I want to migrate network traffic from my existing AWS Direct Connect (DX) virtual interface that's associated with a virtual private gateway to a DX gateway, and I want to do so with minimum downtime. How can I do this?
To migrate traffic from a DX virtual interface that is associated with a virtual private gateway to a new DX gateway, you must create a new virtual interface.
You must also associate that new virtual interface with your new DX gateway when you create it.
Then, use Border Gateway Protocol (BGP) attributes on your network device (such as AS path prepending) to migrate traffic to the DX gateway with minimal downtime.
Note: Before proceeding, check your vendor documentation for instructions on configuring BGP and its attributes, and specific settings for your network device.
Perform the following steps during a scheduled maintenance window to minimize downtime:
- Create a new DX gateway. For more information, see Creating an AWS Direct Connect Gateway.
- Create a new private virtual interface. For more information, see Creating a Private Virtual Interface.
Important: During creation, be sure to associate the virtual interface with the DX gateway you created in the previous step.
- Associate the virtual private gateway that is already attached to your virtual private cloud (VPC) with the DX gateway that you just created. For more information, see Associating and Disassociating Virtual Private Gateways.
Note: Be sure to comply with DX gateway rules. For more information, see AWS Direct Connect Gateways.
- Optional: To minimize downtime, pre-stage the configuration on your network device for the new virtual interface associated with the new DX gateway.
- Use BGP to configure a longer AS_Path routing policy on the same prefixes that you’re configuring the new virtual interface to advertise. This step makes outbound traffic from AWS prefer the existing virtual interface route (with a shorter AS_Path).
Note: To be sure that traffic from your network device still egresses from the existing virtual interface, and not from the newly created DX gateway virtual interface, use the Local Preference BGP attribute on your network device.
- During your maintenance window, bring down the BGP session for the existing virtual interface on your network device.
- Wait for the network traffic from AWS to propagate through the new virtual interface associated with the DX gateway. Check your network device to confirm that it is receiving traffic from the new virtual interface.