Creating an AWS Hosted Connection for an MVE with VMware SD-WAN
A Hosted Connection with a capacity of 500 Mbps or less can support one private or public virtual interface. A Hosted Connection with a capacity of 1 Gbps or more can support one private, public, or transit virtual interface. Hosted Connections are dedicated connections and are recommended for production environments.
To create a Hosted Connection from an MVE to AWS
In the Megaport Portal, go to the Services page and select the MVE for the connection.
Click +Connection and click Cloud.
Select AWS as the service provider, select Hosted Connection as the AWS Connection Type, select the destination port, and click Next.
You can use the Country filter to narrow the selection.
Each destination port has either a blue or an orange icon to indicate its diversity zone. To achieve diversity, you need to create two connections with each one in a different zone.
Specify these connection details:
- Connection Name – The name of your VXC to be shown in the Megaport Portal.
- Invoice Reference – This is an optional field. It can be any text, such as a PO number or billing reference number.
- Rate Limit – This is the speed of your connection in Mbps. The speed cannot be changed once deployed. The drop-down list shows predefined rate limits available for your MVE, up to 10 Gbps. (Note: Transit gateway is available only for speeds at 1 Gbps or above.)
- Preferred A-End VLAN – Optionally, specify an unused VLAN ID for this connection. This must be a unique VLAN ID on this MVE and can range from 2 to 4093. If you specify a VLAN ID that is already in use, the system displays the next available VLAN number. The VLAN ID must be unique to proceed with the order. If you don’t specify a value, Megaport will assign one.
Specify the connection details for the AWS service.
AWS Connection Name – This is a text field and will be the name of your virtual interface that appears in the AWS console. The AWS Connection Name is automatically populated with the name specified in a previous step.
AWS Account ID – This is the ID of the account you want to connect. You can find this value in the management section of your AWS console.
Click Next to proceed to the connection detail summary, click Add VXC, and order the connection.
Once the VXC connection is deployed successfully, it appears on the Megaport Portal Services page and is associated with the MVE. Click the VXC title to display the details of this connection. Note that the service status (Layer 2) is up but BGP (Layer 3) will be down because the configuration does not exist yet.
Once deployed in the Megaport Portal, you need to accept the connection in the AWS console and create a Virtual Interface for the connection:
To accept a Hosted Connection
In AWS, go to Services > AWS Direct Connect > Connections and click the connection name.
Click Accept at the top right of the window.
The state will be pending for a few minutes while AWS deploys the connection. After it is deployed, the state changes from ordering to available.
The connection is now available, however you need to create a VIF to connect to AWS services.
For more information about accepting AWS connections, see the AWS documentation.
Creating a virtual interface
Once you have created and accepted a Hosted Connection, create a VIF and attach the Hosted Connection to a gateway.
AWS provides detailed instructions for creating Public, Private, and Transit interfaces.
To create and attach a VIF
In the AWS console, click Create Virtual Interface.
Select the interface type.
The type will vary depending on the type of service you need to access.
- Private – Access resources running into a VPC using their private IP addresses. You can choose to terminate a private virtual interface on a private virtual gateway (to access a single VPC) or to a Direct Connect gateway (and map up to 10 VPCs to the VIF).
- Public – Access all AWS public endpoints, as well as all AWS resources that are reachable by a public IP address.
- Transit – Transport traffic from a Direct Connect gateway to one or more transit gateways. A transit virtual interface is available only on a Hosted Connection with a capacity of at least 1 Gbps. When you select Transit for the VIF, slower connections are filtered and no longer appear in the interface.
Specify the configuration details:
- Virtual interface name – Enter a name for the virtual interface.
- Connection – The physical connection where you want this virtual interface to be provisioned. The name you provided for the Hosted Connection in the Megaport Portal appears here.
- Virtual interface owner – The account that will own the virtual interface. Select My AWS account.
- Direct Connect gateway – Select the Direct Connect gateway to attach this virtual interface to. A transit VIF is not directly attached to a Transit gateway, but to a Direct Connect gateway.
- VLAN – The VLAN assigned to the virtual interface. Leave this value as is. The VLAN address is populated and appears to be editable; however, you will get an error if you try to change it.
- BGP ASN – Specify the Border Gateway Protocol (BGP) autonomous system number (ASN) for the MVE side of the BGP session.
The following BGP details can be specified or left blank. When left blank, they are auto-populated by AWS.
You can also choose whether you want the virtual interface to support Jumbo frames. Enable Jumbo MTU to support an Ethernet packet of 8500 bytes.
Click Create virtual interface.
To view the VIF details and state, navigate to Services > AWS Direct Connect > Connections > Name of the Megaport-Created-Hosted Connection.
BGP hasn’t been configured, so the interface state appears as down.
Once you accept the connection and create the VIF in AWS, the VXC state changes to configured in the Megaport Portal.
Adding AWS connection details to Orchestrator
After you create the connection from your MVE to AWS and set up the connection in the AWS console, you need to configure it in Orchestrator. This involves configuring BGP settings, ASNs, VLANs, and MD5 values.
To add the AWS connection in Orchestrator
Collect the connection details from the AWS console.
Display the details of the Virtual Interface you created in AWS for this Hosted Connection. Note the values for the BGP ASN, BGP Auth Key, Your Peer IP, and Amazon Peer IP.
Collect the connection details from the Megaport Portal.
Click the gear icon for the AWS connection from your MVE and click the Details view. Note the value for the A-End VLAN.
In Orchestrator, go to Configure > Edges and click the MVE device.
Click the Device tab and scroll down to the Interface Settings.
Click +Add Subinterface.
The Select Interface dialog box appears.
From the Select Interface menu, choose GE3 and for the Subinterface ID enter the A-End VLAN ID configured on the MVE in the Megaport Portal.
The subinterface settings appear.
Change the Addressing Type to Static and provide the IP Address, CIDR value, and Gateway.
These values are available in the virtual interface details in the AWS console. The IP address and CIDR appear in the Your Peer IP field; the Gateway appears in the Amazon Peer IP field.
Ensure Enable VLAN Tagging is enabled.
The field is automatically populated with the VLAN ID you specified for the subinterface ID.
Click Update GE3:vlan-id.
In the upper-right corner of the Configure > Edges window, click Save Changes and then confirm.
This configures the interface, VLAN tags, and IP addresses so you can test with ping commands through the CLI. (BGP is not yet configured.)
Adding the subinterface momentarily disrupts the connection.
To configure BGP for the AWS connection in Orchestrator
In Orchestrator, go to Configure > Edges and click the MVE device.
Click the Device tab and in the Configure Segments section click Enable Edge Override for BGP Settings.
This override lets us define BGP values specific for this device beyond the profile definition.
Click the toggle button to turn on BGP and click Edit.
The BGP Editor appears.
For Local ASN, add the BGP ASN from the virtual interface details in the AWS console.
For the Neighbor IP, add the Amazon Peer IP from the virtual interface details in the AWS console.
For ASN, enter the Amazon-side ASN.
By default this is 64512.
View all Additional Options and enable MD5 Auth and enter your MD5 Password (BGP Auth Key) from the virtual interface details in the AWS console.
Click OK and then click Save Changes.
Validating your connection
Under Test & Troubleshoot > Remote Diagnostics, select the MVE and click Run for Troubleshoot BGP - Show BGP Summary to verify the BGP session and ensure the AWS router is up.
You can also check connectivity and BGP status from the CLI of the edge device. For details, see Reviewing your VMware MVE connection settings.