AWS Direct Connect – Private Virtual Interface

AWS’s private connection model is called Direct Connect.

Note: This article has been archived and replaced by a more current version that describes private and public virtual interfaces for both Hosted VIFs and Hosted Connections:  for complete details, see AWS Direct Connect.  For Hosted Connections, see Creating a Public, Private, or Transit Virtual Interface on a Hosted Connection.

Direct Connect supports access to public and private AWS cloud services. When you order Direct Connect at a particular location you can access the AWS cloud services that are provisioned within a Region. For example, to access an AWS cloud service that is provisioned in an Ashburn data center, you would order Direct Connect to the AWS Region, US-East-1.

When connecting to AWS via Direct Connect with Megaport, the Virtual Cross Connect (VXC) forms the Layer 2 component of the connection. Layer 3 BGP connectivity is established directly between the customer and AWS.

Megaport supports Direct Connect access to both Private and Public spaces within AWS, however, a separate connection is required for each. This article will focus on establishing Direct Connect access to your Private AWS VPC. See this article for details on establishing a Direct Connect to your Public  AWS VPC.

To deploy a Direct Connect, you need your AWS Account ID (found in the Management section of the AWS Console), as well as the details of the VPC environment to which you want to connect.

Here are some key AWS terms to understand:


A 1 Gbps or 10 Gbps port that enables access to the Megaport Network.

Virtual Cross Connect (VXC)

The Layer 2 service that enables connectivity from a Megaport to a destination service like AWS.

Border Gateway Protocol (BGP)

The routing protocol used to establish Layer 3 connectivity from the customer’s on-premises equipment to their AWS VPC.

Virtual Private Cloud (VPC)

The base building blocks for many AWS services; a VPC contains EC2 instances.

Virtual Gateway (VGW)

A virtual router inside a VPC. This virtual router is where external connectivity to the VPC terminates – both Direct Connect and VPN.

Direct Connect Gateway

You can use an AWS Direct Connect Gateway to connect your AWS Direct Connect connection to a private virtual interface to one or more VPCs in your account that are located in the same or different regions. You can attach multiple private virtual interfaces. NOTE: A previous limitation on using AWS Direct Connect Gateway for single accounts only has been lifted and multiple accounts sharing a common billing entity is now supported. Please refer to our blog entry on AWS Gateways for more information.

Private Virtual Interface

To connect to private services, such as an Amazon Virtual Private Cloud (Amazon VPC), with dedicated network performance, use a private virtual interface.

A private virtual interface allows you to connect to your VPC resources (for example, EC2 instances, load balancers, RDS DB instances, etc.) on your private IP address space. A private virtual interface can connect to a Direct Connect gateway, which can be associated with one or more virtual private gateways in any AWS Regions. A virtual private gateway is associated with a single VPC, so you can connect to multiple VPCs in any AWS Regions using a private virtual interface. For a private virtual interface, AWS only advertises the entire VPC CIDR over the Border Gateway Protocol (BGP) neighbor.

Access to AWS resources via a private virtual interface has the following requirements:

  • A public or private Autonomous System Number (ASN)
    • You must own the public ASN
    • Supported private ASN range 64512 – 65535
  • An unused VLAN_ID that you choose
  • A VPC Virtual Private Gateway ID
  • AWS will allocate private IPs (/30) in the 169.x.x.x range for the BGP session or you may specify the CIDR private IP /30 space to use.

Below are the steps to deploying a Private VIF (Virtual Interface) connection to AWS DX.

Login to your Megaport Portal account at –

Order a VXC to AWS:

  • From the Megaport ribbon, choose +Connection.  

Next, select Cloud and choose Next.

From the New Connection window, choose the following items:

    1. Select AWS as the Provider.
    2. Select the Destination Port. This is the AWS region in which you’d like to establish the Direct Connect.

(Pro Tip: You can use the ‘Country Filter’ to narrow the selection.)

Choose Next.

From the Connection Details windows, choose the following items:

    1. Name Your Connection – A free text field allowing you to assign an easily identifiable name for this connection.
    2. Invoice Reference (optional).
    3. Rate Limit – Can be any value between 1 Mb up to the max rate limit of the B-end (typically 5Gbps for AWS).
    4. Preferred A-End VLAN – The VLAN for this connection that you will receive via the Megaport. This must be a unique VLAN ID on this Port. You can also select the toggle to “untag” this VXC. This will remove the VLAN tagging for this connection but will also mean only one VXC can be deployed on this Port.

Click Next.

AWS Cloud Details: Select your AWS Connection Type:

  1. Select Type: Private – Access private AWS services such as an Amazon Virtual Private Cloud (Amazon VPC), EC2 instances, load balancers, RDS DB instances, etc. on private (RFC 1918) IP address space.
  2. Set the AWS Connection Name – A free text field allowing you to assign an easily identifiable name for this connection.
  3. Provide your AWS Account ID – This is your AWS Account ID and can be found in the AWS Console, under ‘Account’.
  4. Set the Customer ASN: Can use a Public or Private Autonomous System Number (ASN).  If using Public, you must own the Public ASN. If using a Private, the supported private ASN range is 64512 – 65535.
  5. Set the BGP Auth Key.
  6. Customer IP Address & Amazon IP Address: AWS will allocate private IPs (/30) in the 169.x.x.x range for the BGP session. You can leave both columns blank or manually provide your assigned IPs using CIDR notation.

Click Next, then Add VXC.

Select Order

Select Order Now – This will initiate the provisioning of the VXC Direct Connect to AWS.

Additional useful links:

AWS DX User Guide


AWS Portal

©2020 Megaport. Megaport, Virtual Cross Connect, VXC and MegaIX are registered trademarks of Megaport (Services) Pty Ltd ACN 607 432 646.

Log in with your credentials

Forgot your details?