Skip to content
Megaport Documentation
AWS MCR Connections

Creating MCR Connections to AWS

You can create a VXC from an MCR to AWS Direct Connect (DX) through the Megaport Portal. Follow the steps in this topic to establish a private, public, or transit VIF connection that can connect either directly to a selected VPC or to a range of VPCs either in a single or multiple AWS regions (within a single AWS account).

Prerequisites

Private Virtual Interface

Before you create a private connection from an MCR to AWS, make sure you have the following:

  • Your AWS Account number.
  • An AWS virtual private gateway or Direct Connect gateway associated with your VPCs.
  • The ASN number for the AWS gateway.
    When creating the AWS gateway, we recommend private ASNs for private connections and we recommend replacing the AWS default ASN (usually 7224) as routing multiple VXC instances to the same target ASN can result in routing anomalies.
  • An MCR.
    If you don’t currently have an MCR, create one following the procedures in Creating an MCR.

Note

The preferred manner for inter-region peering is multiple VXCs from a single MCR with individual connections to VGWs (often abbreviated VGW). (This model also supports inter-region peering between VPCs from multiple accounts.) Direct Connect gateways can aggregate multiple VGWs from local and remote regions and this method is more extensible than the VGW option, however, this option requires careful consideration of traffic paths and latency implications. We recommend that you consult the AWS documentation for information on the rules and limits imposed on the connection types.

Public Virtual Interface

You can create a public virtual interface to connect your MCR to public resources (non-VPC services).

To connect to public resources such as Amazon Simple Storage Service (S3) and Amazon DynamoDB, AWS generally requires you to bring public IP addresses to this connection. However, with the MCR, Megaport supplies a /31 range for public peering and for the global AWS route tables.

Public VIFs are not required to terminate onto a virtual private gateway or Direct Connect gateway and the target ASN will be the AWS public ASN for the destination region.

For a public connection, you need your AWS Account number.

Transit Virtual Interface

Before you create a transit connection from an MCR to AWS, make sure you have the following:

  • Your AWS Account number.
  • An AWS transit gateway attached to your Direct Connect gateway.
  • The ASN number for the Direct Connect gateway attached to the transit gateway.
  • An MCR.

Connecting an MCR to AWS Direct Connect

Once you have the prerequisites met, you can create the VXC to AWS from the MCR.

The VXC connection can be one of two AWS models: Hosted VIF or Hosted Connection.

Hosted VIFs can connect to public or private AWS cloud services: a Hosted VIF cannot connect to a transit virtual interface. The Hosted VIF is fully integrated with AWS and provides access to the routing information for automatic configuration of your MCR BGP peering.

A Hosted Connection can support one private, public, or transit virtual interface. The Hosted Connection configuration process does not have automatic access to routing information for the MCR and you need to configure the routing manually and specify BGP peering details on both the AWS virtual interface and the MCR A-End configuration in the Megaport Portal.

For more information about each connection type, see Connecting to AWS Direct Connect.

Creating a Hosted VIF connection

To create a Hosted VIF VXC from an MCR to AWS

  1. In the Megaport Portal, go to the Services page and select the MCR you want to use.
  2. Click +Connection and click Cloud.

  3. Select AWS as the service provider, select Hosted VIF as the AWS Connection Type, select the destination port, and click Next.
    You can use the Country filter to narrow the selection.
    Add Hosted VIF connection

  4. Specify the connection details:

    • Connection Name – The name of your VXC to be shown in the Megaport Portal.

    • Service Level Reference (optional) – Specify a unique identifying number for the VXC to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.

    • Rate Limit – The speed of your connection in Mbps.

    • VXC State – Select Enabled or Shut Down to define the initial state of the connection. For more information, see Shutting Down a VXC for Failover Testing.

      Note

      If you select Shut Down, traffic will not flow through this service and it will behave as if it was down on the Megaport network. Billing for this service will remain active and you will still be charged for this connection.

    • Minimum Term – Select No Minimum Term, 12 Months, 24 Months, or 36 Months. Longer terms result in a lower monthly rate. 12 Months is selected by default.
      Take note of the information on the screen to avoid early termination fees (ETF). See VXC Pricing and Contract Terms and VXC, Megaport Internet, and IX Billing for more information.

    Connection details

    Note

    Partner-managed accounts can apply a Partner Deal to a service. For more information, see Associating a Deal With a Service.

  5. Click Next.

  6. Click Next to acknowledge the MCR Connection details.

  7. Specify the connection details for the AWS service. AWS connection details

    For private Hosted VIFs, only the AWS Connection Name, AWS Account ID, and Amazon ASN fields are mandatory. For public Hosted VIFs, only the AWS Connection Name and AWS Account ID are mandatory.

    For both public and private connections, the BGP peering fields (BGP Auth Key, Customer IP Address, and Amazon IP Address) are automatically populated when the connection is created - although you can enter manual values if you have specific requirements.

    Here are details for each field:

    • Select Public or Private.

      • Private – Access private AWS services such as a VPC, EC2 instances, load balancers, RDS DB instances, on private IP address space.

      • Public – Access public AWS services such as Amazon Simple Storage Service (S3), DynamoDB, CloudFront, and Glacier. You’ll also receive Amazon’s global IP prefixes (approximately 2,000 prefixes).

        Note

        Public VIFs require manual intervention from Amazon and could take up to 72 hours. For more information, see Configuring Public AWS Connections with IP Addresses Provided by AWS.

    • AWS Connection Name – This is a text field and will be the name of your virtual interface that appears in the AWS console. The AWS Connection Name is automatically populated with the name specified in a previous step.

    • AWS Account ID – This is the ID of the account you want to connect. You can find this value in the management section of your AWS console.

    • Customer ASN (optional) – Specifies the ASN used for BGP peering sessions on any VXCs connected to the MCR. This value is defined when you configure the MCR and, once defined, it cannot be changed. The default value is the Megaport public ASN 133937.

    • Amazon ASN – For private connections, this value needs to match either the ASN for the AWS virtual private gateway (for 1:1 VPC connections) or the ASN for the AWS Direct Connect gateway. For public connections, if you supply this value, it will be ignored and the ASN will be the AWS public ASN for the destination region.

    • BGP Auth Key (optional) – Specify the BGP MD5 key. If you leave this blank, Megaport negotiates a key automatically for you with AWS, and displays the key in the Megaport Portal. (The key is not displayed in the AWS console.)

    • Customer IP Address (optional) – The IP address space (in CIDR format) used on your network for peering. If left blank, Megaport assigns an address.

    • Amazon IP Address (optional) – The IP address space in CIDR format assigned in the AWS VPC network for peering. If left blank, Megaport automatically assigns an address.

    • Prefixes (optional) – (visible for Public connections only) Specify IP Prefixes to announce to AWS. Specify the prefixes you will advertise when deploying a Public Direct Connect (RIR-assigned IPv4 addresses only).
      Once you configure Prefixes for a Public connection, you cannot change them and the field is grayed out. To change this value, create a support ticket with AWS so they can make this change in a non-impacting way. Or, you can cancel the Hosted VIF and reorder. In both cases, you need to wait for AWS to manually approve the request.

  8. Click Next to proceed to the connection detail summary, add the VXC to the cart, and order the connection.

Once the VXC connection is deployed successfully, it appears on the Portal Services page associated with the MCR.

VXC details

Click the VXC title to display the details of this connection.

Note

For private connections, in the Details section, the service status (Layer 2) is up but BGP (Layer 3) will be down because the matching configuration does not exist on the AWS side. This will be configured once you accept the virtual interface in the AWS console.

Accepting the Virtual Interface for Private Connections

Two to three minutes after ordering a private Hosted VIF VXC, the corresponding inbound VIF request is visible on the AWS Direct Connect > Virtual Interfaces page in the AWS console. (This is specific to the region associated with the target AWS port.) If your VIF doesn’t appear after a few minutes, confirm that you are viewing the correct region.

To review and accept the private virtual interface

  1. From the AWS Direct Connect > Virtual Interface page, click the ID of the interface to display the configuration and peering details.
    AWS Virtual Interfaces
    The name and account ID of the VIF should match the values supplied in the Portal and the BGP ASN should match the Customer ASN configured with the VXC. The Amazon Side ASN is the default region’s AWS ASN and not the value specified during the configuration - this is updated in the next step when the virtual interface is accepted and assigned.
  2. Click Accept.
  3. Select the gateway type and then the specific gateway for this new virtual interface. Specify a gateway
  4. Click Accept virtual interface.

After you accept the interface, the Amazon side ASN field changes to the ASN value specified in the configuration. The state of the connection changes from confirming to pending, and then changes to available once BGP has established. Note that sometimes there is a delay in the available BGP status appearing on the AWS end, though you can confirm the current state of the Layer 3 link through the Portal view.

Accepting the Virtual Interface for Public Connections

Several minutes after ordering a public Hosted VIF VXC, the corresponding inbound VIF request appears on the AWS Direct Connect > Virtual Interfaces page in the AWS console. (This is specific to the region associated with the target AWS port.)

To review and accept the public virtual interface

  1. From the AWS Direct Connect > Virtual Interface page, click the ID of the interface to display the configuration and peering details.
  2. Review the configuration details and click Accept, and when prompted, click Confirm.

The state of the connection changes from confirming to verifying. At this point, the connection needs to be verified by Amazon - a process that can take up to 72 hours. When verified, the state changes to available.

Creating a Hosted Connection

To create a Hosted Connection VXC from an MCR to AWS

  1. In the Megaport Portal, go to the Services page and select the MCR you want to use.
  2. Click +Connection and click Cloud.

  3. Select AWS as the service provider, select Hosted Connection as the AWS Connection Type, select the destination port, and click Next.
    Each destination port has either a blue or red icon to indicate its diversity zone. To achieve diversity, you need to create two connections with each one in a different zone.
    You can use the Country filter to narrow the selection and you can filter by diversity zone.
    Specify a connection type and destination

  4. Specify the connection details:

    • Connection Name – The name of your VXC to be shown in the Megaport Portal.

    • Service Level Reference (optional) – Specify a unique identifying number for the VXC to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.

    • Rate Limit – The speed of your connection in Mbps.

    • VXC State – Select Enabled or Shut Down to define the initial state of the connection. For more information, see Shutting Down a VXC for Failover Testing.

      Note

      If you select Shut Down, traffic will not flow through this service and it will behave as if it was down on the Megaport network. Billing for this service will remain active and you will still be charged for this connection.

    • Minimum Term – Select No Minimum Term, 12 Months, 24 Months, or 36 Months. Longer terms result in a lower monthly rate. 12 Months is selected by default.
      Take note of the information on the screen to avoid early termination fees (ETF). See VXC Pricing and Contract Terms and VXC, Megaport Internet, and IX Billing for more information.

    Connection details

  5. Click Next.

  6. For the MCR Connection detail, provide an IP address in CIDR format.
    This value is the IP address for the interface and is the MCR IP address used for BGP peering to AWS.
    Router IP address
    Assign a /30 address in private address space.

    You can add a secondary IP address, if needed.

    Note

    You can change these values in the A-End details of the VXC configuration.

  7. Click Add BGP Connection and specify these values:

    • Local IP – The IP address on this interface that communicates with the BGP peer. The menu is automatically populated based on the address you specified as interface IP addresses.

    • Peer IP – The IP address for the BGP peer. In this example, the local IP is 192.168.100.1 so the peer IP address would be 192.168.100.2.

    • Peer ASN – The ASN of the AWS gateway.

    • BGP Password – The shared key to authenticate the peer. This field is optional for the creation of the VXC, but is required to set up the BGP peering. You can add it after you create the VXC.

      The shared key length is from 1 to 25 characters. The key can include any of these characters:

      a-z
      A-Z
      0-9
      ! @ # . $ % ^ & * + = - _

      Tip

      Click the eye icon to see the password as you type. The view persists until you click the eye icon again to hide the password.

    • Description (optional) – Enter a description that will help identify this connection. The minimum description length is from 1 to 100 characters.

    • BGP State – Shuts down the connection without removing it. The initial setting will be taken from the setting on the A-End of the MCR. Enabling or shutting down the BGP state does not impact existing BGP sessions. The BGP state only affects new VXCs. This setting overrides the MCR state for an individual connection. See Creating an MCR.

    When you create the virtual interface in the AWS console for this connection, you will match these values.
    BGP details

  8. Click Add.
    The BGP details appear under BGP Connection details.

  9. Click Next.

  10. Specify the connection details for the AWS service.

    • AWS Connection Name – This is a text field and will be the name of your virtual interface that appears in the AWS console. The AWS Connection Name is automatically populated with the name specified in a previous step.

    • AWS Account ID – This is the ID of the account you want to connect. You can find this value in the management section of your AWS console.

      AWS details

  11. Click Next to proceed to the connection detail summary, click Add VXC, and order the connection.

Once the VXC connection is deployed successfully, it appears on the Megaport Portal Services page and is associated with the MCR. Click the VXC title to display the details of this connection. Note that the service status (Layer 2) is up but BGP (Layer 3) will be down because the configuration does not exist yet.

Once deployed in the Megaport Portal, you need to set up the connection in the AWS console:

  1. In AWS, accept the connection.
    To review and accept in the AWS console, go to Services > AWS Direct Connect > Connections and click the connection name to review the details and accept. See the AWS documentation for more information.
    The state will be pending for a few minutes while AWS deploys the connection.

  2. In the AWS console, click Create Virtual Interface and create a virtual interface for the hosted connection. Ensure you enter these values for BGP peering:

    • Your router peer IP – The BGP peer IP configured on the MCR.

    • Amazon router peer IP – The BGP peer IP configured on the AWS endpoint.

    • BGP authentication key – The password used to authenticate the BGP session.

    Important details to note:

    • AWS provides detailed steps for creating Public, Private, and Transit interfaces.

    • When you select Transit for the VIF, slower connections are filtered out and no longer appear in the interface.

    • The name you provided for the connection in the Megaport Portal appears in the Connection list on this page.

    • The VLAN is populated and appears to be editable; however, you will get an error if you try to change it.

Once you accept the Hosted Connection in AWS and create a virtual interface with the BGP peering settings, the VXC state changes to configured in the Megaport Portal.

Last update: 2024-04-15