Creating MVE Connections to Any Endpoint with Palo Alto VM-Series

This topic provides the general steps to configure and deploy a Megaport VXC connection in the Megaport Portal and integrate it with an MVE in Palo Alto VM-Series. The VXC can connect to a Cloud Service Provider, a Port, or an MCR.

Step 1 – Create an MVE

Create an MVE in the Megaport Portal.
For more information, see Creating an MVE. The MVE needs to be in the active state.

Step 2 – Create a VXC from the MVE

In the Megaport Portal, select the MVE created in Step 1.
Create a VXC to another MVE, a Port, or Cloud Service Provider.
For more information, see Creating a VXC. Ensure both ends of the connection are active and have BGP configured.
In the connection details, note the A-End VLAN.

Step 3 – Collect these values for the connection

MVE IP address
MVE VLAN (A-End)
MVE ASN
Cloud/B-End IP address
B-End ASN
MD5 Password

Step 4 – Create an interface in VM-Series

Log in to VM-Series.
Choose Network > Interfaces.
Click Add Subinterface.
Provide these details:
- Interface Name – Specify a meaningful name for the interface.
- Comment – Enter an alternate name.
- Tag – Specify the A-End inner VLAN value for the connection.
- Virtual Router – Select a virtual router to the interface, as required by your network.
- Type – Choose VLAN.
Select the IPv4 tab.
Select Static as the Type.
Click +Add to add a new IP address.
Enter the IPv4 address and netmask for the MVE.
Click OK.
Click Commit in the top right corner.
Review the changes and click Commit.
The new VLAN interface appears with your physical interface.

Next, you will create a security zone so the interface can route traffic.

To create a security zone

Select the ethernet1/1.1010 subinterface.
Select New Zone from the Security Zone drop-down list.
Specify a name for the security zone.
Click +Add under Interfaces and add ethernet1/1.1010 to the security zone.
Specify any additional details as required for your network security.
Select New Zone Protection Profile from the Zone Protection Profile drop-down list.
Specify any details as required for your network security. This example uses all the defaults.
Click OK.
Click OK in the Layer3 Subinterface screen.
Click Commit in the top right corner.
Review the changes and click Commit.

Step 5 – Configure BGP

To create the BGP session

In VM-Series, choose Network > Virtual Routers.
Select the virtual router.
In the left pane, select BGP.
Provide the following BGP details:
- Enable – Select this check box to start the BGP session after committing these changes.
- Router ID – Enter the B-End IP address (cloud provider, port, or other MVE).
- AS Number – Provide the ASN for the MVE connection.
Click +Add under Auth Profiles.
Specify a Profile Name.
Enter and confirm the auth password.
Click OK.
Select the Peer Group tab.
Click +Add to add a peer group.
Specify a name for the peer group.
Specify eBGP as the session type.
Specify any additional details as required for your network.
Click +Add to add a new peer.
Specify the details for the peer:
- Name – Specify a name for the peer.
- Peer AS – Specify the B-End Autonomous System Number (ASN).
- Local Address – Select the proper subinterface and IP address from the drop-down list.
- Peer Address – Enter the B-End IPv4 address.
Select the Connection Options tab.
Select the previously created Auth Profile.
Click OK in the Peer Group - Peer screen.
Click OK in the BGP - Peer Group/Peer screen.
Click OK in the Virtual Router screen.
Click Commit in the top right corner.
Review the changes and click Commit.

Step 6 – Validating your connection

To check the connection status

Choose Network > Virtual Routers.
Locate your virtual router (default).
Click More Runtime Stats in the Runtime Stats column on the right.
Select the BGP tab, and then select the Peer tab.
Verify that the peer status is Established.

Last update: 2024-04-15