AWS Transit Gateway Inter-Region Routing with MCR

You can configure Megaport Cloud Router (MCR) to provide centralized routing between transit gateways in different regions using BGP to advertise routes dynamically.

This topic steps through a sample configuration and describes each of these steps:

MCR routing for inter-region transit gateways

Prerequisites

Before proceeding, ensure you have the following:

  • One or more VPCs in each region.
    The VPCs cannot have overlapping CIDRs.
  • AWS account number(s) associated with the transit gateways
  • Five private, non-overlapping ASNs.
    The supported range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

    The examples in this topic use these values:

    MCR/Gateway ASN
    mcr-va-01 65001
    dx-gwy1 65101
    dx-gwy2 65102
    tgw-us-west2 65103
    tgw-us-east1 65104

Creating an MCR

For our tutorial, we will create a 2.5 Gbps MCR in the Coresite VA1 data center.

  1. Log in to the Megaport Portal and choose Services.
  2. Click Create MCR.
  3. Select the preferred data center location for the MCR and click Next. For this example, in the Search field enter Ashburn, choose Coresite VA1, and click Next.
  4. Specify the details for the MCR.
    • Rate Limit - Select 2.5 Gbps.
    • MCR Name - Enter a name. This example configuration uses mcr-va-01.
    • Invoice Reference (optional) - Specify an identifying number for the MCR to be used for billing purposes, such as a purchase order number.
    • MCR ASN - Override the default ASN and enter 65001.
  5. Click Next.
  6. Confirm the selected options and click Add MCR.
  7. On the left side of the Services page, click Order.
  8. Review the Order Services agreement, and click Order Now.

Wait a few moments for the MCR to be deployed. When deployed, the MCR icon changes to green indicating the MCR is ready for Virtual Cross Connects (VXCs).

Creating VXCs to AWS Hosted Connect

With the new MCR, you want to create two VXC connections: one for each Diversity Zone.

To create a VXC to AWS Hosted Connect

  1. From the Services page of the Megaport Portal, select the newly created MCR.
  2. Click the Amazon Web Services icon.
  3. Select Hosted Connection as the AWS Connection Type.
    A list of available AWS Hosted Connect locations appears.
  4. Select USA from the Country Filter dropdown, click the orange Diversity Zone icon, and select US East (N. Virginia) Coresite VA1.
  5. Click Next.
  6. Specify the details for the VXC.
    • Name your connection - Name the connection mcr-va-01 to dxgwy1.
    • Rate Limit - Choose 1 Gbps.
  7. Click Next.
  8. For now, skip the MCR Connection detail (we will come back to it later) and click Next.
  9. Enter your account ID in the AWS Account ID field and click Next.
  10. Click Add VXC.

Repeat these steps to create a second VXC, but instead click the blue Diversity Zone icon and select US East (N. Virginia) Coresite VA1. Name the connection mcr-va-01 to dxgwy2.

On the left side of the Services page, the two VXCs appear as Configured Services. Click Order, review the Megaport Global Services Agreement, and click Order Now.

The Megaport Portal displays the Services page, where both VXCs appear and transition from a deployable to configured state. Once the VXCs are provisioned, their icons change to green, signifying they are ready for service.

The next steps are in the AWS console to:

  • Accept the Hosted Connections
  • Create the Direct Connect Gateways
  • Create the transit gateways
  • Create the transit VIF
  • Attach your VPCs to each transit gateway

Accepting the Hosted Connection

You must accept a Hosted Connection before you can begin using it. Follow the steps for accepting a Hosted Connection from the AWS Direct Connect User Guide.

  1. Open the Amazon Direct Connect console.

  2. Go to Services > AWS Direct Connect > Connections.

  3. Click the ID of the connection named mcr-va-01 to dxgwy1.
  4. Click Accept on the top right and Confirm in the Accept Hosted connection confirmation window.
  5. Repeat the steps to accept the second connection named mcr-va-01 to dxgwy2.

Each connection will transition from a pending to available state.

Creating the Direct Connect gateways

Direct Connect gateways are global resources, which means they can be used by resources in any commercial AWS region. Each Direct Connect gateway is its own ASN. In our sample configuration, we create multiple Direct Connect gateways with unique ASNs to allow routing between transit gateways in the different regions.

We will follow the steps for creating a Direct Connect gateway.

  1. Choose Direct Connect Gateways from the navigation pane on the left, and then click Create Direct Connect Gateway.

  2. Enter the Name and Amazon side ASN: our example uses dx-gwy1 and 65101.

  3. Click Create.

  4. Repeat this process for a second Direct Connect gateway with dx-gwy2 for the name and 65102 for the Amazon-side ASN.

Creating a transit virtual interface between the MCR and each Direct Connect gateway

These steps follow those outlined for creating a transit virtual interface to the Direct Connect gateway from the AWS Direct Connect User Guide.

  1. In the AWS console, choose Connections from the navigation pane on the left, and then click the ID of the connection for mcr-va-01 to dxgwy1.
  2. In the navigation pane, choose Virtual interfaces.
  3. Click Create virtual interface.
  4. Choose Transit as your Virtual interface type.
  5. Under Transit virtual interface settings, enter tvif-dxgwy1 for the Virtual interface name.
    The Connection and VLAN fields are pre-populated.
  6. Under the Virtual interface owner, select My AWS account.
  7. In the Direct Connect gateway drop-down, select dx-gwy1.
    The BGP ASN field is the ASN of the MCR, which is 65001. You do not need to change the other settings.
  8. Scroll to the bottom and click Create virtual interface. A message appears confirming that the virtual interface was created successfully.
  9. Click the ID of the newly created Virtual interface to display the Peerings information. Take note of the values for the BGP authentication key, your router IP, and the Amazon router IP. You will need these to finish configuring the MCR.

Repeat these steps for the transit virtual interface between the MCR and dx-gwy2 and name the virtual interface tvif-dxgwy2.

Configuring BGP between the MCR and each Direct Connect gateway

  1. In the Megaport Portal, choose Services.
  2. Select the MCR you want to use.

  3. Locate the VXC titled mcr-va-01 to dxgwy1, click the green VXC icon, and click Next.

  4. In the IP Addresses field, enter the value for the router IP (subnet mask included) that you previously copied from the AWS Direct Connect console.

  5. Click +Add.
  6. In the BGP Connections field, click +Add BGP Connection.
  7. Enter the following values:

    • Local IP - Select the value you just entered from the drop-down list.
    • Peer IP - Enter the Amazon router IP value (without the subnet mask).
    • Peer ASN - Enter the ASN of dxgwy1, which is 65101.
    • BGP Auth - Enter the BGP authentication key from the AWS console.
  8. Click Add, click Save, and then Close.

    Note

    It can take a couple minutes for the updates to be reflected in the Portal.

Repeat these steps for the VXC to dxgwy2 and tvif-dxgwy2. Use the ASN value of 65102.

  1. Locate the VXC titled mcr-va-01 to dxgwy2, click the green VXC icon, and click Next.

  2. In the IP Addresses field type in the value for the router IP (subnet mask included) that you previously copied from the AWS Direct Connect console.

  3. Click +Add.
  4. In the BGP Connections field, click +Add BGP Connection.
  5. Enter the following values:

    • Local IP - Select the value you just entered from the drop-down list.
    • Peer IP - Enter the Amazon router IP value (without the subnet mask).
    • Peer ASN - Enter the ASN of dxgwy2, which is 65102.
    • BGP Auth - Enter the BGP authentication key from the AWS console.
    • Override MCR ASN - Leave the default value as is.
  6. Click Add, click Save, and then click Close.

Within 3 to 5 minutes, check the AWS Direct Connect console and review the details of each transit virtual interface for the BGP status.

Creating a transit gateway

These steps follow those outlined for creating a transit gateway from the Amazon Virtual Private Cloud Transit Gateways Guide.

  1. Open the Amazon VPC management console.

  2. Select the region for your VPC.
    For our example, select us-west2.

  3. Choose Transit Gateways from the navigation pane on the left.
  4. Click Create Transit Gateway.
  5. Specify the following transit gateway details:
    • Name tag - Give your transit gateway a friendly name. This tutorial uses the name tgw-us-west2.
    • Description - This field is optional.
    • Amazon side ASN - Enter the Autonomous System Number for your transit gateway. Following the values defined in prerequisites, we will use 65103.
      The rest of the settings are optional. You can modify the default settings if you want to disable DNS support, or you don’t want to use the default route table. Leave the default values as they are.
  6. Click Create Transit Gateway.
  7. Wait for the request to succeed and click Close.
    The initial state of the transit gateway is Pending.

Repeat these steps for the transit gateway in us-east1, with the name tgw-us-east1, and Amazon-side ASN 65104.

Attaching your VPCs to the transit gateway

These steps follow those outlined for attaching your VPCs to the transit gateway from the Amazon Virtual Private Cloud Transit Gateways Guide.

Before you complete these steps, wait for the state of your transit gateway to change to available. This may take 15 to 20 minutes to complete.

  1. Make sure that the us-west2 region is selected.
  2. From the VPC console, scroll to the bottom and select Transit Gateway Attachments.
  3. Choose Transit Gateway Attachments from the navigation pane on the left.
  4. Select the transit gateway you created for the attachment from the Transit Gateway ID drop-down list.
  5. Select VPC as the Attachment type.
  6. Optionally, enter an attachment name.
  7. DNS support is enabled by default; keep this setting.
  8. Ensure that the IPv6 support checkbox is cleared.
  9. Select the VPC to attach from the VPC ID drop-down list.
  10. For Subnet IDs, select one subnet for each Availability Zone to be used by the transit gateway to route traffic.
    You can select only one subnet per Availability Zone.
  11. Click Create attachment.
  12. Wait for the request to succeed, and then click Close.
  13. Repeat these steps for the VPC in us-east1.

Attaching your transit gateway to the Direct Connect gateway

These steps follow those outlined for Transit Gateway Associations from the AWS Direct Connect User Guide.

  1. Open the Amazon VPC management console.
  2. Select Direct Connect gateways from the navigation pane on the left.
  3. Select the ID for the dx-gwy1 Direct Connect gateway.
  4. Choose Gateway associations.
  5. Select the transit gateway you created (tgw-us-west2) from the Gateways drop-down list.
  6. Enter the CIDR prefix of your VPCs in Allowed prefixes.
    This tells the TGW what prefixes to advertise to the Direct Connect gateway. Up to 20 prefixes are permitted per transit gateway.
  7. Click Associate gateway.
  8. Repeat these steps for dx-gwy2 and tgw-us-east1.

When complete, the state of the transit gateway association changes from associating to available.

Verifying route tables

As the final step, verify the routing tables on each transit gateway. These steps follow those outlined for View Transit Gateway Route Tables from the Amazon Virtual Private Cloud Transit Gateways Guide.

  1. Open the Amazon VPC management console.
  2. Select the region for your VPC (our example uses us-west2).
  3. Choose Transit Gateway Route Tables from the navigation pane on the left.
  4. Select the Routes tab to see the route for the corresponding transit gateway learned from Direct Connect Gateway.
  5. Repeat these steps for the transit gateway in us-east1.

Last update: