MCR – Creating Connections to AWS Direct Connect

You can create a VXC from an MCR to an AWS Direct Connect (DX) through the Portal. Follow the steps in this article to establish a private, public, or transit VIF connection that can connect either directly to a selected VPC or to a range of VPCs either in a single or multiple AWS regions (within a single AWS account). 

Prerequisites 

Private Virtual Interface 

Before you create a private connection from an MCR to AWS, make sure you have the following:

  • Your AWS Account number
  • An AWS virtual private gateway or Direct Connect gateway associated with your VPCs. 
  • The ASN number for the AWS gateway. 
    When creating the AWS gateway, we recommend private ASNs for private connections and we recommend replacing the AWS default ASN (usually 7224) as routing multiple VXC instances to the same target ASN can result in routing anomalies.
  • An MCR. 
    If you don’t currently have an MCR, create one following the procedures in this article Megaport Cloud Router (MCR).

Note: The preferred manner for inter-region peering is multiple VXCs from a single MCR with individual connections to VGWs (often abbreviated VGW). (This model also supports inter-region peering between VPCs from multiple accounts.) Direct Connect gateways can aggregate multiple VGWs from local and remote regions and this method is more extensible than the VGW option, however, this option requires careful consideration of traffic paths and latency implications. We recommend that you consult the AWS documentation for information on the rules/limits imposed on the connection types.

Public Virtual Interface

You can create a public virtual interface to connect your MCR to public resources (non-VPC services). 

To connect to public resources such as Amazon Simple Storage Service (S3) and Amazon DynamoDB, AWS generally requires you to bring public IP addresses to this connection. However, with the MCR, Megaport supplies a /31 range for public peering and for the global AWS route tables. 

Public VIFs are not required to terminate onto a virtual private gateway or Direct Connect gateway and the target ASN will be the AWS public ASN for the destination region. 

For a public connection, you need your AWS Account number. 

Transit Virtual Interface

Before you create a transit connection from an MCR to AWS, make sure you have the following:

  • Your AWS Account number
  • An AWS transit gateway  attached to your Direct Connect gateway.  
  • The ASN number for the Direct Connect gateway attached to the transit gateway. 
  • An MCR. 


Connecting an MCR to AWS Direct Connect

Once you have the prerequisites met, you can create the VXC to AWS from the MCR.

The VXC connection can be one of two AWS models: Hosted VIF or Hosted Connection. 

Hosted VIFs can connect to public or private AWS cloud services: a Hosted VIF cannot connect to a transit virtual interface. The Hosted VIF is fully integrated with AWS and provides access to the routing information for automatic configuration of your MCR BGP peering. 

A Hosted Connection with a capacity of 500 Mbps or less can support one private or public virtual interface. A Hosted Connection with a capacity of 1 Gbps or more can support one private, public, or transit virtual interface. The Hosted Connection configuration process does not have automatic access to routing information for the MCR and you need to configure the routing manually and specify BGP peering details on both the AWS virtual interface and the MCR A-End configuration in the Megaport portal.

For more details about each connection type, see AWS Direct Connect.

Creating a Hosted VIF connection

In addition to the steps, you can watch the 5-minute video tutorial for private connections using Hosted VIFs.

To create a Hosted VIF VXC from an MCR to AWS

  1. In the Megaport portal, go to the Services page and select the MCR you want to use.
  2. Click +Connection and click Cloud.
  3. Select AWS as the service provider, select Hosted VIF as the AWS Connection Type, and select the destination port and click Next.
    You can use the Country filter to narrow the selection.
  4. Enter the name of the connection (for display in the Megaport dashboard) and the rate limit (Mbps). Optionally, provide an Invoice Reference. Click Next.
  5. Click Next to acknowledge the MCR Connection details. 
  6. Specify the connection details for the AWS service.
    For private Hosted VIFs, only the AWS Connection Name, AWS Account ID, and Amazon ASN fields are mandatory. For public Hosted VIFs, only the AWS Connection Name and AWS Account ID are mandatory.

    For both public and private connections, the BGP peering fields (BGP Auth Key, Customer IP Address, and Amazon IP Address) are autopopulated when the connection is created – although you can enter manual values if you have specific requirements. 

    Here are details for each field:
    • Select Public or Private.
      Private – Access private AWS services such as a VPC, EC2 instances, load balancers, RDS DB instances, on private IP address space.

      Public – Access public AWS services such as Amazon Simple Storage Service (S3), DynamoDB, CloudFront, and Glacier. You’ll also receive Amazon’s global IP prefixes (approximately 2,000 prefixes). Note: Public VIFs require manual intervention from Amazon and could take up to 48 hours.

    • AWS Connection Name – This is a text field and will be the name of your virtual interface that appears in the AWS console. The AWS Connection Name is autopopulated with the name specified in a previous step.
    • AWS Account ID – This is the ID of the account you want to connect. You can find this value in the management section of your AWS console.
    • Customer ASN – An optional field, specifies the ASN used for BGP peering sessions on any VXCs connected to the MCR. This value is defined when you configure the MCR and once defined it cannot be changed. The default value is the Megaport public ASN 133937.
    • Amazon ASN – For private connections, this value needs to match either the ASN for the AWS virtual private gateway (for 1:1 VPC connections) or the ASN for the AWS Direct Connect gateway. For public connections, an Amazon ASN is not required and the ASN will be the AWS public ASN for the destination region.
    • Customer IP Address – The IP Address space (in CIDR format) you will use on your network for peering. This field is optional and if left blank, Megaport assigns an address.
    • Amazon IP Address – The IP address space in CIDR format assigned in the AWS VPC network for peering. This field is optional and if left blank, Megaport automatically assigns an address. 
    • Prefixes – (visible for Public connections only) An optional field for IP Prefixes to announce to AWS. Specify the prefixes you will advertise when deploying a Public Direct Connect (RIR-assigned IPv4 addresses only).
  7. Click Next to proceed to the connection detail summary, add the VXC to the cart, and order the connection.

Once the VXC connection is deployed successfully, it appears on the Portal dashboard associated with the MCR.

Click the VXC title to display the details of this connection. 

Note for private connections, in the Details section that the service status (Layer 2) is up but BGP (Layer 3) will be down because the matching configuration does not exist on the AWS side. This will be configured once you accept the virtual interface in the AWS console.

Accepting the Virtual Interface for Private Connections

Two to three minutes after ordering a private Hosted VIF VXC, the corresponding inbound VIF request will be visible on the AWS Direct Connect > Virtual Interfaces page in the AWS console. (This is specific to the region associated with the target AWS port.) If your VIF doesn’t appear after a few minutes, confirm that you are viewing the correct region.

To review and accept the private virtual interface

  1. From the AWS Direct Connect > Virtual Interface page, click the ID of the interface to display the configuration and peering details. 
    The name and account ID of the VIF should match the values supplied in the Portal and the BGP ASN should match the Customer ASN configured with the VXC. The Amazon Side ASN will be the default region’s AWS ASN and not the value specified during our configuration —  this will be updated in the next step when the virtual interface is accepted and assigned.
  2. Click Accept.
  3. Select the gateway type and then the specific gateway for this new virtual interface. 
  4. Click Accept virtual interface.

After you accept the interface, the Amazon Side ASN field changes to the ASN value specified in the configuration. The state of the connection changes from confirming to pending and then available once BGP has established. Note that sometimes there is a delay in the available BGP status appearing on the AWS end though you can confirm the current state of the Layer 3 link through the Portal view.

Accepting the Virtual Interface for Public Connections

Several minutes after ordering a public Hosted VIF VXC, the corresponding inbound VIF request will be visible on the AWS Direct Connect > Virtual Interfaces page in the AWS console. (This is specific to the region associated with the target AWS port.) 

To review and accept the public virtual interface

  1. From the AWS Direct Connect > Virtual Interface page, click the ID of the interface to display the configuration and peering details. 
  2. Review the configuration details and click Accept, and when prompted click Confirm

The state of the connection changes from confirming to verifying. At this point, the connection needs to be verified by Amazon – a process that can take up to 48 hours. When verified, the state changes to available.

Creating a Hosted Connection

To create a Hosted Connection VXC from an MCR to AWS

  1. In the Megaport portal, go to the Services page and select the MCR you want to use.
  2. Click +Connection and click Cloud.
  3. Select AWS as the service provider, select Hosted Connection as the AWS Connection Type, and select the destination port and click Next.
    Each destination port has either a blue or an orange icon to indicate its diversity zone. To achieve diversity, you need to create two connections with each one in a different zone.
    You can use the Country filter to narrow the selection and you can filter by diversity zone. 
  4. Enter the name of the connection (for display in the Megaport dashboard) and the rate limit (Mbps). Optionally, provide an Invoice Reference. Click Next

    The rate limit specifies the speed of the VXC and monthly billing details appear based on location and rate limit.
  5. For the MCR Connection detail, provide an IP address in CIDR format.
    This value is the IP address for the interface and is the MCR IP address used for BGP peering to AWS. 

    Assign a /30 address in private address space.
    Note: To create the connection, you do not need to provide the MCR connection detail. However, you need these details to complete the configuration — and if you do not add the information here, you will need to return and edit the A-End configuration details to provide these values. 
  6. Click +Add.
    The connection detail section expands. 

    You can add a secondary IP, if needed. 
  7. Click +Add BGP Connection and specify these values:
    • Local IP – the IP address on this interface that communicates with the BGP peer. The menu is autopopulated based on the address you specified in the connection detail.
    • Peer IP – the IP address for the BGP peer. In our example, the local IP is 198.162.100.1 so the peer IP address would be 198.162.100.2.
    • Peer ASN – the ASN of the AWS gateway.
    • BGP Auth – the shared key to authenticate the peer.  This field is optional for the creation of the VXC, but is required to set up the BGP peering. You can add it after you create the VXC.
      When you create the virtual interface in the AWS console for this connection, you will match these values. 


      Note, there are other optional fields available in this dialog box, but they are not essential to setting up the BGP peering. For details about these fields, see the Megaport Cloud Router (MCR) article. 
  8. Click Add
    The BGP details appear in the connection detail. 
  9. Click Next
  10. Specify the connection details for the AWS service.

    • AWS Connection Name – This is a text field and will be the name of your virtual interface that appears in the AWS console. The AWS Connection Name is autopopulated with the name specified in a previous step.
    • AWS Account ID – This is the ID of the account you want to connect. You can find this value in the management section of your AWS console.
  11. Click Next to proceed to the connection detail summary, add the VXC to the cart, and order the connection.

Once the VXC connection is deployed successfully, it appears on the Portal dashboard associated with the MCR. Click the VXC title to display the details of this connection. Note, that the service status (Layer 2) is up but BGP (Layer 3) will be down because the configuration does not exist yet.

Once deployed in the Portal, you need to set up the connection in the AWS console:

  1. In AWS, accept the connection.
    To review and accept in the AWS console, go to Services > AWS Direct Connect > Connections and click the connection name to review the details and accept. See the AWS documentation for details.
    The state will be pending for a few minutes while AWS deploys the connection. 
  2. In the AWS console, click Create Virtual Interface and create a virtual interface for the hosted connection. Ensure you enter these values for BGP peering:  
    • Your router peer IP – the BGP peer IP configured on the MCR. 
    • Amazon router peer IP – the BGP peer IP configured on the AWS endpoint. 
    • BGP authentication key – password used to authenticate the BGP session. 

Important details to note:

  • AWS provides detailed steps for creating public, private, and transit interfaces.
  • IMPORTANT: If you choose the Transit interface type, remember that transit gateways require connections at 1 Gbps or higher. When you select Transit for the VIF, slower connections are filtered out and no longer appear in the interface. 
  • The name you provided for the connection in the Megaport portal appears in the Connection list on this page. 
  • The VLAN is populated and appears to be editable; however, you will get an error if you try to change it. 

Once you accept the Hosted Connection in AWS and create a virtual interface with the BGP peering settings, the VXC state changes to configured in the Megaport portal.

©2020 Megaport. Megaport, Virtual Cross Connect, VXC and MegaIX are registered trademarks of Megaport (Services) Pty Ltd ACN 607 432 646.

Log in with your credentials

Forgot your details?