action.skip

Using IPsec with Megaport

If you need to encrypt traffic between endpoints in an IP network, IPsecInternet Protocol Security (IPsec) is a secure network protocol suite for Internet Protocol (IP) communications that works by authenticating and encrypting packets of data in a communication session. It provides secure encrypted communication between two computers over an Internet Protocol network and is used in virtual private networks.
is the most common solution. IPsec encrypted traffic can be transparently carried over any Megaport VXC.

You can create an IPsec encrypted customer-to-customer, customer-to-cloud, or cloud-to-cloud connections. Refer to your cloud or equipment vendor’s documentation for more information about creating IPsec connections.

You can use an IPsec connection between two of your own devices using Megaport services.

Prerequisites

Before creating an IPsec encrypted link from customer-to-customer, you need:

  • An IPsec capable router at each of your locations.
  • Megaport Ports in locations where you can connect physically from your IPsec capable routers to the Port for each end of your connection.

To create a customer-to-customer encrypted connection

  1. From each IPsec capable router, create a physical link to a Megaport Port.
  2. Use a VXC to connect your Ports.
  3. Create an IPsec connection over the interfaces connected to Megaport.

IPsec customer to customer connection diagram. This image shows the structure of a IPsec encryption connection from a customer's IPsec capable router, connected to a Port, which is connected to another Port using a VXC. The second Port is connected to another of the customer's IPsec capable router.

Prerequisites

Before creating an IPsec encrypted link from customer-to-cloud, you need:

  • An IPsec capable router.
  • A Megaport Port in a location where you can connect physically from your IPsec capable router to the Port.
  • A connection to your CSP.

To create a customer-to-cloud encrypted connection

This example shows an IPsec connection from a customer to AWS Direct Connect.

  1. From your IPsec capable router, create a physical link to a Megaport Port.
  2. Use a VXC to connect the Port to the CSP, AWS Direct Connect in this case.
  3. Create an IPsec tunnel between your device and the CSP’s VPN services.

The connection will be IPsec encrypted from the IPsec capable router through to the AWS Transit Gateway.

IPsec customer router to AWS Transit Gateway diagram. This image shows the structure of a IPsec encryption connection from the customer's IPsec capable router, through a physical connection to a Megaport Port. This is connected to a AWS Direct Connect hosted connection using a Virtual Cross Connect (VXC). The Direct Connect Hosted connection is connected to a Transit Gateway via a Direct Connect Gateway.

Prerequisites

Before creating an IPsec encrypted link from cloud to cloud, you need:

  • A Megaport Cloud Router (MCR)
  • Connections to your CSPs VXCs

To create a cloud-to-cloud encrypted connection

This example describes an IPsec connection from AWS Direct Connect to Azure ExpressRoute.

  1. Create a VXC to connect your Direct Connect connection to the MCR.
  2. Use a VXC to connect the MCR to the ExpressRoute connection.
  3. Create an IPsec tunnel between the AWS and Azure VPN services.

The connection will be IPsec encrypted from the AWS Transit Gateway to the Azure Virtual Network Gateway.

IPsec AWS Direct Connect to ExpressRoute Virtual Network Gateway diagram. This image shows the structure of a IPsec encryption connection from an AWS Direct Connect, connected to a Megaport MCR using a VXC. This is connected  using a VXC to ExpressRoute and a Virtual Network Gateway.

Helpful references