action.skip

Creating an AWS Hosted Connection for an MVE with VMware SD-WAN

A Hosted Connection can support one private, public, or transit virtual interface. Hosted Connections are dedicated connections and are recommended for production environments.

To create a Hosted Connection from an MVE to AWS

  1. In the Megaport Portal, go to the Services page and select the MVE for the connection.

  2. Click +Connection and click Cloud.

  3. Select AWS as the service provider, select Hosted Connection as the AWS Connection Type, select the destination port, and click Next.
    You can use the Country filter to narrow the selection.
    Each destination port has either a blue or an orange icon to indicate its diversity zone. To achieve diversity, you need to create two connections with each one in a different zone.
    Add AWS Hosted Connection

  4. Specify the connection details:

    • Connection Name – The name of your VXC to be shown in the Megaport Portal.

    • Service Level Reference (optional) – Specify a unique identifying number for the VXC to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.

      Note

      Partner-managed accounts can apply a Partner Deal to a service. For more information, see Associating a Deal With a Service.

    • Rate Limit – The speed of your connection. The speed cannot be changed once deployed. The drop-down list shows predefined rate limits available for your MVE, up to 25 Gbps.

    • VXC State – Select Enabled or Shut Down to define the initial state of the connection. For more information, see Shutting Down a VXC for Failover Testing.

      Note

      If you select Shut Down, traffic will not flow through this service and it will behave as if it was down on the Megaport network. Billing for this service will remain active and you will still be charged for this connection.

    • A-End vNIC – Select an A-End vNIC from the drop-down list. For more information about vNICs, see Creating an MVE in the Megaport Portal.

    • Preferred A-End VLAN (optional) – Specify an unused VLAN ID for this connection.
      This must be a unique VLAN ID on this MVE and can range from 2 to 4093. If you specify a VLAN ID that is already in use, the system displays the next available VLAN number. The VLAN ID must be unique to proceed with the order. If you don’t specify a value, Megaport will assign one.

    • Minimum Term – Select No Minimum Term, 12 Months, 24 Months, or 36 Months. Longer terms result in a lower monthly rate. 12 Months is selected by default.
      Take note of the information on the screen to avoid early termination fees (ETF). For more information, see VXC Pricing and Contract Terms and VXC, Megaport Internet, and IX Billing.

    Connection details

  5. Click Next.

  6. Specify the connection details for the AWS service.

    • AWS Connection Name – This is a text field and will be the name of your virtual interface that appears in the AWS console. The AWS Connection Name is automatically populated with the name specified in a previous step.

    • AWS Account ID – This is the ID of the account you want to connect. You can find this value in the management section of your AWS console.
      AWS connection details

  7. Click Next to proceed to the connection detail summary, click Add VXC, and order the connection.

Once the VXC connection is deployed successfully, it appears on the Megaport Portal Services page and is associated with the MVE. Click the VXC title to display the details of this connection. Note that the service status (Layer 2) is up but BGP (Layer 3) will be down because the configuration does not exist yet.

VXC details

Once deployed in the Megaport Portal, you need to accept the connection in the AWS console and create a Virtual Interface for the connection:

To accept a Hosted Connection

  1. In AWS, go to Services > AWS Direct Connect > Connections and click the connection name.
    AWS Connections

  2. Click Accept at the top right of the window.
    Accept AWS Connections

    The state will be pending for a few minutes while AWS deploys the connection. After it is deployed, the state changes from ordering to available.

The connection is now available, however you need to create a VIF to connect to AWS services.

Note

For more information about accepting AWS connections, see the AWS documentation.

Creating a virtual interface

Once you have created and accepted a Hosted Connection, create a VIF and attach the Hosted Connection to a gateway.

Tip

AWS provides detailed instructions for creating Public, Private, and Transit interfaces.

To create and attach a VIF

  1. In the AWS console, click Create Virtual Interface.
    AWS virtual interface

  2. Select the interface type.

    The type will vary depending on the type of service you need to access.

    • Private – Access resources running into a VPC using their private IP addresses. You can choose to terminate a private virtual interface on a private virtual gateway (to access a single VPC) or to a Direct Connect gateway (and map up to 10 VPCs to the VIF).
    • Public – Access all AWS public endpoints, as well as all AWS resources that are reachable by a public IP address.
    • Transit – Transport traffic from a Direct Connect gateway to one or more transit gateways.
      AWS interface type
  3. Specify the configuration details:

    • Virtual interface name – Enter a name for the virtual interface.
    • Connection – The physical connection where you want this virtual interface to be provisioned. The name you provided for the Hosted Connection in the Megaport Portal appears here.
    • Virtual interface owner – The account that will own the virtual interface. Select My AWS account.
    • Direct Connect gateway – Select the Direct Connect gateway to attach this virtual interface to. A transit VIF is not directly attached to a Transit gateway, but to a Direct Connect gateway.
    • VLAN – The VLAN assigned to the virtual interface. Leave this value as is. The VLAN address is populated and appears to be editable; however, you will get an error if you try to change it.
    • BGP ASN – Specify the Border Gateway Protocol (BGP) autonomous system number (ASN) for the MVE side of the BGP session.

    The following BGP details can be specified or left blank. When left blank, they are auto-populated by AWS.
    AWS BGP details

    You can also choose whether you want the virtual interface to support Jumbo frames. Enable Jumbo MTU to support an Ethernet packet of 8500 bytes.

  4. Click Create virtual interface.

    To view the VIF details and state, navigate to Services > AWS Direct Connect > Connections > Name of the Megaport-Created-Hosted Connection.
    VIF details

    BGP hasn’t been configured, so the interface state appears as down.

Once you accept the connection and create the VIF in AWS, the VXC state changes to configured in the Megaport Portal.

Adding AWS connection details to Orchestrator

After you create the connection from your MVE to AWS and set up the connection in the AWS console, you need to configure it in Orchestrator. This involves configuring BGP settings, ASNs, VLANs, and MD5 values.

To add the AWS connection in Orchestrator

  1. Collect the connection details from the AWS console.
    Display the details of the Virtual Interface you created in AWS for this Hosted Connection. Note the values for the BGP ASN, BGP Auth Key, Your Peer IP, and Amazon Peer IP.
    Connection Details

  2. Collect the connection details from the Megaport Portal.
    Click the gear icon for the AWS connection from your MVE and click the Details view. Note the value for the A-End VLAN.

  3. In Orchestrator, go to Configure > Edges and click the MVE device.
    Select the Edge

  4. Select the Device tab and scroll down to the Interface Settings.

  5. Click +Add Subinterface.
    Add Subinterface
    The Select Interface dialog box appears.

  6. From the Select Interface menu, choose GE3 and for the Subinterface ID enter the A-End VLAN ID configured on the MVE in the Megaport Portal.
    Select Interface
    The subinterface settings appear.

  7. Change the Addressing Type to Static and provide the IP Address, CIDR value, and Gateway.
    These values are available in the virtual interface details in the AWS console. The IP address and CIDR appear in the Your Peer IP field; the Gateway appears in the Amazon Peer IP field.
    Subinterface Settings

  8. Ensure Enable VLAN Tagging is enabled.
    The field is automatically populated with the VLAN ID you specified for the subinterface ID.

  9. Click Update GE3:vlan-id.

  10. In the upper-right corner of the Configure > Edges window, click Save Changes and then confirm.
    This configures the interface, VLAN tags, and IP addresses so you can test with ping commands through the CLI. (BGP is not yet configured.)

    Note

    Adding the subinterface momentarily disrupts the connection.

To configure BGP for the AWS connection in Orchestrator

  1. In Orchestrator, go to Configure > Edges and click the MVE device.

  2. Select the Device tab and in the Configure Segments section click Enable Edge Override for BGP Settings.
    This override lets us define BGP values specific for this device beyond the profile definition.
    Enable BGP

  3. Click the toggle button to turn on BGP and click Edit.
    The BGP Editor appears.

  4. For Local ASN, add the BGP ASN from the virtual interface details in the AWS console.

  5. For the Neighbor IP, add the Amazon Peer IP from the virtual interface details in the AWS console.

  6. For ASN, enter the Amazon-side ASN.
    By default this is 64512.

  7. View all Additional Options and enable MD5 Auth and enter your MD5 Password (BGP Auth Key) from the virtual interface details in the AWS console.
    BGP Settings

  8. Click OK and then click Save Changes.

Validating your connection

Under Test & Troubleshoot > Remote Diagnostics, select the MVE and click Run for Troubleshoot BGP - Show BGP Summary to verify the BGP session and ensure the AWS router is up.

You can also check connectivity and BGP status from the CLI of the edge device. For more information, see Reviewing your VMware MVE connection settings.