AWS - Direct Connect Dedicated Connection How To

Introduction

The purpose of this guide is to show step by step how to deploy an AWS - Direct Connect Dedicated Connection using Open Coconut as a Direct Connect Dedicated Connection AWS provider. We will go through the different processes involved at both AWS and Open Coconut side. Then we will verify that the traffic is properly passing through.

This guide will show you how to deploy a service end to end between your on-prem and your AWS infra over a dedicated circuit running on vlan 50.

Requirements

You will need the following in order to properly follow this guide:

Architecture

For the purpose of this guide, we will deploy a single AWS Direct Connect Dedicated Connection. If you are interested in deploying a redundant one, you may just duplicate this setup. If you struggle or if something is unclear, please chat with us.

Here's the diagram of the architecture that will be used for this guide.

 

aws-direct-connect-dedicated-connection-redundant

AWS procedure

  • Order a port

    • Login the AWS portal
    • In the search bar, top left, type Direct Connect
    • Click "Direct Connect" under the Service list
    • On the left menu, select "Connections"
    • Then on the top right corner click "Create Connection"
    • Fill in the required information as follow:
      • Connection Type -> Classic
      • Name -> give a friendly name to your connection ("AWS-OC-OnPrem" for instance)
      • Select a location, this must be the location where you will order the OC AWS port (in the OC portal)
        • You can check the locations that we have in common with AWS by login portal.openccnt.com, click "Ports" menu, then "Create", then select either "AWS 1Gbps Port" or AWS 10Gbps Port". From the drop down menu we list the locations that we have in common with AWS.
      • Select the speed of the port
      • Tick the "Connect through an AWS Direct Connect Partner" and select "Other"
      • Fill in the name of the provider as "Open Coconut"
      • Finally click the "Create Connection" button
    • LoA (Letter of Authorization)
      • Once the connection has been created, click on it to see the details and then click the "Download LoA" button at the top right corner
      • This LoA will need to be uploaded when creating the port at Open Coconut 's side

  • Create a Direct Connect Gateway

    • On the left menu, select "Direct Connect Gateway"
    • Then on the top right corner click "Create Direct Connect Gateway" button
      • Give a name to your direct connect gateway (for instance "AWS-OC-DCG")
      • Pick a BGP ASN for the AWS side (this will be a private ASN)
    • Then click the "Create Direct Connect Gateway" button

  • Create a VIF

    • On the left menu, click "Virtual Interfaces"
    • Then on the top right corner, click "Create Virtual Interface"
      • We will be creating a private VIF (Virtual Interface), this allows you to have access to your AWS infrastructure via their private IP addresses
      • Fill the name with "AWS-OC-VLAN-50) for instance or adapt to your VLAN ID
      • Under connection, pick the connect that has been created under the "Create a Direct Connect Gateway" step
      • Virtual interface owner: keep the default settings
      • Gateway Type: select Direct Connect
      • Virtual Local Area Network (VLAN): fill this in with your VLAN ID, in our example this will be vlan 50, so we type 50
      • BGP ASN: fill this in with your own BGP ASN, if you don't have a public one or don't want to use it, you can use a private one, which must be different than the one used at the "Create a Direct Connect Gateway" step
      • Additional settings, are not needed for the purpose of this guide, but things like MTU, providing your own IP's could be set there
      • Next we're ready to hit the "Create Virtual Interface button"

  • Bring connectivity to your VPC

    • We will assume that you have deployed a transit gateway in your VPC for the this step, as this is the most convenient deployment
      • Attach the Direct Connect Gateway to your Transit Gateway
        • In the Direct Connect menu on the left select "Direct Connect Gateways"
        • Then select the Direct Connect Gateway created at step "Create a Direct Connect Gateway"
        • Click the tab "Gateway Associations"
        • Then click "Associate Gateway" button on the top right corner of the table
          • Select your Transit Gateway
          • Fill in the prefix-list, those must be your private subnets from your AWS VPC that you want to advertise over the Direct Connect connection
          • Then hit the "Associate Gateway" button
      • Extend connectivity from your transit gateway to your VPC
        • For this, we need to create a virtual private gateway, then link it to our VPC routing table
          • Go to your VPC, then on the left menu click "Virtual Private Gateways" under the "Virtual Private Network (VPN)" menu
            • Click the top right corner button "Create Virtual Private Gateway"
              • Give it a name: for instance AWS-OC-VPGW
              • Keep the ASN set to "Amazon default ASN"
              • Hit the "Create Virtual Private Gateway" button
            • Now we go in our routing table, for the VPC we want to connect to our on-prem network
              • Select the routing table
                • Click the "routes" tab
                  • Click the "edit routes" button at the top right corner of the table
                    • Add there your on-prem subnet and associate it with the VPGW that we just created above
                    • You may as well want to add the interconnection subnet provided by AWS for the BGP peering (the 169.x.x.x/29 subnet)
                      • Find this going into the Direct Connect service, then click Virtual Interfaces on the left menu, click on your VIF and you'll see the peering information

Open Coconut procedure

  • Create ports (video)

    • Facing your equipment
      • Login the OC's portal at portal.openccnt.com
      • On the top menu, select "ports" then click "create"
      • Then select "1 or 10G Ethernet Fiber Port"
      • From the location menu, select the datacenter where your infrastructure sits
      • Give a friendly name to your port, and then click "Create port"
      • After a few seconds, the port is ready
      • Click "Go to ports", and then click the little icon under the LoA column
        • With this LoA you can order the cross connect between your equipment and OC's equipment (usually 3 business days)
        • In this process the customer is responsible for ordering the cross connect to OC's equipment

    • Facing AWS equipment
      • Login the OC's portal at portal.openccnt.com
      • On the top menu, select "ports" then click "create"
      • Then select "AWS Direct Connect 1Gbps Port" or "AWS Direct Connect 10Gbps Port", depending if you need a 1G or 10G ports
      • From the location menu, select the datacenter where your infrastructure sits
      • Upload the LoA received when you ordered your AWS Direct Connect port
      • Give a friendly name to your port, and then click "Create port"
      • After a few seconds, the port is ready
      • OC's network engineer will request the cross connect, hence OC is responsible for the cross connect in this case

    • Verification
      • In OC's portal, click "Ports", then "List"
      • Next to your ports, under the "Actions" colum, click the ... icon
      • Then click "Details"
      • You have full view on your port, you can:
        • Check the status "Up/Down"
        • Turn it Up or Down
        • Select the speed at which the port is running 1G or 10G
          • By default the ports are set to 10G, if you ordered a 1G port at AWS side, it's important to set the port facing AWS to a speed of 1G, otherwise the port will not come up
      • If both ports are in UP | UP state, then you may move on the next step

  • Deploy service

    • Create a service
      • Login the OC portal
      • Then select "Services" and click "Create" from the top menu
      • Select "OC-Cloud"
      • Select "AWS"
      • A new page opens, in the top left menu select your source port (the one deployed facing your equipment, in your on-prem site)
      • Then select the destination port (the one facing AWS equipement, at the remote location)
      • Then click the "Select a route" menu, and a list of available routes is displayed
      • Pick one of the route:
        • You'll see telemetry data related to that route, if that suits your needs move on otherwise you may pick another router
      • Moving on to the "Bandwidth Required" field, you enter the amount of desired bandwidth or move the cursor to adjust it to your need
      • Once all set click the "Deploy" button
      • A new menu appears summarizing your choices
        • Insert the VLAN ID over which the service needs to deploy (this one has to match all the way long, at AWS side, at OC side and at your side)
        • Give a friendly name to your service
        • Finally click "Create Service"
      • After few seconds the service has been deployed

    • Verification
      • To verify the status of your service, click "Services" from the top menu
      • Then click "List"
      • Then next to your service, under the column "Actions" click the ...
      • Then select "Details"
      • A new page open with all the details related to your service

Establish Layer 3 Connectivity

    • Get your peering information

      • Find this going into the Direct Connect service, then click Virtual Interfaces on the left menu, click on your VIF and you'll see the peering information
        • Assign the your side of the subnet to your equipment at your on-prem location
          • Try to ping the AWS side, if everything went well you should get a reply to your ping, if that's the case move on configuring BGP to exchange route between AWS and your on-prem equipment

    • Configure your router for BGP

      • Find this going into the Direct Connect service, then click Virtual Interfaces on the left menu, click on your VIF 
      • Then click the "Action" menu on top right corner
      • Then click Download > Sample configuration
        • Select your router model and download the corresponding configuration 

Conclusion

If everything went well, you should now be able to at least ping the remote BGP peering IP. If you cannot reach your Virtual Instances from your on-prem, please check your security-group attached to your VM. Ultimately you may also want to check the Network ACL if any, attached to your VPC

Still not working ?

Chat with us at www.openccnt.com or get in touch with us by email at noc@openccnt.com

product related video description or diagram

Features

Network path visualisation

Build multi-provider network paths and visualize them on  map so you know where your packets are going and avoid SPOF's

Instant delivery

Chose your circuit, configure your vlan, click deploy and your packets can start flowing on the instantly deployed circuit

Real-time metrics

Get metrics streamed directly from the network and browse historical statistics so you're sure to pick the link that best suits your needs

On-demand rerouting

Change the path and service providers if you're not happy with the service delivered or troubleshoot your issues with full control on the network

Peer with anyone

Make your port visible on the platform so your business partners can request an interco. Manage the link billing the way you imagine it  

Our other products and services

magic-wandcloud-syncmaplocationchart-barsearthbullhornlinkmove linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram