# Direct Connect virtual interfaces and hosted virtual interfaces
You must create one of the following virtual interfaces (VIFs) to begin using your Direct Connect connection.
+ Private virtual interface: A private virtual interface should be used to access an Amazon VPC using private IP addresses.
+ Public virtual interface: A public virtual interface can access all AWS public services using public IP addresses.
+ Transit virtual interface: A transit virtual interface should be used to access one or more Amazon VPC Transit Gateways associated with Direct Connect gateways. You can use transit virtual interfaces with any Direct Connect dedicated or hosted connection of any speed. For information about Direct Connect gateway configurations, see [Direct Connect gateways](direct-connect-gateways-intro.md).
To connect to other AWS services using IPv6 addresses, check the service documentation to verify that IPv6 addressing is supported.
## Public virtual interface prefix advertisement rules
We advertise appropriate Amazon prefixes to you so that you can reach the public IP addresses of workloads in your VPCs and other AWS services. You can access all AWS prefixes through this connection; for example, public IP addresses used by Amazon EC2 instances, Amazon S3, API endpoints for AWS services, and Amazon.com. You do not have access to non-Amazon prefixes. For a current list of prefixes used by AWS, see [AWS IP Address Ranges](https://docs.aws.amazon.com/vpc/latest/userguide/aws-ip-ranges.html) in the *Amazon VPC User Guide*. On this page you can download a `.json` file of the currently published AWS IP ranges. Note that for published IP address ranges:
+ Prefixes announced via BGP over a public virtual interface might be aggregated or de-aggregated compared to what is listed in the AWS IP address ranges list.
+ Any IP address ranges that you bring to AWS through your own IP addresses (BYOIP) are not included in the `.json` file, but AWS still advertises these BYOIP addresses over a public virtual interface.
+ AWS does not re-advertise customer prefixes that were received over Direct Connect public virtual interfaces to networks outside of AWS. Prefixes advertised on a public virtual interface will be visible to all customers on AWS.
**Note**
We recommend that you use a firewall filter (based on the source/destination address of packets) to control traffic to and from some prefixes.
For more information about public virtual interfaces and routing policies, see [Public virtual interface routing policies](routing-and-bgp.md#routing-policies).
## SiteLink
If you're creating a private or transit virtual interface, you can use SiteLink.
SiteLink is an optional Direct Connect feature for private virtual interfaces that enables connectivity between any two Direct Connect points of presence (PoPs) in the same AWS partition using the shortest available path over the AWS network. This allows you to connect your on-premises network through the AWS global network without needing to route your traffic through a Region. For more information about SiteLink see [Introducing Direct Connect SiteLink](https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-direct-connect-sitelink/).
**Note**
SiteLink is not available in AWS GovCloud (US) and the China Regions.
SiteLink does not work if an on-premises router advertises the same route to AWS on multiple virtual interfaces.
There's a separate pricing fee for using SiteLink. For more information, see [AWS Direct Connect Pricing](https://aws.amazon.com/directconnect/pricing/).
SiteLink doesn't support all virtual interface types. The following table shows the interface type and whether it's supported.
| Virtual interface type | Supported/Not supported |
| --- | --- |
| Transit virtual interface | Supported |
| Private virtual interface attached to a Direct Connect gateway with a virtual gateway | Supported |
| Private virtual interface attached to a Direct Connect gateway not associated with a virtual gateway or transit gateway | Supported |
| Private virtual interface attached to a virtual gateway | Not supported |
| Public virtual interface | Not supported |
Traffic routing behavior for traffic from AWS Regions (virtual or transit gateways) to on-premises locations over a SiteLink enabled virtual interface varies slightly from the default Direct Connect virtual interface behavior with an AWS path prepend. When SiteLink is enabled, virtual interfaces from an AWS Region prefer a BGP path with a lower AS path length from a Direct Connect location, regardless of the associated Region. For example , an associated Region is advertised for each Direct Connect location. If SiteLink is disabled, by default traffic coming from a virtual or transit gateway prefers a Direct Connect location that is associated with that AWS Region, even if the router from Direct Connect locations associated with different Regions advertises a path with a shorter AS path length. The virtual or transit gateway still prefers the path from Direct Connect locations local to the associated AWS Region.
SiteLink supports a maximum jumbo frame MTU size of either 8500 or 9001, depending on the virtual interface type. For more information, see [MTUs for private virtual interfaces or transit virtual interfaces](#set-jumbo-frames-vif).
## Prerequisites for virtual interfaces
Before you create a virtual interface, do the following:
+ Create a connection. For more information, see [Create a connection using the Connection wizard](create-connection.md).
+ Create a link aggregation group (LAG) when you have multiple connections that you want to treat as a single one. For information, see [Associate a connection with a LAG](associate-connection-with-lag.md).
To create a virtual interface, you need the following information:
| Resource | Required information |
| --- | --- |
| Connection | The Direct Connect connection or link aggregation group (LAG) for which you are creating the virtual interface. |
| Virtual interface name | A name for the virtual interface. |
| Virtual interface owner | If you're creating the virtual interface for another account, you need the AWS account ID of the other account. |
| (Private virtual interface only) Connection | For connecting to a VPC in the same AWS Region, you need the virtual private gateway for your VPC. The ASN for the Amazon side of the BGP session is inherited from the virtual private gateway. When you create a virtual private gateway, you can specify your own private ASN. Otherwise, Amazon provides a default ASN. For more information, see [Create a Virtual Private Gateway](https://docs.aws.amazon.com/vpc/latest/userguide/SetUpVPNConnections.html#vpn-create-vpg) in the Amazon VPC User Guide. For connecting to a VPC through a Direct Connect gateway, you need the Direct Connect gateway. For more information, see [Direct Connect Gateways](https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways.html). You *can't* use the same ASN for the customer gateway and virtual gateway/Direct Connect gateway on the virtual interface. You *can* use the same customer gateway ASN for multiple virtual interfaces. Multiple virtual interfaces can have the same virtual gateway/Direct Connect gateway ASN and customer gateway ASN as long as they are a part of different Direct Connect connections. For example: Virtual gateway (ASN 64,496) <---Virtual interface 1 (Direct Connect connection 1)---> Customer gateway (ASN 64,511) Virtual gateway (ASN 64,496) <---Virtual interface 2 (Direct Connect connection 2)---> Customer gateway (ASN 64,511) |
| VLAN | A unique virtual local area network (VLAN) tag that's not already in use on your connection. The value must be between 1 and 4094 and must comply with the Ethernet 802.1Q standard. This tag is required for any traffic traversing the Direct Connect connection. If you have a hosted connection, your AWS Direct Connect Partner provides this value. You can’t modify the value after you have created the virtual interface. |
| Peer IP addresses | A virtual interface can support a BGP peering session for IPv4, IPv6, or one of each (dual-stack). Do not use Elastic IPs (EIPs) or Bring your own IP addresses (BYOIP) from the Amazon Pool to create a public virtual interface. You cannot create multiple BGP sessions for the same IP addressing family on the same virtual interface. The IP address ranges are assigned to each end of the virtual interface for the BGP peering session.[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html) |
| Address family | Whether the BGP peering session will be over IPv4 or IPv6. |
| BGP information | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html) |
| (Public virtual interface only) Prefixes you want to advertise | Public IPv4 routes or IPv6 routes to advertise over BGP. You must advertise at least one prefix using BGP, up to a maximum of 1,000 prefixes. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html) |
| (Private and transit virtual interfaces only) Jumbo frames | The maximum transmission unit (MTU) of packets over Direct Connect. The default is 1500. Setting the MTU of a virtual interface to 8500 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. Jumbo frames are supported up to 8500 MTU for Direct Connect. Static routes and propagated routes configured in the Transit Gateway Route Table will support Jumbo Frames, including from EC2 instances with VPC static route table entries to the Transit Gateway Attachment. To check whether a connection or virtual interface supports jumbo frames, select it in the Direct Connect console and find Jumbo frame capable on the virtual interface General configuration page. |
When you create a virtual interface, you can specify the account that owns the virtual interface. When you choose an AWS account that is not your account, the following rules apply:
+ For private VIFs and transit VIFs, the account applies to the virtual interface and the virtual private gateway/Direct Connect gateway destination.
+ For public VIFs, the account is used for virtual interface billing. The Data Transfer Out (DTO) usage is metered toward the resource owner at Direct Connect data transfer rate.
**Note**
31-Bit prefixes are supported on all Direct Connect virtual interface types. See [RFC 3021: Using 31-Bit Prefixes on IPv4 Point-to-Point Links](https://datatracker.ietf.org/doc/html/rfc3021) for more information.
## MTUs for private virtual interfaces or transit virtual interfaces
Direct Connect supports an Ethernet frame size of 1522 or 9023 bytes (14 bytes Ethernet header \$1 4 bytes VLAN tag \$1 bytes for the IP datagram \$1 4 bytes FCS) at the link layer.
The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a private virtual interface can be either 1500 or 9001 (jumbo frames). The MTU of a transit virtual interface can be either 1500 or 8500 (jumbo frames). You can specify the MTU when you create the interface or update it after you create it. Setting the MTU of a virtual interface to 8500 (jumbo frames) or 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether a connection or virtual interface supports jumbo frames, select it in the Direct Connect console and find **Jumbo Frame Capable** on the **Summary** tab.
After you enable jumbo frames for your private virtual interface or transit virtual interface, you can only associate it with a connection or LAG that is jumbo frame capable. Jumbo frames are supported on a private virtual interface attached to either a virtual private gateway or a Direct Connect gateway, or on a transit virtual interface attached to a Direct Connect gateway. If you have two private virtual interfaces that advertise the same route but use different MTU values, or if you have a Site-to-Site VPN that advertise the same route, 1500 MTU is used.
**Important**
Jumbo frames will apply only to propagated routes via Direct Connect and static routes via transit gateways. Jumbo frames on transit gateways support only 8500 bytes.
If an EC2 instance doesn't support jumbo frames, it drops jumbo frames from Direct Connect. All EC2 instance types support jumbo frames except for C1, CC1, T1, and M1. For more information, see [Network Maximum Transmission Unit (MTU) for Your EC2 Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/network_mtu.html) in the *Amazon EC2 User Guide*.
For hosted connections, Jumbo frames can be enabled only if originally enabled on the Direct Connect hosted parent connection. If Jumbo frames isn't enabled on that parent connection, then it can't be enabled on any connection.
For the steps to set the MTU for a private virtual interface, see [Set the MTU of a private virtual interface](interface-set-mtu.md).
# Direct Connect virtual interfaces
You can create a transit virtual interface to connect to a transit gateway, a public virtual interface to connect to public resources (non-VPC services), or a private virtual interface to connect to a VPC.
To create a virtual interface for accounts within your AWS Organizations, or AWS Organizations that are different from yours, create a hosted virtual interface.
See the following to create a virtual interface:
+ [Create a public virtual interface](create-public-vif.md)
+ [Create a private virtual interface](create-private-vif.md)
+ [Create a transit virtual interface to the Direct Connect gateway](create-transit-vif-dx.md)
**Prerequisites**
Before you begin, ensure that you have read the information in [Prerequisites for virtual interfaces](WorkingWithVirtualInterfaces.md#vif-prerequisites).
## Prerequisites for transit virtual interfaces to a Direct Connect gateway
To connect your Direct Connect connection to the transit gateway, you must create a transit interface for your connection. Specify the Direct Connect gateway to which to connect.
The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a private virtual interface can be either 1500 or 9001 (jumbo frames). The MTU of a transit virtual interface can be either 1500 or 8500 (jumbo frames). You can specify the MTU when you create the interface or update it after you create it. Setting the MTU of a virtual interface to 8500 (jumbo frames) or 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether a connection or virtual interface supports jumbo frames, select it in the Direct Connect console and find **Jumbo Frame Capable** on the **Summary** tab.
**Important**
If you associate your transit gateway with one or more Direct Connect gateways, the Autonomous System Number (ASN) used by the transit gateway and the Direct Connect gateway must be different. For example, if you use the default ASN 64512 for both the transit gateway and the Direct Connect gateway, the association request fails.
# Create an Direct Connect public virtual interface
When you create a public virtual interface, it can take up to 72 business hours for us to review and approve your request.
**To provision a public virtual interface**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Choose **Create virtual interface**.
1. Under **Virtual interface type**, for **Type**, choose **Public**.
1. Under **Public virtual interface settings**, do the following:
1. For **Virtual interface name**, enter a name for the virtual interface.
1. For **Connection**, choose the Direct Connect connection that you want to use for this interface.
1. For **VLAN**, enter the ID number for your virtual local area network (VLAN).
1. For **BGP ASN**, enter the Border Gateway Protocol Autonomous System Number (ASN) of your on-premises peer router for the new virtual interface.
The valid values are 1 to 4294967294. This includes support for both ASNs (1-2147483647) and long ASNs (1-4294967294). For more information about ASNs and long ASNs see [Long ASN support in Direct Connect](long-asn-support.md).
**Note**
When establishing a BGP peering session with AWS over a public virtual interface, use `7224` as the ASN to establish the BGP session on the AWS side. The ASN on your router or customer gateway device should be different from that ASN.
1. Under **Additional settings**, do the following:
1. To configure an IPv4 BGP or an IPv6 peer, do the following:
[IPv4] To configure an IPv4 BGP peer, choose **IPv4** and do one of the following:
+ To specify these IP addresses yourself, for **Your router peer ip**, enter the destination IPv4 CIDR address to which Amazon should send traffic.
+ For **Amazon router peer IP**, enter the IPv4 CIDR address to use to send traffic to AWS.
[IPv6] To configure an IPv6 BGP peer, choose **IPv6**. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.
1. To provide your own BGP key, enter your BGP MD5 key.
If you do not enter a value, we generate a BGP key. If you provided your own key, or if we generated the key for you, that value displays in the **BGP authentication key** column on the virtual interface details page of **Virtual interfaces**.
1. To advertise prefixes to Amazon, for **Prefixes you want to advertise**, enter the IPv4 CIDR destination addresses (separated by commas) to which traffic should be routed over the virtual interface.
**Important**
You may add additional prefixes to an existing public VIF and advertise those by contacting [AWS support](https://aws.amazon.com/support/createCase). In your support case, provide a list of additional CIDR prefixes you want to add to the public VIF and advertise.
1. (Optional) Add or remove a tag.
[Add a tag] Choose **Add tag** and do the following:
+ For **Key**, enter the key name.
+ For **Value**, enter the key value.
[Remove a tag] Next to the tag, choose **Remove tag**.
1. Choose **Create virtual interface**.
1. Download the router configuration for your device. For more information, see [Download the router configuration file](vif-router-config.md).
**To create a public virtual interface using the command line or API**
+ [create-public-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/create-public-virtual-interface.html) (AWS CLI)
+ [CreatePublicVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_CreatePublicVirtualInterface.html) (Direct Connect API)
# Create an Direct Connect private virtual interface
You can provision a private virtual interface to a virtual private gateway in the same Region as your Direct Connect connection. For more information about provisioning a private virtual interface to an Direct Connect gateway, see [Direct Connect gateways](direct-connect-gateways.md).
If you use the VPC wizard to create a VPC, route propagation is automatically enabled for you. With route propagation, routes are automatically populated to the route tables in your VPC. If you choose, you can disable route propagation. For more information, see [Enable Route Propagation in Your Route Table](https://docs.aws.amazon.com/vpc/latest/userguide/SetUpVPNConnections.html#vpn-configure-routing) in the *Amazon VPC User Guide*.
The maximum transmission unit (MTU) of a network connection is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a private virtual interface can be either 1500 or 9001 (jumbo frames). The MTU of a transit virtual interface can be either 1500 or 8500 (jumbo frames). You can specify the MTU when you create the interface or update it after you create it. Setting the MTU of a virtual interface to 8500 (jumbo frames) or 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. To check whether a connection or virtual interface supports jumbo frames, select it in the Direct Connect console and find **Jumbo Frame Capable** on the **Summary** tab.
**To provision a private virtual interface to a VPC**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Choose **Create virtual interface**.
1. Under **Virtual interface type**, choose **Private**.
1. Under **Private virtual interface settings**, do the following:
1. For **Virtual interface name**, enter a name for the virtual interface.
1. For **Connection**, choose the Direct Connect connection that you want to use for this interface.
1. For **Virtual interface owner**, choose **My AWS account** if the virtual interface is for your AWS account.
1. For **Direct Connect gateway**, select the Direct Connect gateway.
1. For **VLAN**, enter the ID number for your virtual local area network (VLAN).
1. For **BGP ASN**, enter the Border Gateway Protocol Autonomous System Number of your on-premises peer router for the new virtual interface.
The valid values are 1 to 4294967294. This includes support for both ASNs (1-2147483647) and long ASNs (1-4294967294). For more information about ASNs and long ASNs see [Long ASN support in Direct Connect](long-asn-support.md).
1. Under **Additional Settings**, do the following:
1. To configure an IPv4 BGP or an IPv6 peer, do the following:
[IPv4] To configure an IPv4 BGP peer, choose **IPv4** and do one of the following:
+ To specify these IP addresses yourself, for **Your router peer ip**, enter the destination IPv4 CIDR address to which Amazon should send traffic.
+ For **Amazon router peer ip**, enter the IPv4 CIDR address to use to send traffic to AWS.
**Important**
When configuring AWS Direct Connect virtual interfaces, you can specify your own IP addresses using RFC 1918, use other addressing schemes, or opt for AWS assigned IPv4 /29 CIDR addresses allocated from the RFC 3927 169.254.0.0/16 IPv4 Link-Local range for point-to-point connectivity. These point-to-point connections should be used exclusively for eBGP peering between your customer gateway router and the Direct Connect endpoint. For VPC traffic or tunnelling purposes, such as AWS Site-to-Site Private IP VPN, or Transit Gateway Connect, AWS recommends using a loopback or LAN interface on your customer gateway router as the source or destination address instead of the point-to-point connections.
For more information about RFC 1918, see [Address Allocation for Private Internets](https://datatracker.ietf.org/doc/html/rfc1918).
For more information about RFC 3927, see [Dynamic Configuration of IPv4 Link-Local Addresses](https://datatracker.ietf.org/doc/html/rfc3927).
[IPv6] To configure an IPv6 BGP peer, choose **IPv6**. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.
1. To change the maximum transmission unit (MTU) from 1500 (default) to 8500 (jumbo frames), select **Jumbo MTU (MTU size 8500)**.
1. (Optional) Under **Enable SiteLink**, choose **Enabled** to enable direct connectivity between Direct Connect points of presence.
1. (Optional) Add or remove a tag.
[Add a tag] Choose **Add tag** and do the following:
+ For **Key**, enter the key name.
+ For **Value**, enter the key value.
[Remove a tag] Next to the tag, choose **Remove tag**.
1. Choose **Create virtual interface**.
1. Download the router configuration for your device. For more information, see [Download the router configuration file](vif-router-config.md).
**To create a private virtual interface using the command line or API**
+ [create-private-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/create-private-virtual-interface.html) (AWS CLI)
+ [CreatePrivateVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_CreatePrivateVirtualInterface.html) (Direct Connect API)
# Create a transit virtual interface to the Direct Connect gateway
Before connecting a transit virtual interface to the Direct Connect gateway, familiarize yourself with the [text](create-vif.md#dx-vifs-prereqs).
**To provision a transit virtual interface to a Direct Connect gateway**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Choose **Create virtual interface**.
1. Under **Virtual interface type**, for **Type**, choose **Transit**.
1. Under **Transit virtual interface settings**, do the following:
1. For **Virtual interface name**, enter a name for the virtual interface.
1. For **Connection**, choose the Direct Connect connection that you want to use for this interface.
1. For **Virtual interface owner**, choose **My AWS account** if the virtual interface is for your AWS account.
1. For **Direct Connect gateway**, select the Direct Connect gateway.
1. For **VLAN**, enter the ID number for your virtual local area network (VLAN).
1. For **BGP ASN**, enter the Border Gateway Protocol Autonomous System Number of your on-premises peer router for the new virtual interface.
The valid values are 1 to 4294967294. This includes support for both ASNs (1-2147483647) and long ASNs (1-4294967294). For more information about ASNs and long ASNs see [Long ASN support in Direct Connect](long-asn-support.md).
1. Under **Additional Settings**, do the following:
1. To configure an IPv4 BGP or an IPv6 peer, do the following:
[IPv4] To configure an IPv4 BGP peer, choose **IPv4** and do one of the following:
+ To specify these IP addresses yourself, for **Your router peer ip**, enter the destination IPv4 CIDR address to which Amazon should send traffic.
+ For **Amazon router peer ip**, enter the IPv4 CIDR address to use to send traffic to AWS.
**Important**
When configuring AWS Direct Connect virtual interfaces, you can specify your own IP addresses using RFC 1918, use other addressing schemes, or opt for AWS assigned IPv4 /29 CIDR addresses allocated from the RFC 3927 169.254.0.0/16 IPv4 Link-Local range for point-to-point connectivity. These point-to-point connections should be used exclusively for eBGP peering between your customer gateway router and the Direct Connect endpoint. For VPC traffic or tunnelling purposes, such as AWS Site-to-Site Private IP VPN, or Transit Gateway Connect, AWS recommends using a loopback or LAN interface on your customer gateway router as the source or destination address instead of the point-to-point connections.
For more information about RFC 1918, see [Address Allocation for Private Internets](https://datatracker.ietf.org/doc/html/rfc1918).
For more information about RFC 3927, see [Dynamic Configuration of IPv4 Link-Local Addresses](https://datatracker.ietf.org/doc/html/rfc3927).
[IPv6] To configure an IPv6 BGP peer, choose **IPv6**. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.
1. To change the maximum transmission unit (MTU) from 1500 (default) to 8500 (jumbo frames), select **Jumbo MTU (MTU size 8500)**.
1. (Optional) Under **Enable SiteLink**, choose **Enabled** to enable direct connectivity between Direct Connect points of presence.
1. (Optional) Add or remove a tag.
[Add a tag] Choose **Add tag** and do the following:
+ For **Key**, enter the key name.
+ For **Value**, enter the key value.
[Remove a tag] Next to the tag, choose **Remove tag**.
1. Choose **Create virtual interface**.
After you create the virtual interface, you can download the router configuration for your device. For more information, see [Download the router configuration file](vif-router-config.md).
**To create a transit virtual interface using the command line or API**
+ [create-transit-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/create-transit-virtual-interface.html) (AWS CLI)
+ [CreateTransitVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_CreateTransitVirtualInterface.html) (Direct Connect API)
**To view the virtual interfaces that are attached to a Direct Connect gateway using the command line or API**
+ [describe-direct-connect-gateway-attachments](https://docs.aws.amazon.com/cli/latest/reference/directconnect/describe-direct-connect-gateway-attachments.html) (AWS CLI)
+ [DescribeDirectConnectGatewayAttachments](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeDirectConnectGatewayAttachments.html) (Direct Connect API)
# Download the Direct Connect router configuration file
After you create the virtual interface and the interface state is up, you can download the router configuration file for your router.
If you use any of the following routers for virtual interfaces that have MACsec turned on, we automatically create the configuration file for your router:
+ Cisco Nexus 9K\$1 Series switches running NX-OS 9.3 or later software
+ Juniper Networks M/MX Series Routers running JunOS 9.5 or later software
**To download the router configuration file**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Select the virtual interface and then choose **View details**.
1. Choose **Download router configuration**.
1. For **Download router configuration**, do the following:
1. For **Vendor**, select the manufacturer of your router.
1. For **Platform**, select the model of your router.
1. For **Software**, select the software version for your router.
1. Choose **Download**, and then use the appropriate configuration for your router to ensure that you can connect to Direct Connect.
1. If you need to manually configure your router for MACsec, use the following table as a guideline.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/directconnect/latest/UserGuide/vif-router-config.html)
# Hosted Direct Connect virtual interfaces
To use your Direct Connect connection with another account, you can create a hosted virtual interface for that account. The owner of the other account must accept the hosted virtual interface to begin using it. A hosted virtual interface works the same as a standard virtual interface and can connect to public resources or a VPC.
You can use transit virtual interfaces with Direct Connect dedicated or hosted connections of any speed. Hosted connections support only one virtual interface.
To create a virtual interface, you need the following information:
| Resource | Required information |
| --- | --- |
| Connection | The Direct Connect connection or link aggregation group (LAG) for which you are creating the virtual interface. |
| Virtual interface name | A name for the virtual interface. |
| Virtual interface owner | If you're creating the virtual interface for another account, you need the AWS account ID of the other account. |
| (Private virtual interface only) Connection | For connecting to a VPC in the same AWS Region, you need the virtual private gateway for your VPC. The ASN for the Amazon side of the BGP session is inherited from the virtual private gateway. When you create a virtual private gateway, you can specify your own private ASN. Otherwise, Amazon provides a default ASN. For more information, see [Create a Virtual Private Gateway](https://docs.aws.amazon.com/vpc/latest/userguide/SetUpVPNConnections.html#vpn-create-vpg) in the Amazon VPC User Guide. For connecting to a VPC through a Direct Connect gateway, you need the Direct Connect gateway. For more information, see [Direct Connect Gateways](https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways.html). |
| VLAN | A unique virtual local area network (VLAN) tag that's not already in use on your connection. The value must be between 1 and 4094 and must comply with the Ethernet 802.1Q standard. This tag is required for any traffic traversing the Direct Connect connection. If you have a hosted connection, your AWS Direct Connect Partner provides this value. You can’t modify the value after you have created the virtual interface. |
| Peer IP addresses | A virtual interface can support a BGP peering session for IPv4, IPv6, or one of each (dual-stack). Do not use Elastic IPs (EIPs) or Bring your own IP addresses (BYOIP) from the Amazon Pool to create a public virtual interface. You cannot create multiple BGP sessions for the same IP addressing family on the same virtual interface. The IP address ranges are assigned to each end of the virtual interface for the BGP peering session. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/directconnect/latest/UserGuide/hosted-vif.html) |
| Address family | Whether the BGP peering session will be over IPv4 or IPv6. |
| BGP information | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/directconnect/latest/UserGuide/hosted-vif.html) |
| (Public virtual interface only) Prefixes you want to advertise | Public IPv4 routes or IPv6 routes to advertise over BGP. You must advertise at least one prefix using BGP, up to a maximum of 1,000 prefixes. [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/directconnect/latest/UserGuide/hosted-vif.html) |
| (Private and transit virtual interfaces only) Jumbo frames | The maximum transmission unit (MTU) of packets over Direct Connect. The default is 1500. Setting the MTU of a virtual interface to 9001 (jumbo frames) can cause an update to the underlying physical connection if it wasn't updated to support jumbo frames. Updating the connection disrupts network connectivity for all virtual interfaces associated with the connection for up to 30 seconds. Jumbo frames apply only to propagated routes from Direct Connect. If you add static routes to a route table that point to your virtual private gateway, then traffic routed through the static routes is sent using 1500 MTU. To check whether a connection or virtual interface supports jumbo frames, select it in the Direct Connect console and find Jumbo frame capable on the virtual interface General configuration page. |
# Create a hosted private virtual interface in Direct Connect
Before you begin, ensure that you have read the information in [Prerequisites for virtual interfaces](WorkingWithVirtualInterfaces.md#vif-prerequisites).
**To create a hosted private virtual interface**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Choose **Create virtual interface**.
1. Under **Virtual interface type**, for **Type**, choose **Private**.
1. Under **Private virtual interface settings**, do the following:
1. For **Virtual interface name**, enter a name for the virtual interface.
1. For **Connection**, choose the Direct Connect connection that you want to use for this interface.
1. For **Virtual interface owner**, choose **Another AWS account**, and then for **Virtual interface owner**, enter the ID of the account to own this virtual interface.
1. For **VLAN**, enter the ID number for your virtual local area network (VLAN).
1. For **BGP ASN**, enter the Border Gateway Protocol Autonomous System Number of your on-premises peer router for the new virtual interface.
The valid values are 1 to 4294967294. This includes support for both ASNs (1-2147483647) and long ASNs (1-4294967294). For more information about ASNs and long ASNs see [Long ASN support in Direct Connect](long-asn-support.md).
1. Under **Additional Settings**, do the following:
1. To configure an IPv4 BGP or an IPv6 peer, do the following:
[IPv4] To configure an IPv4 BGP peer, choose **IPv4** and do one of the following:
+ To specify these IP addresses yourself, for **Your router peer ip**, enter the destination IPv4 CIDR address to which Amazon should send traffic.
+ For **Amazon router peer ip**, enter the IPv4 CIDR address to use to send traffic to AWS.
**Important**
When configuring AWS Direct Connect virtual interfaces, you can specify your own IP addresses using RFC 1918, use other addressing schemes, or opt for AWS assigned IPv4 /29 CIDR addresses allocated from the RFC 3927 169.254.0.0/16 IPv4 Link-Local range for point-to-point connectivity. These point-to-point connections should be used exclusively for eBGP peering between your customer gateway router and the Direct Connect endpoint. For VPC traffic or tunnelling purposes, such as AWS Site-to-Site Private IP VPN, or Transit Gateway Connect, AWS recommends using a loopback or LAN interface on your customer gateway router as the source or destination address instead of the point-to-point connections.
For more information about RFC 1918, see [Address Allocation for Private Internets](https://datatracker.ietf.org/doc/html/rfc1918).
For more information about RFC 3927, see [Dynamic Configuration of IPv4 Link-Local Addresses](https://datatracker.ietf.org/doc/html/rfc3927).
[IPv6] To configure an IPv6 BGP peer, choose **IPv6**. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.
1. To change the maximum transmission unit (MTU) from 1500 (default) to 8500 (jumbo frames), select **Jumbo MTU (MTU size 8500)**.
1. (Optional) Add or remove a tag.
[Add a tag] Choose **Add tag** and do the following:
+ For **Key**, enter the key name.
+ For **Value**, enter the key value.
[Remove a tag] Next to the tag, choose **Remove tag**.
1. After the hosted virtual interface is accepted by the owner of the other AWS account, you can download the configuration file. For more information, see [Download the router configuration file](vif-router-config.md).
**To create a hosted private virtual interface using the command line or API**
+ [allocate-private-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/allocate-private-virtual-interface.html) (AWS CLI)
+ [AllocatePrivateVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_AllocatePrivateVirtualInterface.html) (Direct Connect API)
# Create a hosted public virtual interface in Direct Connect
Before you begin, ensure that you have read the information in [Prerequisites for virtual interfaces](WorkingWithVirtualInterfaces.md#vif-prerequisites).
**To create a hosted public virtual interface**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Choose **Create virtual interface**.
1. Under **Virtual interface type**, for **Type**, choose **Public**.
1. Under **Public Virtual Interface Settings**, do the following:
1. For **Virtual interface name**, enter a name for the virtual interface.
1. For **Connection**, choose the Direct Connect connection that you want to use for this interface.
1. For **Virtual interface owner**, choose **Another AWS account**, and then for **Virtual interface owner**, enter the ID of the account to own this virtual interface.
1. For **VLAN**, enter the ID number for your virtual local area network (VLAN).
1. For **BGP ASN**, enter the Border Gateway Protocol Autonomous System Number of your on-premises peer router for the new virtual interface.
The valid values are 1 to 4294967294. This includes support for both ASNs (1-2147483647) and long ASNs (1-4294967294). For more information about ASNs and long ASNs see [Long ASN support in Direct Connect](long-asn-support.md).
1. To configure an IPv4 BGP or an IPv6 peer, do the following:
[IPv4] To configure an IPv4 BGP peer, choose **IPv4** and do one of the following:
+ To specify these IP addresses yourself, for **Your router peer ip**, enter the destination IPv4 CIDR address to which Amazon should send traffic.
+ For **Amazon router peer ip**, enter the IPv4 CIDR address to use to send traffic to AWS.
[IPv6] To configure an IPv6 BGP peer, choose **IPv6**. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.
1. To advertise prefixes to Amazon, for **Prefixes you want to advertise**, enter the IPv4 CIDR destination addresses (separated by commas) to which traffic should be routed over the virtual interface.
1. To provide your own key to authenticate the BGP session, under **Additional Settings**, for **BGP authentication key**, enter the key.
If you do not enter a value, then we generate a BGP key.
1. (Optional) Add or remove a tag.
[Add a tag] Choose **Add tag** and do the following:
+ For **Key**, enter the key name.
+ For **Value**, enter the key value.
[Remove a tag] Next to the tag, choose **Remove tag**.
1. Choose **Create virtual interface**.
1. After the hosted virtual interface is accepted by the owner of the other AWS account, you can download the configuration file. For more information, see [Download the router configuration file](vif-router-config.md).
**To create a hosted public virtual interface using the command line or API**
+ [allocate-public-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/allocate-public-virtual-interface.html) (AWS CLI)
+ [AllocatePublicVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_AllocatePublicVirtualInterface.html) (Direct Connect API)
# Create an Direct Connect hosted transit virtual interface
**To create a hosted transit virtual interface**
**Important**
If you associate your transit gateway with one or more Direct Connect gateways, the Autonomous System Number (ASN) used by the transit gateway and the Direct Connect gateway must be different. For example, if you use the default ASN 64512 for both the transit gateway and the Direct Connect gateway, the association request fails.
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Choose **Create virtual interface**.
1. Under **Virtual interface type**, for **Type**, choose **Transit**.
1. Under **Transit virtual interface settings**, do the following:
1. For **Virtual interface name**, enter a name for the virtual interface.
1. For **Connection**, choose the Direct Connect connection that you want to use for this interface.
1. For **Virtual interface owner**, choose **Another AWS account**, and then for **Virtual interface owner**, enter the ID of the account to own this virtual interface.
1. For **VLAN**, enter the ID number for your virtual local area network (VLAN).
1. For **BGP ASN**, enter the Border Gateway Protocol Autonomous System Number of your on-premises peer router for the new virtual interface.
The valid values are 1 to 4294967294. This includes support for both ASNs (1-2147483647) and long ASNs (1-4294967294). For more information about ASNs and long ASNs see [Long ASN support in Direct Connect](long-asn-support.md).
1. Under **Additional Settings**, do the following:
1. To configure an IPv4 BGP or an IPv6 peer, do the following:
[IPv4] To configure an IPv4 BGP peer, choose **IPv4** and do one of the following:
+ To specify these IP addresses yourself, for **Your router peer ip**, enter the destination IPv4 CIDR address to which Amazon should send traffic.
+ For **Amazon router peer ip**, enter the IPv4 CIDR address to use to send traffic to AWS.
**Important**
When configuring AWS Direct Connect virtual interfaces, you can specify your own IP addresses using RFC 1918, use other addressing schemes, or opt for AWS assigned IPv4 /29 CIDR addresses allocated from the RFC 3927 169.254.0.0/16 IPv4 Link-Local range for point-to-point connectivity. These point-to-point connections should be used exclusively for eBGP peering between your customer gateway router and the Direct Connect endpoint. For VPC traffic or tunnelling purposes, such as AWS Site-to-Site Private IP VPN, or Transit Gateway Connect, AWS recommends using a loopback or LAN interface on your customer gateway router as the source or destination address instead of the point-to-point connections.
For more information about RFC 1918, see [Address Allocation for Private Internets](https://datatracker.ietf.org/doc/html/rfc1918).
For more information about RFC 3927, see [Dynamic Configuration of IPv4 Link-Local Addresses](https://datatracker.ietf.org/doc/html/rfc3927).
[IPv6] To configure an IPv6 BGP peer, choose **IPv6**. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.
1. To change the maximum transmission unit (MTU) from 1500 (default) to 8500 (jumbo frames), select **Jumbo MTU (MTU size 8500)**.
1. [Optional] Add a tag. Do the following:
[Add a tag] Choose **Add tag** and do the following:
+ For **Key**, enter the key name.
+ For **Value**, enter the key value.
[Remove a tag] Next to the tag, choose **Remove tag**.
1. Choose **Create virtual interface**.
1. After the hosted virtual interface is accepted by the owner of the other AWS account, you can download the router configuration file for your device. For more information, see [Download the router configuration file](vif-router-config.md).
**To create a hosted transit virtual interface using the command line or API**
+ [allocate-transit-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/allocate-public-transit-interface.html) (AWS CLI)
+ [AllocateTransitVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_AllocateTransitVirtualInterface.html) (Direct Connect API)
# View Direct Connect virtual interface details
You can view the current status of your virtual interface using either the Direct Connect console or using the command line or API. Details include:
+ Connection state
+ Name
+ Location
+ VLAN
+ BGP details
+ Peer IP addresses
**To view details about a virtual interface**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the left pane, choose **Virtual Interfaces**.
1. Select the virtual interface and then choose **View details**.
**To describe virtual interfaces using the command line or API**
+ [describe-virtual-interfaces](https://docs.aws.amazon.com/cli/latest/reference/directconnect/describe-virtual-interfaces.html) (AWS CLI)
+ [DescribeVirtualInterfaces](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeVirtualInterfaces.html) (Direct Connect API)
# Add a BGP peer to an Direct Connect virtual interface
Add or delete an IPv4 or IPv6 BGP peering session to your virtual interface using either the Direct Connect console or using the command line or API.
A virtual interface can support a single IPv4 BGP peering session and a single IPv6 BGP peering session. You cannot specify your own peer IPv6 addresses for an IPv6 BGP peering session. Amazon automatically allocates you a /125 IPv6 CIDR.
Multi-protocol BGP is not supported. IPv4 and IPv6 operate in dual-stack mode for the virtual interface.
AWS enables MD5 by default. You cannot modify this option.
Use the following procedure to add a BGP peer.
**To add a BGP peer**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Select the virtual interface and then choose **View details**.
1. Choose **Add peering**.
1. (Private virtual interface) To add IPv4 BGP peers, do the following:
+ Choose **IPv4**.
+ To specify these IP addresses yourself, for **Your router peer ip**, enter the destination IPv4 CIDR address to which Amazon should send traffic. For **Amazon router peer ip**, enter the IPv4 CIDR address to use to send traffic to AWS.
1. (Public virtual interface) To add IPv4 BGP peers, do the following:
+ For **Your router peer ip**, enter the IPv4 CIDR destination address where traffic should be sent.
+ For **Amazon router peer IP**, enter the IPv4 CIDR address to use to send traffic to AWS.
**Important**
When configuring AWS Direct Connect virtual interfaces, you can specify your own IP addresses using RFC 1918, use other addressing schemes, or opt for AWS assigned IPv4 /29 CIDR addresses allocated from the RFC 3927 169.254.0.0/16 IPv4 Link-Local range for point-to-point connectivity. These point-to-point connections should be used exclusively for eBGP peering between your customer gateway router and the Direct Connect endpoint. For VPC traffic or tunnelling purposes, such as AWS Site-to-Site Private IP VPN, or Transit Gateway Connect, AWS recommends using a loopback or LAN interface on your customer gateway router as the source or destination address instead of the point-to-point connections.
For more information about RFC 1918, see [Address Allocation for Private Internets](https://datatracker.ietf.org/doc/html/rfc1918).
For more information about RFC 3927, see [Dynamic Configuration of IPv4 Link-Local Addresses](https://datatracker.ietf.org/doc/html/rfc3927).
1. (Private or public virtual interface) To add IPv6 BGP peers, choose **IPv6**. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses; you cannot specify custom IPv6 addresses.
1. For **BGP ASN**, enter the Border Gateway Protocol Autonomous System Number of your on-premises peer router for the new virtual interface.
For a public virtual interface, the ASN must be private or already on the allow list for the virtual interface.
The valid values are 1 to 4294967294. This includes support for both ASNs (1-2147483646) and long ASNs (1-4294967294). For more information about ASNs and long ASNs see [Long ASN support in Direct Connect](long-asn-support.md).
Note that if you do not enter a value, we automatically assign one.
1. To provide your own BGP key, for **BGP Authentication Key**, enter your BGP MD5 key.
1. Choose **Add peering**.
**To create a BGP peer using the command line or API**
+ [create-bgp-peer](https://docs.aws.amazon.com/cli/latest/reference/directconnect/create-bgp-peer.html) (AWS CLI)
+ [CreateBGPPeer](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_CreateBGPPeer.html) (Direct Connect API)
# Delete an Direct Connect virtual interface BGP peer
If your virtual interface has both an IPv4 and IPv6 BGP peering session, you can delete one of the BGP peering sessions (but not both). You can delete a virtual interface BGP peer using either the Direct Connect console or using the command line or API.
**To delete a BGP peer**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Select the virtual interface and then choose **View details**.
1. Under **Peerings,** select the peering that you want to delete and then choose **Delete**.
1. In the **Remove peering from virtual interface** dialog box, choose **Delete**.
**To delete a BGP peer using the command line or API**
+ [delete-bgp-peer](https://docs.aws.amazon.com/cli/latest/reference/directconnect/delete-bgp-peer.html) (AWS CLI)
+ [DeleteBGPPeer](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DeleteBGPPeer.html) (Direct Connect API)
# Set the MTU of an Direct Connect private virtual interface
If your virtual interface has both an IPv4 and IPv6 BGP peering session, you can delete one of the BGP peering sessions (but not both). For more information about MTUs and private virtual interfaces, see [MTUs for private virtual interfaces or transit virtual interfaces](WorkingWithVirtualInterfaces.md#set-jumbo-frames-vif.title).
You can set the MTU of a private virtual interface using either the Direct Connect console or using the command line or API.
**To set the MTU of a private virtual interface**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Select the virtual interface and then choose **Edit**.
1. Under **Jumbo MTU (MTU size 8500)**, select **Enabled**.
1. Under **Acknowledge**, select **I understand the selected connection(s) will go down for a brief period**. The state of the virtual interface is `pending` until the update is complete.
**To set the MTU of a private virtual interface using the command line or API**
+ [update-virtual-interface-attributes](https://docs.aws.amazon.com/cli/latest/reference/directconnect/update-virtual-interface-attributes.html) (AWS CLI)
+ [UpdateVirtualInterfaceAttributes](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_UpdateVirtualInterfaceAttributes.html) (Direct Connect API)
# Add or remove Direct Connect virtual interface tags
Tags provide a way to identify the virtual interface. You can add or remove a tag using either the Direct Connect console or using the command line or API if you are the account owner for the virtual interface.
**To add or remove a virtual interface tag**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Select the virtual interface and then choose **Edit**.
1. Add or remove a tag.
[Add a tag] Choose **Add tag** and do the following:
+ For **Key**, enter the key name.
+ For **Value**, enter the key value.
[Remove a tag] Next to the tag, choose **Remove tag**.
1. Choose **Edit virtual interface**.
**To add a tag or remove a tag using the command line**
+ [tag-resource](https://docs.aws.amazon.com/cli/latest/reference/directconnect/tag-resource.html) (AWS CLI)
+ [untag-resource](https://docs.aws.amazon.com/cli/latest/reference/directconnect/untag-resource.html) (AWS CLI)
# Delete an Direct Connect virtual interface
Delete one or more virtual interfaces. Before you can delete a connection, you must delete its virtual interface. Deleting a virtual interface stops Direct Connect data transfer charges associated with the virtual interface.
You can delete a virtual interface using either the Direct Connect console or the command line or API.
**To delete a virtual interface**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the left pane, choose **Virtual Interfaces**.
1. Select the virtual interfaces and then choose **Delete**.
1. In the **Delete** confirmation dialog box, choose **Delete**.
**To delete a virtual interface using the command line or API**
+ [delete-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/delete-virtual-interface.html) (AWS CLI)
+ [DeleteVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DeleteVirtualInterface.html) (Direct Connect API)
# Accept a hosted Direct Connect virtual interface
Before you can begin using a hosted virtual interface, you must accept the virtual interface. For a private virtual interface, you must also have an existing virtual private gateway or Direct Connect gateway. For a transit virtual interface, you must have an existing transit gateway or Direct Connect gateway.
You can accept a hosted virtual interface using either the Direct Connect console or the command line or API.
**To accept a hosted virtual interface**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Select the virtual interface and then choose **View details**.
1. Choose **Accept**.
1. This applies to private virtual interfaces and transit virtual interfaces.
(Transit virtual interface) In the **Accept virtual interface** dialog box, select a Direct Connect gateway, and then choose **Accept virtual interface**.
(Private virtual interface) In the **Accept virtual interface** dialog box, select a virtual private gateway or Direct Connect gateway, and then choose **Accept virtual interface**.
1. After you accept the hosted virtual interface, the owner of the Direct Connect connection can download the router configuration file. The **Download router configuration** option is not available for the account that accepts the hosted virtual interface.
**To accept a hosted private virtual interface using the command line or API**
+ [confirm-private-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/confirm-private-virtual-interface.html) (AWS CLI)
+ [ConfirmPrivateVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_ConfirmPrivateVirtualInterface.html) (Direct Connect API)
**To accept a hosted public virtual interface using the command line or API**
+ [confirm-public-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/confirm-public-virtual-interface.html) (AWS CLI)
+ [ConfirmPublicVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_ConfirmPublicVirtualInterface.html) (Direct Connect API)
**To accept a hosted transit virtual interface using the command line or API**
+ [confirm-transit-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/confirm-transit-virtual-interface.html) (AWS CLI)
+ [ConfirmTransitVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_ConfirTransitVirtualInterface.html) (Direct Connect API)
# Migrate an Direct Connect virtual interface
Use this procedure when you want to perform any of the following virtual interface migration operations:
+ Migrate an existing virtual interface associated with a connection to another LAG.
+ Migrate an existing virtual interface associated with an existing LAG to a new LAG.
+ Migrate an existing virtual interface associated with a connection to another connection.
**Note**
You can migrate a virtual interface to a new connection within the same Region, but you can't migrate it from one Region to another. When you migrate or associate an existing virtual interface to a new connection, the configuration parameters associated with those virtual interfaces are the same. To work around this, you can pre-stage the configuration on the connection, and then update the BGP configuration.
You can't migrate a VIF from one hosted connection to another hosted connection. VLAN IDs are unique; therefore, migrating a VIF in this way would mean the VLANs don't match. You either need to delete the connection or VIF, and then recreate that using a VLAN that's the same for both the connection and the VIF.
**Important**
The virtual interface will go down for a brief period. We recommend you perform this procedure during a maintenance window.
**To migrate a virtual interface**
1. Open the **Direct Connect** console at [https://console.aws.amazon.com/directconnect/v2/home](https://console.aws.amazon.com/directconnect/v2/home).
1. In the navigation pane, choose **Virtual Interfaces**.
1. Select the virtual interface, and then choose **Edit**.
1. For **Connection**, select the LAG or connection.
1. Choose **Edit virtual interface**.
**To migrate a virtual interface using the command line or API**
+ [associate-virtual-interface](https://docs.aws.amazon.com/cli/latest/reference/directconnect/associate-virtual-interface.html) (AWS CLI)
+ [AssociateVirtualInterface](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_AssociateVirtualInterface.html) (Direct Connect API)