Using the Megaport portal, follow Doug from Megaport on how to create a Salesforce ExpressConnect.
Salesforce’s private connection model is called Express Connect.
Express Connect supports private, dedicated access to Salesforce services.
- Express Connect is delivered as a Layer 3 routed service.
- Customers access Salesforce services using public IPs and are required to run BGP to receive Salesforce routes.
- Megaport will allocate a /31 public IP range for each Salesforce customer for peering.
There are two IP addressing options when using Express Connect:
- Customers can source NAT their customer LAN traffic to use the /31 Public IP space provided by Megaport.
- Customers can advertise their own Public IP address space to Salesforce. Salesforce will not accept RFC1918 routes.
Additional information to consider:
One virtual cross-connect (VXC) provisions two logical connections to Salesforce using our Megaport Cloud Router (MCR). Salesforce has redundant routers which will provide guaranteed uptime for both service locations.
Salesforce can take up to two business days with the turnaround time for approval from their end; once a VXC is deployed from our Portal.
IP Addresses and ASN
Customers can use their own publicly registered IP space or Megaport will allocate a public /31 for the end user to peer directly with Salesforce. No RFC 1918 private space is allowed. Private and Public ASNs are accepted.
Although Megaport always recommends two Megaports for redundancy, an Express Connect over Megaport can be used for the primary connection to Salesforce and if the customer is using publicly routed IP space and the single Megaport fails, routing to Salesforce can revert to the public Internet if desired by the customer.
A common Express Connect deployment might look like this:
Let’s get started with establishing a connection to Salesforce Express Connect
Using the Megaport Portal, choose the Megaport (a-end) from which you want to establish a connection then select the Salesforce icon or “+ Connection”
Next, select Cloud tile.
Next, select the provider as Salesforce.
You will be presented with options allowing you to select your desired target location to connect to (SEC).
Select your destination Port and then select “Next”.
Complete the information below by giving the connection a name, a rate limit, and the A-End VLAN. Invoice reference is optional.
Name Your Connection – A free text field allowing you to assign an easily identifiable name for this connection.
Rate Limit – The rate limit can be any value between 1Mb and 5GB.
A-End VLAN – The VLAN for this connection that you will receive via the Megaport. This must be a unique VLAN ID on this Port. You can also select the toggle to “untag” this VXC. This will remove the VLAN tagging for this connection but will also mean only one VXC can be deployed on this Port.
After completing the required fields select “Next”.
You will then be requested to supply your ASN and IP Prefixes.
ASN – Private and Public ASNs are accepted
BGP Password – Optional field allowing you to specify the BGP Auth Key.
Prefixes – Prefixes to announce to Salesforce. RIR assigned IPv4 address ranges only. If you do not have public IP ranges, you can source NAT to the /31s IP provided by Megaport. If you are going to use the /31s IP provided by Megaport, you can leave this field blank. Note: RFC 1918 space is not permitted. Once VXC is completed new prefixes cannot be added.
Once you have finished the configuration page, you are ready to add the VXC to your cart and configure further VXC’s or proceed through the check-out process.
Once the VXC is created and you’ve checked out, Salesforce can take up to two business days to approve the connection request.
When Salesforce accepts the request, two logical and redundant connections are created from Salesforce.
As shown below, the details of your (SEC) connection can be viewed and edited by clicking on the VXC and selecting ‘Details’.
Configure one BGP peering connection using the /31s IP assigned by Megaport. It is important to configure the IP address that has been assigned to you for the local interface as it has been automatically whitelisted on the SEC side. You will still be able to configure your own public prefixes for advertising across this link using the Megaport specific peering IP address.