multi-cloud networking

Connecting On-Prem to AWS using MegaPort

There are several designings possible when connecting on-premises equipment to AWS using Direct Connect:

In this document, we are going to use Megaport offerings to connect a data center to AWS.

Port

  • It is a physical connection at a colocation facility where Megaport is present and it requires a cross-connect from your data center to the Megaport network.
  • It is a Layer 2 connection

Types of ports offered by MegaPort:

Hosted VIF
Hosted Connection
Direct Connection (not covered on the following in this document)

How to request/create a port

Connect to the Megaport portal and click on Services tab. Select Create a Port:

Pick a location:

Choose the speed required, give a name to the port, and select the minimum contract term:

MegaPort can cross connect ports in a few locations. Ports are assigned to diversity zones. A diversity zone groups devices at the same location to ensure that services are provisioned on physically separate devices.

After the Port is provisioned Megaport generates a Letter of Authorization (LOA) specifying the demarcation point to be applied to your service.

The PDF of the LOA is also sent to you by email.

Provide the LOA to your data center operator to establish the physical cross connect from your network device to your new Port. If your setup and location have the cross-connect option you can select it and MegaPort will take care of that.

Once the Port has been provisioned and deployed you have access to the Megaport network and can start adding Virtual Cross Connects (VXCs) to the Port.

Create a Virtual Cross Connect (VXC) to AWS

  • A VXC is a private point-to-point Ethernet connection between your A-End Port and a B-End destination (CSPs, Ports, Megaport Marketplace services, or IX):

Select AWS:

Select Hosted VIF or Hosted Connection:

  • Hosted VIFs (Hosted Virtual Interfaces) can connect to public or private AWS cloud services.
    • AWS port fee is included with the Megaport connection.
    • Managed and monitored shared customer bandwidth.
    • Ability to change the VXC speed.
    • Configurable in 1 Mbps VXC increments between 1 Mbps – 5 Gbps.
    • Automatic configuration of attached Megaport Cloud Router.
  • Hosted Connection VXC supports a single AWS VIF to either a public, private, or transit gateway.
    • AWS Port fee is billed through Amazon.
    • Dedicated bandwidth.
    • Set VXC speeds increments from 50 Mbps to 10 Gbps.
    • No VXC speed changes.
    • Support for diverse Ports for resiliency.

Choose the Destination Port (latency times are displayed):

Hosted VIF
Hosted Connection (pick the destination port in the same diversity zone is possible)

Hosted VIF

Select Public or Private and then provide the AWS Account Information and also the BGP details (ASN, Auth Key, IP addresses):

Give a connection name, rate limit, and VLAN (unique):

Once the connection is ordered and provisioned, it takes a few seconds to come up:

Checking AWS:

  • Hosted Interface creates a VIF (but not a connection)

BGP information:

Click Accept to confirm the virtual interface configuration.

On-prem router configuration example:

A sample configuration can be download from the VIF:

Sample configuration for a Cisco Nexus 9000:

! Amazon Web Services
!=======================================IPV4=======================================
! Direct Connect 
! Virtual Interface ID: dxvif-fgb9dg08
!
! --------------------------------------------------------------------------------
! Interface Configuration
!
! feature lacp (In case of a LAG connection)
feature interface-vlan
feature bgp

vlan 1051
name "Direct Connect to your Amazon VPC or AWS Cloud"

interface Vlan1051
  ip address 169.254.96.6/29
  no shutdown

! This is the interface that is directly cross-connected via single-mode fiber to
! Amazon's Direct Connect router.

interface Ethernet0/1
  switchport mode trunk
  switchport trunk allowed vlan 1051
! channel-group 1 mode passive (In case of a LAG connection)
  no shutdown

! In case of LAG, please configure the following as well:
! interface port-channel 1
! switchport mode trunk
! switchport trunk allowed vlan 1051

! --------------------------------------------------------------------------------
! Border Gateway Protocol (BGP) Configuration
!
! BGP is used to exchange prefixes between the Direct Connect Router and your
! Customer Gateway.
!
! If this is a Private Virtual Interface, your Customer Gateway may announce a default route (0.0.0.0/0),
! which can be done with the 'network' and 'default-originate' statements. To advertise additional prefixes, 
! copy the 'network' statement and identify the prefix you wish to advertise. Make sure the prefix is present in the routing
! table of the device with a valid next-hop.
!
! For Public Virtual Interface, you must advertise public IP prefixes that you own.  
!
! The local BGP Autonomous System Number (ASN) (65500) is configured as
! part of your Customer Gateway. If the ASN must be changed, the Customer Gateway
! and Direct Connect Virtual Interface will need to be recreated with AWS.
!
! An important note on the BGP setup on Nexus:
!   The address-family must be applied at the neighbor level as well as at the router level.

router bgp 65500
  address-family ipv4 unicast
   network 0.0.0.0
   neighbor 169.254.96.1 remote-as 64512
    password 0 0xTUmgWlrV5RE7sPW2fMKYi3
    address-family ipv4 unicast

! --------------------------------------------------------------------------------
! Bidirectional Forwarding Detection (BFD) Configuration
!
! Bidirectional Forwarding Detection (BFD) ensures fast forwarding-path failure detection times for BGP.
! Also provides fast failover to redundant Direct Connect connections.
! An example is provided below:


feature bfd
interface Vlan1051
 bfd interval 300 min_rx 300 multiplier 3
router bgp 65500
 neighbor 169.254.96.1 remote-as 64512
  bfd

! --------------------------------------------------------------------------------
! Local Preference BGP Communities (Optional)
!
! You can use local preference BGP community tags to achieve load balancing and route preference for incoming traffic to your network.
! For each prefix that you advertise over a BGP session, you can apply a community tag to indicate the priority of the associated path for returning traffic.
! The following local preference BGP community tags are supported:
!
!    7224:7100-Low preference
!    7224:7200-Medium preference
!    7224:7300-High preference
!
! Please add the appropriate local preference community tag when advertising prefixes to Amazon using the following example:
!
! ip prefix-list TAG-TO-AWS permit 0.0.0.0/0 le 32 
! route-map TO-AWS permit 10
!  match ip address prefix-list TAG-TO-AWS
!  set community 7224:7200
! router bgp 65500
!  neighbor 169.254.96.1 remote-as 64512
!   address-family ipv4 unicast
!    send-community 
!    route-map TO-AWS out
! Additional Notes and Questions
!  - Amazon Web Services Direct Connect Getting Started Guide:
!       http://docs.amazonwebservices.com/DirectConnect/latest/GettingStartedGuide/Welcome.html

If peer IPs are not provided, AWS picks them from the APIPA range (169.254.0.0/16).

Hosted Connection

Give a name to the connection, pick the rate limit that attend your requirements, a VLAN (unique) and click next:

Provide the AWS Account ID:

After ordering it, the connection should be provisioned after a few seconds:

Checking AWS:

Accept the new connection:

The next step in a Hosted Connection configuration is to create a VIF and associate it to the connection:

Next Steps

The next step is associate the VIF to (depending on the requirements):

  • VGW: Allows connections to a single VPC in the same Region.
  • DGW: Allows connections to multiple VPCs and Regions. A DGW needs also to attach to a TGW or VGW to connect to VPCs.

References

https://docs.megaport.com/connections/creating-port/

https://docs.megaport.com/portal-admin/loa

https://docs.megaport.com/cloud/megaport/aws

https://docs.aws.amazon.com/whitepapers/latest/hybrid-connectivity/hybrid-connectivity.html

Leave a Reply