2013 10 22 6 AWS Direct Connect User Guide Step 5 Create a Virtual Interface How you configure the connections doesn t affect redundancy but it does affect the policies that determine how your data is routed over both connections We recommend that you configure both connections as active You ll configure your BGP information in Step 5 Create a Virtual Interface below Step 5 Create a Virtual Interface The next step is to provision your virtual interfaces Each virtual interface must be tagged with a customer provided tag that complies with the Ethernet 802 1Q standard This tag is required for any traffic traversing the AWS Direct Connect connection You can provision virtual interface VLAN connections to the AWS cloud Amazon VPC or both To begin using your virtual interface you need t
79. t you can establish private connectivity between AWS and your datacenter office or colocation environment which in many cases can reduce your network costs increase bandwidth throughput and provide a more consistent network experience than Internet based connections Configure Virtual Interfaces Virtual Interfaces allow you to access all AWS services Create a Public Virtual Interface for public services like Amazon EC2 and Amazon S3 or use a Private Virtual Interface to connect to you VPC API Version 2013 10 22 14 AWS Direct Connect User Guide Step 3 Send Your Network Provider the LOA and Request That They Order a Cross Connect for You Create a Connection You are currently operating in Asia Pacific Singapore Use the region selector to change to another AWS region To begin name your new Connection select the AWS Direct Connect location in Asia Pacific Singapore where you would like to connect and the port speed you are requesting If these choices don t fit your use case contact one of our partners for other options to connect Connection Name i Location Equinix SG2 Singapore i Port Speed 1Gbps gt 10Gbps i cae a In the Connection Name field type a name for the connection b In the Location list select the appropriate AWS Direct Connect location Note If you don t have equipment at an AWS Direct Connect location click contact one of our partners c Select the appropriate port speed
80. t speed If you cannot ping the Amazon IP address verify that the interface IP address is in the VLAN you provided to Amazon Web Services and then verify your firewall settings If you still cannot connect to AWS Direct Connect open a support ticket with AWS support for assistance and include the original ticket number from your letter of authorization LOA If you cannot establish Border Gateway Protocol BGP after verifying the password provided by Amazon open a support ticket with AWS support for assistance and include the original ticket number from your LOA If you are not receiving Amazon routes and you cannot verify public BGP routing policy private route table security groups or access control lists ACLs open a support ticket with AWS support and include your connection ID from your LOA Flow Chart Troubleshooting a Remote Connection to AWS Direct Connect You can use the following flow chart to diagnose troubleshoot and repair a faulty connection to AWS Direct Connect when connecting remotely through a service provider For a text based version of this flow chart see Troubleshooting a Remote Connection to AWS Direct Connect p 60 API Version 2013 10 22 58 AWS Direct Connect User Guide Flow Chart Troubleshooting a Remote Connection to AWS Direct Connect Tasks in this box are the responsibility of both AWS Direct Connect the AWS customer and service provider isn t working Get a dev
81. ta is routed over both connections We recommend that you configure both connections as active AWS will treat return traffic on those links as Active Active Step 5 Create a Virtual Interface The next step is to provision your virtual interface You can only create a single virtual interface on a hosted connection You can provision a virtual interface VLAN connection to the public AWS cloud or to Amazon VPC To begin using your virtual interface you need to advertise at least one prefix using BGP up to a maximum of 100 prefixes We advertise appropriate Amazon prefixes to you so you can reach either your VPCs or other AWS products You can access all Amazon Web Services prefixes in your region through this connection for example Amazon Elastic Compute Cloud Amazon EC2 Amazon Simple Storage Service Amazon S3 and Amazon com You do not have access to non Amazon prefixes or prefixes outside of your region For the current list of IP prefixes advertised on AWS Direct Connect public connections see the list in the AWS Direct Connect Discussion Forum API Version 2013 10 22 24 AWS Direct Connect User Guide Step 5 Create a Virtual Interface To provision a public virtual interface connection to non VPC services After you have placed an order for an AWS Direct Connect connection you must create a virtual interface to connect to AWS Direct Connect Public virtual interfaces are used by services such as Amazon S3 and Amazon Glaci
82. terface To accept a hosted connection 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 If necessary change the region From the navigation bar select the region that meets your needs For more information see Regions and Endpoints US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo 3 In the navigation pane click Connections 4 Inthe Connections pane select a connection and then click the arrow to expand details about the connection Create Connection Create Virtual Interface Filter Q Search for a Connection Provided By gt Amazon Web Services Amazon Web Services AnyCompany Hosting Connection Name Type Location Provided By State Delete Connection x Name gt Location v Far East Offices Equinix SG2 Singapore Tokyo Office Equinix SG2 Singapore Demo Hosted Connection Demo Hosted Connection Hosted Connection Equinix SG2 Singapore AnyCompany Hosting pending acceptance Equinix SG2 Singapore Connection ID o Viewing 3 of 3 Connections Bandwidth Vlis State v 1Gbps 0 down 1Gbps 2 down 50Mbps 0 pending acceptance dxcon fh6ajycc Port Speed 50Mbps VLAN Assigned 100 Virtual Interfaces 0 Before this connection can be active and used you must accept it If you accept connectiv
83. the corresponding order forms at ht tp equinix com careforms Send the completed forms to the Equinix Customer Response ECR team at care forms equinix com Requests for cross connect can be submitted by downloading the corresponding order forms at ht tp equinix com careforms Send the completed forms to the Equinix Customer Response ECR team at care forms equinix com API Version 2013 10 22 43 AWS Direct Connect User Guide Location Equinix Sydney Equinix SY3 Global Switch Global Switch SY6 Region Served Asia Pacific Sydney Asia Pacific Sydney How to Request Connection Requests for cross connect can be submitted by downloading the corresponding order forms at ht tp equinix com careforms Send the completed forms to the Equinix Customer Response ECR team at care forms equinix com Requests for cross connect can be submitted by contacting Global Switch at salessydney glob alswitch com API Version 2013 10 22 44 AWS Direct Connect User Guide No AWS Direct Connect ARNs Using AWS Identity and Access Management with AWS Direct Connect You can use AWS Identity and Access Management with AWS Direct Connect to specify which AWS Direct Connect actions a user under your Amazon Web Services account can perform For example you could create an IAM policy that gives only certain users in your organization permission to use the DescribeConnections action to retrieve data about
84. tion A new unused VLAN tag that you select A public or private BGP ASN If you are using a public ASN you must own it If you are using a private ASN it must be in the 65000 range The network prefixes to advertise Any advertised prefix must include only your ASN in the BGP AS PATH The virtual private gateway to connect to For more information about creating a virtual private gateway see Adding a Hardware Virtual Private Gateway to Your VPC in the Amazon VPC User Guide Verify that the VLAN is not already in use on this connection Open the AWS Direct Connect console at htips console amazonaws cn directconnect In the Connections pane select the connection to use and then click Create Virtual Interface In the Create a Virtual Interface pane select Private PON Create a Virtual Interface You may choose to create a private or public virtual interface Select the appropriate option below Private A private virtual interface should be used to access an Amazon VPC using private IP addresses gt Public A public virtual interface can access all AWS public services including EC2 S3 and DynamoDB using public IP addresses Define Your New Private Virtual Interface Enter the name of your virtual interface If you re creating a virtual interface for another account you ll need to provide the other AWS account ID For more information about virtual interface ownership see Hosted Virtual Interfaces in the
85. tions pane select the connection to add a virtual interface to and then click Create Virtual Interface Create Virtual Interface Delete Connection o 12 Filter Q Search for a Connection x Viewing 3 of 3 Connections Provided By gt Name Location Bandwidthy Vis State v gt Amazon Web Services Far East Offices Equinix SG2 Singapore 1Gbps 0 down On the Create a Virtual Interface screen select the Private option Create a Virtual Interface You may choose to create a private or public virtual interface Select the appropriate option below Private A private virtual interface should be used to access an Amazon VPC using private IP addresses Public A public virtual interface can access all AWS public services including EC2 3 and DynamoDB using public IP addresses Define Your New Private Virtual Interface Enter the name of your virtual interface If you re creating a virtual interface for another account you ll need to provide the other AWS account ID For more information about virtual interface ownership see Hosted Virtual Interfaces in the AWS Direct Connect Getting Started Guide Connection dxcon ffs3dp1s Far East Offices i Interface Name i Interface Owner My AWS Account 9 Another AWS Account i Account ID i Enter the VLAN ID if not already supplied by your AWS Direct Connect partner and the IP Addresses for your router interface and the AWS Direct Connect interface VLAN i Auto gen
86. tp www amazonaws cn and then click Sign Up 2 Follow the on screen instructions Part of the sign up procedure involves receiving a phone call and entering a PIN using the phone keypad Step 2 Submit AWS Direct Connect Connection Request You can submit a connection request using the AWS Direct Connect console You need to provide the following information Your contact information The AWS Direct Connect Location to connect to Work with a partner in the AWS Partner Network APN to help you establish network circuits between an AWS Direct Connect location and your data center office or colocation environment or to provide colocation space within the same facility as the AWS Direct Connect location APN partners supporting AWS Direct Connect also provide connections for less than 1G For the list of AWS Direct Connect partners who belong to the AWS Partner Network APN go to http www amazonaws cn direciconnect partners Whether you need the services of an AWS Direct Connect partner who is a member of the AWS Partner Network APN The port speed you require either 1 Gbps or 10 Gbps For port speeds less than 1G contact an APN partner who supports AWS Direct Connect AWS Direct Connect supports two port speeds 1 Gbps 1000BASE LX 1310nm over single mode fiber and 10 Gbps 10GBASE LR 1310nm over single mode fiber Select a port speed compatible with your existing network To create a new AWS Direct Connect connection
87. tuallnterfaceType private tasa I routeFilterPrefixes virtuallnterfaceName MyVirtuallnterface virtuallnterfaceState pending customerAddress PROTECTED vlan 3 E23 ownerAccount 123456789012 amazonAddress PROTECTED connectionId dxcon fhajolyy location EqSE2 hy additional entries API Version 2013 10 22 53 AWS Direct Connect User Guide Understanding AWS Direct Connect Log File Entries The following log file record shows that a user called the DescribeConnections action Records eventVersion 1 0 userIdentity type IAMUser principalld EX_PRINCIPAL_ID arn arn aws iam 123456789012 user Alice accountId 123456789012 accessKeyId EXAMPLE_KEY_ID userName Alice sessionContext attributes mfaAuthenticated false creationDate 2014 04 04T12 23 052 eventTime 2014 04 04T17 27 282 eventSource directconnect amazonaws com eventName DescribeConnections awsRegion us west 2 sourcelPAddress 127 0 0 1 userAgent Coral Jakarta requestParameters null responseElements null hy additional entries The following log file record shows that a user called the DescribeVirtuallnterfaces action Records eventVersion 1 0 userIdentity type IAMUser principalld EX_PRINCIPAL_ID
88. x Viewing 3 of 3 Virtual Interfaces Name ID Connection VLAN Type State _ gt Tokyo dxvif fgbems4w dxcon fgtose4q 1 private down Tokyo Office dxvif fihgiqd2 dxcon fgtose4q 2 private down gt Hosted 1 dxvif fgvb6c8r dxcon fg6gb0ef 104 private pending acceptance 5 Inthe Delete Virtual Interface dialog box click Delete Create a Hosted Virtual Interface You can create a public or private hosted virtual interface For any hosted Virtual Interface you will need a new unused VLAN tag that you select For a public virtual interface you will need A unique CIDR for your interface IP addresses that does not overlap another CIDR announced via AWS Direct Connect A unique CIDR range to announce via AWS Direct Connect that does not overlap another CIDR announced via AWS Direct Connect To create a hosted virtual interface 1 Open the AWS Direct Connect console at htips console amazonaws cn directconnect 2 If necessary change the region From the navigation bar select the region that meets your needs For more information see Regions and Endpoints API Version 2013 10 22 37 AWS Direct Connect User Guide Create a Hosted Virtual Interface 6 US East N Virginia US West Oregon US West N California EU Ireland EU Frankfurt Asia Pacific Singapore Asia Pacific Tokyo Asia Pacific Sydney South America S o Paulo In the navigation pane click Connections In the Connec
Download Pdf Manuals
Related Search