Skip to content

Creating MCR Connections to AWS

You can create a VXC from an MCR to AWS Direct Connect (DX) through the Megaport ONE Portal. Follow the steps in this topic to establish a private, public, or transit VIF connection that can connect either directly to a selected VPC or to a range of VPCs either in a single or multiple AWS regions (within a single AWS account).

Prerequisites

Private Virtual Interface

Before you create a private connection from an MCR to AWS, make sure you have the following:

  • Your AWS Account number.
  • An AWS virtual private gateway or Direct Connect gateway associated with your VPCs.
  • The ASN number for the AWS gateway.
    When creating the AWS gateway, we recommend private ASNs for private connections and we recommend replacing the AWS default ASN (usually 7224) as routing multiple VXC instances to the same target ASN can result in routing anomalies.
  • An MCR.
    If you don’t currently have an MCR, create one following the procedures in Creating an MCR.

Note

The preferred manner for inter-region peering is multiple VXCs from a single MCR with individual connections to VGWs (often abbreviated VGW). (This model also supports inter-region peering between VPCs from multiple accounts.) Direct Connect gateways can aggregate multiple VGWs from local and remote regions and this method is more extensible than the VGW option, however, this option requires careful consideration of traffic paths and latency implications. We recommend that you consult the AWS documentation for information on the rules and limits imposed on the connection types.

Public Virtual Interface

You can create a public virtual interface to connect your MCR to public resources (non-VPC services).

To connect to public resources such as Amazon Simple Storage Service (S3) and Amazon DynamoDB, AWS generally requires you to bring public IP addresses to this connection. However, with the MCR, Megaport supplies a /31 range for public peering and for the global AWS route tables.

Public VIFs are not required to terminate onto a virtual private gateway or Direct Connect gateway and the target ASN will be the AWS public ASN for the destination region.

For a public connection, you need your AWS Account number.

Transit Virtual Interface

Before you create a transit connection from an MCR to AWS, make sure you have the following:

  • Your AWS Account number.
  • An AWS transit gateway attached to your Direct Connect gateway.
  • The ASN number for the Direct Connect gateway attached to the transit gateway.
  • An MCR.

Connecting an MCR to AWS Direct Connect

Once you have the prerequisites met, you can create the VXC to AWS from the MCR.

The VXC connection can be one of two AWS models: Hosted VIF or Hosted Connection.

Hosted VIFs can connect to public or private AWS cloud services: a Hosted VIF cannot connect to a transit virtual interface. The Hosted VIF is fully integrated with AWS and provides access to the routing information for automatic configuration of your MCR BGP peering.

A Hosted Connection can support one private, public, or transit virtual interface. The Hosted Connection configuration process does not have automatic access to routing information for the MCR and you need to configure the routing manually and specify BGP peering details on both the AWS virtual interface and the MCR A-End configuration in the Megaport ONE Portal.

For more details about each connection type, see Connecting to AWS Direct Connect.

Creating a Hosted VIF connection

To create a Hosted VIF VXC from an MCR to AWS

  1. In the Megaport ONE Portal, choose Networking > Services.
  2. Select the MCR you want to use.
  3. Click Actions and choose Add Connection.
    Add Connection
  4. Specify the General details:
    • Connection Type – Choose Cloud Virtual Cross Connect.
    • Cloud Provider – Choose Amazon Web Services.
    • AWS Connection Type – Select Hosted VIF.
      New connection General details
  5. Select the AWS region and interconnection point for your connection.
    AWS location
  6. Specify the AWS Configuration details for the AWS service:

    • AWS Connection Name – This will be the name of your virtual interface that appears in the Megaport ONE Portal and AWS console. This will be the name of your virtual interface that appears in the AWS console. For easy mapping, the name is pre-populated with the VXC name from the previous section.
    • AWS Account ID – This is the ID of the account you want to connect. You can find this value in the management section of your AWS console.
    • Type - Choose Public or Private. For both public and private connections, the BGP peering fields (BGP Auth Key, Customer IP Address, and Amazon IP Address) are automatically populated when the connection is created - although you can enter manual values if you have specific requirements.
      • Private – Access private AWS services such as a VPC, EC2 instances, load balancers, RDS DB instances, on private IP address space. For private Hosted VIFs, only the AWS Connection Name, AWS Account ID, and Amazon ASN fields are mandatory.
      • Public – Access public AWS services such as Amazon Simple Storage Service (S3), DynamoDB, CloudFront, and Glacier. You’ll also receive Amazon’s global IP prefixes (approximately 2,000 prefixes). Note: Public VIFs require manual intervention from Amazon and could take up to 72 hours. For public Hosted VIFs, only the AWS Connection Name and AWS Account ID are mandatory.
    • Customer ASN – An optional field, specifies the ASN used for BGP peering sessions on any VXCs connected to the MCR. This value is defined when you configure the MCR and, once defined, it cannot be changed. The default value is the Megaport public ASN 133937.
    • Amazon ASN – For private connections, this value needs to match either the ASN for the AWS virtual private gateway (for 1:1 VPC connections) or the ASN for the AWS Direct Connect gateway. For public connections, if you supply this value, it will be ignored and the ASN will be the AWS public ASN for the destination region.
    • BGP Password (optional) – Specify the BGP MD5 key. If you leave this blank, Megaport ONE negotiates a key automatically for you with AWS, and displays the key in the Megaport ONE Portal. (The key is not displayed in the AWS console.)
    • Customer IP Address (optional) – The IP address space (in CIDR format) used on your network for peering. This field is optional and, if left blank, Megaport ONE assigns an address.
    • Amazon IP Address (optional) – The IP address space in CIDR format assigned in the AWS VPC network for peering. This field is optional and if left blank, Megaport ONE automatically assigns an address.
    • Amazon Prefixes – (visible for Public connections only) An optional field for IP Prefixes to announce to AWS. Specify the prefixes you will advertise when deploying a Public Direct Connect (RIR-assigned IPv4 addresses only). Once you configure Prefixes for a Public connection, you cannot change them and the field is dimmed. To change this value, create a support ticket with AWS so they can make this change in a non-impacting way. Or, you can cancel the Hosted VIF and reorder. In both cases, you need to wait for AWS to manually approve the request.
      AWS configuration details
  7. Specify the VXC Configuration details:

    • VXC Name – The name of your VXC to be shown in the Megaport ONE Portal. (Tip – match this to the AWS Connection Name in the next section for easy mapping.)
    • Rate Limit – This is the speed of your connection in Mbps. Accepted values range from 1 Mbps to 5 Gbps in 1 Mbps increments.
  8. Specify the Billing Details:

    • Service Level Reference (optional) – Specify a unique identifying number for the VXC to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.

      Note

      Partner-managed accounts can apply a Partner Deal to a service. For details, see Associating a Deal With a Service.

    • Promo Code – If you have a promo code, enter it and click Add Code.

  9. Click Create Connection.
    AWS new connection details

  10. Click Confirm to acknowledge the MCR connection details and deploy the VXC.

Once the VXC connection is deployed successfully, it appears on the Portal Services page associated with the MCR. Click the VXC name to display the details of this connection.

Note

For private connections, in the Service Logs (found in the Details tab), the service status (Layer 2) is up but BGP (Layer 3) will be down because the matching configuration does not exist on the AWS side. This will be configured once you accept the virtual interface in the AWS console.

Accepting the Virtual Interface for private connections

Two to three minutes after ordering a private Hosted VIF VXC, the corresponding inbound VIF request is visible on the AWS Direct Connect > Virtual Interfaces page in the AWS console. (This is specific to the region associated with the target AWS port.) If your VIF doesn’t appear after a few minutes, confirm that you are viewing the correct region.

To review and accept the private virtual interface

  1. From the AWS Direct Connect > Virtual Interface page, click the ID of the interface to display the configuration and peering details.
    AWS Virtual Interfaces
    The name and account ID of the VIF should match the values supplied in the Portal and the BGP ASN should match the Customer ASN configured with the VXC. The Amazon Side ASN is the default region’s AWS ASN and not the value specified during the configuration - this is updated in the next step when the virtual interface is accepted and assigned.
  2. Click Accept.
  3. Select the gateway type and then the specific gateway for this new virtual interface. Specify a gateway
  4. Click Accept virtual interface.

After you accept the interface, the Amazon side ASN field changes to the ASN value specified in the configuration. The state of the connection changes from confirming to pending, and then changes to available once BGP has established. Note that sometimes there is a delay in the available BGP status appearing on the AWS end, though you can confirm the current state of the Layer 3 link through the Portal view.

Accepting the Virtual Interface for public connections

Several minutes after ordering a public Hosted VIF VXC, the corresponding inbound VIF request appears on the AWS Direct Connect > Virtual Interfaces page in the AWS console. (This is specific to the region associated with the target AWS port.)

To review and accept the public virtual interface

  1. From the AWS Direct Connect > Virtual Interface page, click the ID of the interface to display the configuration and peering details.
  2. Review the configuration details and click Accept, and when prompted, click Confirm.

The state of the connection changes from confirming to verifying. At this point, the connection needs to be verified by Amazon - a process that can take up to 72 hours. When verified, the state changes to available.

Creating a Hosted Connection

To create a Hosted Connection VXC from an MCR to AWS

  1. In the Megaport ONE Portal, choose Networking > Services.
  2. Select the MCR you want to use.
  3. Click Actions and choose Add Connection.
    Add Connection
  4. Specify the General details for the AWS service:
    • Connection Type – Choose Cloud Virtual Cross Connect.
    • Cloud Provider – Choose Amazon Web Services.
    • AWS Connection Type – Select Hosted Connection.
      New connection General details
  5. Select the AWS destination port.
    You can search for your preferred AWS port using the Region drop-down list, or enter a search term to filter results as you type. Click Clear Filters to reset the filters. Each destination port has either a blue or red icon to indicate its diversity zone. To achieve diversity, you need to create two connections with each one in a different zone.
    AWS location
  6. Specify the AWS Configuration details:

    • AWS Connection Name – This will be the name of your virtual interface that appears in the Megaport ONE Portal and AWS console. This will be the name of your virtual interface that appears in the AWS console. For easy mapping, the name is pre-populated with the VXC name from the previous section.
    • AWS Account ID – This is the ID of the account you want to connect. You can find this value in the management section of your AWS console.
  7. Specify the VXC Configuration details:

    • VXC Name – The name of your VXC to be shown in the Megaport ONE Portal. (Tip – match this to the AWS Connection Name in the next section for easy mapping.)
    • Rate Limit – The rate limit specifies the speed of the connection (in Mbps) and monthly billing details appear based on location and rate limit. Accepted values range from 1 Mbps to 5 Gbps in 1 Mbps increments.

      AWS new connection details

  8. Specify the Billing Details:

    • Service Level Reference (optional) – Specify a unique identifying number for the VXC to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.

      Note

      Root tenant accounts can apply a Partner Deal to a service.

    • Promo Code – If you have a promo code, enter it and click Add Code.

  9. Click Create Connection to deploy the VXC.
    AWS new connection details

  10. Click Confirm to acknowledge the MCR connection details.

To configure the MCR

  1. Select the MCR VXC.
  2. Select the A-End Configuration tab and click Edit.
    AWS new connection details
  3. For Interface IP Addresses, provide an IP address in CIDR format.
    This value is the IP address for the interface and is the MCR IP address used for BGP peering to AWS.
    Assign a /30 address in private address space.

    You can add a secondary IP address, if needed.

Configuring a BGP connection

For details on configuring a BGP connection, see Configuring BGP.

Once the VXC connection is deployed successfully, it appears on the Megaport ONE Portal Services page and is associated with the MCR. Click the VXC title to display the details of this connection. Note that the service status (Layer 2) is up but BGP (Layer 3) will be down because the configuration does not exist yet.

Accepting the connection in AWS

Once deployed in the Megaport ONE Portal, you need to set up the connection in the AWS console:

  1. In AWS, accept the connection.
    To review and accept in the AWS console, go to Services > AWS Direct Connect > Connections and click the connection name to review the details and accept. See the AWS documentation for details.
    The state will be pending for a few minutes while AWS deploys the connection.

  2. In the AWS console, click Create Virtual Interface and create a virtual interface for the hosted connection. Ensure you enter these values for BGP peering:

    • Your router peer IP – The BGP peer IP configured on the MCR.
    • Amazon router peer IP – The BGP peer IP configured on the AWS endpoint.
    • BGP authentication key – The password used to authenticate the BGP session.

    Important details to note:

    • AWS provides detailed steps for creating Public, Private, and Transit interfaces.

    • When you select Transit for the VIF, slower connections are filtered out and no longer appear in the interface.

    • The name you provided for the connection in the Megaport ONE Portal appears in the Connection list on this page.

    • The VLAN is populated and appears to be editable; however, you will get an error if you try to change it.

Once you accept the Hosted Connection in AWS and create a virtual interface with the BGP peering settings, the VXC state changes to configured in the Megaport ONE Portal.


Last update: 2023-01-21