AWS Direct Connect – Public Virtual Interface

AWS’s private connection model is called Direct Connect.

Note: This article has been archived and replaced by a more current version that describes private and public virtual interfaces for both Hosted VIFs and Hosted Connections:  for complete details, see AWS Direct Connect.  For Hosted Connections, see Creating a Public, Private, or Transit Virtual Interface on a Hosted Connection.

Direct Connect supports access to public and private AWS cloud services. When you order Direct Connect at a particular location you can access the AWS cloud services that are provisioned within a region. For example, to access an AWS cloud service that is provisioned in an Ashburn data center, you will order Direct Connect to the AWS region, US-East-1.

When connecting to AWS via Direct Connect with Megaport, the Virtual Cross Connect (VXC) forms the Layer 2 component of the connection. Layer 3 BGP connectivity is established directly between the customer and AWS.

When provisioning a Direct Connect, it’s important to remember that you can deploy multiple VXCs to the same VPC (for redundancy), however, it is not possible to deploy a single VXC to multiple VPCs directly.

Megaport supports Direct Connect access to both Private and Public spaces within AWS, however, a separate connection is required for each. This article will focus on establishing a Direct Connect access to your Public AWS environment. See this article for details on establishing a Direct Connect to your Private AWS VPC.

To deploy a Direct Connect, you will need your AWS Account ID (found in the ‘Management’ section of the AWS Console), as well as the details of the VPC environment to which you want to connect.

Here are some key terms to understand:


A 1Gbps or 10Gbps Port that enables access to the Megaport Network.

Virtual Cross Connect (VXC)

The Layer 2 service that enables connectivity from a Megaport to a destination service like AWS.


The routing protocol used to establish Layer 3 connectivity from your on-premises equipment to your AWS VPC.

Virtual Private Cloud (VPC)

The base building block for many AWS services. A VPC contains EC2 instances.

Virtual Gateway (VGW)

The virtual gateway is a virtual router inside a VPC. This virtual router is where external connectivity to the VPC terminates – both Direct Connect and VPN.

Public Virtual Interface

To connect to AWS public endpoints, such as Amazon Simple Storage Service (Amazon S3), with dedicated network performance, use a public virtual interface.

A public virtual interface allows you to connect to all AWS public IP spaces globally. Direct Connect customers from any Direct Connect location can create public virtual interfaces to receive Amazon’s global IP routes and they can access publicly routable Amazon services in any AWS Regions.

Access to AWS resources via a public virtual interface has the following requirements:

  • A public or private Autonomous System Number (ASN)
    • If Public, you must own the public ASN
    • Supported private ASN range 64512 – 65535
  • An unused VLAN_ID that you choose
  • Public IPs (at least /31) allocated by you for BGP connectivity

Below are the steps to deploying a Public VIF (Virtual Interface) connection to AWS DX.

Login to your Megaport Portal account at –

Order a VXC to AWS.

  • From the Megaport ribbon choose +Connection. 
  1. Select Cloud and choose Next.

  1. From the New Connection window, choose the following items:
    1. Select AWS as the Provider.
    2. Select the Destination Port. This is the AWS region you’d like to establish the Direct Connect.

(Pro Tip: You can use the ‘Country Filter’ to narrow the selection)

Choose Next.

  1. From the Connection Details window, choose the following items:
      1. Name Your Connection – A free text field allowing you to assign an easily identifiable name for this connection.
      2. Invoice Reference (optional).
      3. Rate Limit – This can be any value between 1Mb up to the Port Speed.
      4. Preferred A-End VLAN – The VLAN for this connection that you will receive via the Megaport. This must be a unique VLAN ID on this Port. You can also select the toggle to ‘untag’ this VXC. This will remove the VLAN tagging for this connection but will also mean only one VXC can be deployed on this Port.

Select Next.

  1. In the Cloud Details window, select your AWS Connection Type: Public

Note: Public VIFs require manual intervention from Amazon and could take up to 48 hours.

Public VXC to Public Virtual Interface

      1. Select Type: Public – Access public AWS services like S3, DynamoDB, CloudFront, and more. You’ll also receive Amazon’s global IP prefixes (approximately 2,000 prefixes).
      2. Set the AWS Connection Name – A free text field allowing you to assign an easily identifiable name for this connection.
      3. Provide your AWS Account ID – This is your AWS Account ID and can be found in the AWS. Console under ‘Account’.
      4. Prove the Customer ASN. A public or private Autonomous System Number (ASN) can be used. If using a Public, you must own the public ASN. If using a Private, the supported private ASN range is 64512 – 65535.
      5. Set the BGP Auth Key – This is the BGP MD5 key.
      6. Set the Customer IP Address using CIDR notation. The are Public IPs (/30) allocated by you for BGP connectivity. You must own the public IPs (/30)
      7. Set Amazon IP Address using CIDR notation.
      8. Provide Prefixes – IP Prefixes you will announce to AWS.

Select Next then Add VXC.

Choose Order.

Select Order Now – This will initiate the provisioning of the VXC Direct Connect to AWS.









Additional useful links:

AWS DX User Guide

AWS Public Virtual Interface FAQ

AWS Portal

©2020 Megaport. Megaport, Virtual Cross Connect, VXC and MegaIX are registered trademarks of Megaport (Services) Pty Ltd ACN 607 432 646.

Log in with your credentials

Forgot your details?