Skip to content

Creating MVE Connections to Any Endpoint with Palo Alto VM-Series

This topic provides the general steps to configure and deploy a Megaport VXC connection in the Megaport Portal and integrate it with an MVE in Palo Alto VM-Series. The VXC can connect to a Cloud Service Provider, a Port, or an MCR.

Step 1 – Create an MVE

  • Create an MVE in the Megaport Portal.
    For details, see Creating an MVE. The MVE needs to be in the active state.

Step 2 – Create a VXC from the MVE

  1. In the Megaport Portal, select the MVE created in Step 1.
  2. Create a VXC to another MVE, a Port, or Cloud Service Provider.
    For details, see Creating a VXC. Ensure both ends of the connection are active and have BGP configured.
  3. In the connection details, note the A-End VLAN.

Step 3 – Collect these values for the connection

  • MVE IP address
  • MVE VLAN (A-End)
  • Cloud/B-End IP address
  • B-End ASN
  • MD5 Password

Step 4 – Create an interface in VM-Series

  1. Log in to VM-Series.

  2. Choose Network > Interfaces.

  3. Click Add Subinterface.

  4. Provide these details:

    • Interface Name – Specify a meaningful name for the interface.
    • Comment – Enter an alternate name.
    • Tag – Specify the A-End inner VLAN value for the connection.
    • Virtual Router – Select a virtual router to the interface, as required by your network.
    • Type – Choose VLAN.
  5. Select the IPv4 tab.

  6. Select Static as the Type.
  7. Click +Add to add a new IP address.
  8. Enter the IPv4 address and netmask for the MVE.
  9. Click OK.
  10. Click Commit in the top right corner.
    Commit button
  11. Review the changes and click Commit. Commit changes
    The new VLAN interface appears with your physical interface.

Next, you will create a security zone so the interface can route traffic.

To create a security zone

  1. Select the ethernet1/1.1010 subinterface.
  2. Select New Zone from the Security Zone drop-down list.
  3. Specify a name for the security zone.
    Security zone settings
  4. Click +Add under Interfaces and add ethernet1/1.1010 to the security zone.
  5. Specify any additional details as required for your network security.
  6. Select New Zone Protection Profile from the Zone Protection Profile drop-down list.
  7. Specify any details as required for your network security. This example uses all the defaults.
    Zone Protection profile
  8. Click OK.
  9. Click OK in the Layer3 Subinterface screen.
  10. Click Commit in the top right corner.
    Commit button
  11. Review the changes and click Commit. Commit changes

Step 5 – Configure BGP

To create the BGP session

  1. In VM-Series, choose Network > Virtual Routers.
  2. Select the virtual router.
    Select virtual router
  3. In the left pane, select BGP.
  4. Provide the following BGP details:
    • Enable – Select this check box to start the BGP session after committing these changes.
    • Router ID – Enter the B-End IP address (cloud provider, port, or other MVE).
    • AS Number – Provide the ASN for the MVE connection. BGP details
  5. Click +Add under Auth Profiles.
  6. Specify a Profile Name.
    Profile name
  7. Enter and confirm the auth password.
  8. Click OK.
  9. Select the Peer Group tab.
    Peer Group tab
  10. Click +Add to add a peer group.
  11. Specify a name for the peer group.
  12. Specify eBGP as the session type.
  13. Specify any additional details as required for your network.
  14. Click +Add to add a new peer.
  15. Specify the details for the peer:
    • Name – Specify a name for the peer.
    • Peer AS – Specify the B-End Autonomous System Number (ASN).
    • Local Address – Select the proper subinterface and IP address from the drop-down list.
    • Peer Address – Enter the B-End IPv4 address.
      BGP Peer Group screen
  16. Select the Connection Options tab.
    Connection Options tab
  17. Select the previously created Auth Profile.
  18. Click OK in the Peer Group - Peer screen.
  19. Click OK in the BGP - Peer Group/Peer screen.
  20. Click OK in the Virtual Router screen.
  21. Click Commit in the top right corner.
  22. Review the changes and click Commit.

Step 6 – Validating your connection

To check the connection status

  1. Choose Network > Virtual Routers.
  2. Locate your virtual router (default).
  3. Click More Runtime Stats in the Runtime Stats column on the right.
    Runtime stats
  4. Select the BGP tab, and then select the Peer tab.
  5. Verify that the peer status is Established.
    Established status

Last update: 2023-04-13