action.skip

Creating MVE Connections to Any Endpoint with Fortinet SD-WAN

This topic describes the general steps to configure and deploy a Megaport VXC connection in the Megaport Portal and integrate it with an MVE in Fortinet SD-WAN. The VXC can connect to a Cloud Service Provider, a Port, or an MCR.

Step 1 – Create an MVE

  • Create an MVE in the Megaport Portal.
    For more information, see Creating an MVE. The MVE needs to be in the active state.

Step 2 – Create a VXC from the MVE

  1. In the Megaport Portal, select the MVE created in Step 1.
  2. Create a VXC to another MVE, a Port, or Cloud Service Provider.
    For more information, see Creating a VXC. Ensure both ends of the connection are active and have BGP configured.
  3. In the connection details, note the A-End VLAN.

Step 3 – Collect these values for the connection

  • MVE IP address
  • MVE VLAN (A-End)
  • MVE ASN
  • Cloud/B-End IP address
  • B-End ASN
  • MD5 Password

Step 4 – Create an interface in FortiManager

  1. Log in to the FortiManager.

    Note

    You can also log in on your MVE instance: https://<mve-ip-address>

  2. From your managed device, go to the System menu and choose Interface.
    System Interface
    The page displays port1 as your physical interface.

  3. Click +Create New > Interface and provide this information:

    • Interface Name – Specify a meaningful name for the interface.
    • Alias Name (optional) – Enter an alternate name.
    • Type – Choose VLAN.
    • Interface – Choose the parent interface: port1.
    • VLAN ID – Specify the A-End VLAN for the connection.
    • Role – Choose Undefined.
    • Addressing Mode – Select Manual.
    • IP/Netmask – The IP address/netmask for the MVE.
    • Administrative Access - Specify how you want to access this interface, such as HTTPS, PING, and SSH.
    • DHCP Server - Click OFF.
      Interface Settings
  4. Click OK.
    The new VLAN interface appears with your port1 physical interface.

You can run an execute ping command from FortiOS to verify the connection.

Step 5 – Configure BGP

At this point, we have created the interface and next we need to create the BGP session.

  1. In FortiManager, go to Router > BGP.
    BGP Settings

  2. Provide this information:

    • Local AS – Provide the ASN for the MVE connection.
    • Router ID – Enter the B-End IP address (cloud provider, port, or other MVE).
      Interface Settings
  3. In Neighbors, click +Create New.

  4. For the neighbor IP, add the B-End IP address (cloud provider, Port, or other MVE).
  5. For Remote ASN, enter the ASN of the B-End.
  6. Click OK.
  7. Click Apply.
    The neighbor is configured but we need to add the BGP Auth information. The web interface does not let you define this and you need to use the command line to add the BGP details.

  8. SSH to the MVE instance using your private key file.
    For example
    ssh -i ~/.ssh/megaport-mve-instance-1-2048 admin@162.43.143.XX

  9. Use these commands to add a password for the BGP neighbor.

config router bgp
    config neighbor
        edit "<neighbor ip>"
            set password <auth password>
        next
    end

CLI steps for BGP

Step 6 – Validating your connection

You can review connection details, including the connection state, from the CLI with these commands:

  • get system interface – Displays configuration details and current status for the device interfaces.
  • get router info bgp neighbor <ip-address> – Displays configuration details and current status for the BGP neighbors.