How to access AWS using Cloud Connect

How to access AWS using Cloud Connect

Leaseweb offers private connectivity to AWS services such as their VPC from selected Leaseweb data centers.

You can create a network connection from your Leaseweb services to your AWS services.

Description

Cloud Connect supports the following AWS Direct connect models:

  • Hosted Virtual Interface (VIF)
  • Hosted Connection

Both Direct Connect models provide access to private IP space (RFC 1918) to a Virtual Private Cloud (VPC) within AWS

Hosted VIF features:

  • Managed and monitored shared customer bandwidth
  • Ability to change the connection speed without an impact on service
  • Supports one AWS Private Virtual Interfaces
  • This model does not support Transit Gateway virtual interfaces
  • AWS Direct Connect port fee is not billed through AWS

Hosted Connection features:

  • Dedicated bandwidth
  • Connection speed cannot be changed (a new connection will need to be created)
  • Supports Private VIF or Transit VIF (from 1 Gbps connections and up)
  • Support for AWS diverse ports for resiliency
  • AWS Direct Connect port fee is billed through AWS

Information

For both AWS Hosted VIF and AWS Hosted Connection, the outgoing traffic (traffic from AWS to Leaseweb) is billed through AWS.

Deploying an AWS Hosted VIF connection

The delivery of a Cloud Connect – AWS Hosted VIF order has 3 phases:

  • Phase 1: Requesting information
  • Phase 2: Accepting Virtual Interface in AWS console
  • Phase 3: BGP configuration and testing

Phase 1

To deploy a Hosted VIF connection, we will first need some of your information. You will receive an email requesting the below details:

  • AWS Account ID
  • If your AWS VPC is attached to a Virtual Private Gateway, we require the Amazon side ASN of the Virtual Private Gateway
  • If you have already created a Direct Connect Gateway, we require the Amazon side ASN of the Direct Connect Gateway
  • If you are using another Private IP space than the default one.

Information

If you have both a Virtual Private Gateway ASN and a Direct Connect Gateway ASN, we only require the Direct Connect Gateway ASN

Please see the instructions on AWS Documentation for how to find your AWS ID

  1. Login to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
    37683334

  2.  In the navigation pane, click on Virtual private gateways.
    37683335
  3. Select the radio button next to your Virtual Private gateway and click Edit.
    37683336
  4. You will see the ASN in the new screen that pops up.
  1.  Login to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
    37683330
  2. In the navigation pane, click on Direct Connect gateways.
    37683331

  3. Click on the Direct Connect gateway.
    37683332
  4. In the next page you will see the ASN.
    37683333

The above information is required for us to deploy the Hosted Virtual Interface.

Phase 2

Once the the Hosted VIF has been deployed, you will need to accept the Virtual Interface in the AWS console.

We will notify you by email to accept the Interface. We will also provide the name of the interface to accept and provide the Amazon side ASN, in case you haven’t created a Virtual Private Gateway or Direct Connect Gateway.

Information

If you do not have a Virtual Private Gateway or Direct Connect Gateway, we recommend that you create one before accepting the virtual interface.

  1.  Login to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
    37683316
  2. In the navigation pane, click on Virtual Private gateways.
    37683317
  3. In the next screen, click on Create virtual private gateway.
    37683318
  4. In the next screen, fill in the field Name tag, select the Customer ASN check box, and fill in the ASN that we have provided. Then click Create Virtual Private Gateway.
    37683319
  5.  In the next screen, you will see the message that gateway is successfully created. Click on the Virtual Private Gateway.
  6. In this screen, you can see that the Virtual Private gateway is in the detached state.
    37683320
  7. Click on Actions and select Attach to a VPC from the drop-down list.

    37683321

  8. In the next screen, select your VPC that you want to attach the Virtual Private Gateway and click Yes, Attach.

    37683322

  9.  The state of the gateway will be in attaching for a few minutes, then will change to attached.
    37683323
    37683324
  1.  Login to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
    37683325
  2. In the navigation pane, click on Direct Connect gateways.
    37683326
  3. In the next screen click Create Direct Connect Gateway.
    37683327
  4. In the next screen, fill in the Name field (any name that helps you identify the gateway), enter the Amazon side ASN (the ASN that we provided), and click Create Direct Connect Gateway.
    37683328
  5. The Direct Connect Gateway is created, and the state is available.
    37683329

To accept the Virtual Interface in the AWS console, login to your AWS account. Under Services, go to Networking & Content Delivery, then click on Direct Connect.

In the navigation pane, click on Virtual Interfaces and then select the Virtual Interface and click Accept.

In the Accept virtual interface dialog box, select a virtual private gateway or Direct Connect gateway, and then choose ‘Accept virtual interface’.

Reply to the email that the Virtual Interface has been accepted to configure BGP on our side.

Phase 3

You will be notified by email that BGP is configured, and you will be asked to test the connection.

We will provide also the Leaseweb Private IP address that we reserved to be the Gateway,

Notes:

  • Please enable route propagation between AWS VPC an AWS Virtual Private Gateway.
  1. Log in to the AWS console and go to your VPC.
    37683310
  2.  Click on Route Tables on the left navigation pane.
    37683311
  3. In the next screen, click on Route Propagation.
    37683312
  4.  If under propagate, you see “No”, click on Edit route propagation. If you see “Yes”, then route propagation is already enabled.
    37683313
  5. In the next screen, check the box next to the Virtual Private Gateway of your VPC and click Save.
    37683314

    Your route propagation is now enabled.
    37683315

  • Please change inbound/outbound security rules to your AWS VMs to allow communication between the two environments.
  • On your Leaseweb servers, please add a static route for your AWS IP space using the Leaseweb Private IP address as Gateway that we provided.

Deploying an AWS Hosted Connection

The delivery of a Cloud Connect – AWS Hosted Connection order has 3 phases:

  • Phase 1: Requesting information
  • Phase 2: Accepting connection and creating a Virtual Interface in the AWS console
  • Phase 3: BGP configuration and testing

Phase 1

To deploy a Hosted Connection we will first need some of your information. You will receive an email requesting the below:

  • AWS Account ID
  • If your AWS VPC is attached to a Virtual Private Gateway, we require the Amazon side ASN of the Virtual Private Gateway
  • If you have already created a Direct Connect Gateway, we require the Amazon side ASN of the Direct Connect Gateway

Information

If you have both a Virtual Private Gateway ASN and a Direct Connect Gateway ASN, we only require the Direct Connect Gateway ASN

Please see the instructions on AWS Documentation for how to find your AWS ID.

  1. Login to the AWS console. Under Services go to Networking & Content Delivery. Click on Direct Connect.
    37683334

  2.  In the navigation pane, click on Virtual private gateways.
    37683335
  3. Check the radio button next to your Virtual Private gateway and click Edit.
    37683336
  4. In the new screen you will find the ASN.
  1.  Login to the AWS console. Under Services go to Networking & Content Delivery. Click on Direct Connect.
    37683330
  2. In the navigation pane, click on Direct Connect gateways.
    37683331

  3. Click on the Direct Connect gateway.
    37683332
  4. In the next page you will find the ASN.
    37683333

The above information is required for us to deploy the Hosted Connection.

Phase 2

Once the new connection has been deployed you will need to accept the new connection to activate it.

We will notify you by email to accept the Connection. We will provide also the below information:

  1. AWS ASN
  2. Customer ASN
  3. BGP Auth key
  4. Customer IP address
  5. AWS IP Address

Information

If you do not have a Virtual Private Gateway or Direct Connect Gateway we recommend that you create one before accepting the new connection.

  1.  Login to AWS console. Under Services go to Networking & Content Delivery. Click on Direct Connect.
    37683316
  2. In the navigation pane, click on Virtual private gateways.
    37683317
  3. In the next screen click Create virtual private gateway.
    37683318
  4. In the next screen fill in the field Name tag, select the Customer ASN radio button, and fill in the ASN that we have provided. Click Create Virtual Private Gateway.
    37683319
  5.  In the next screen, you will see the message that the gateway is successfully created. Click on the Virtual Private Gateway.
  6. In this screen you will see that the Virtual Private gateway is in a detached state.
    37683320
  7. Click on Actions and select Attach to a VPC from the drop-down list.

    37683321

  8. In the next screen, select your VPC that you want to attach the Virtual Private Gateway and click Yes, Attach.

    37683322

  9.  The state of the gateway will be in “attaching” for a few minutes, and will change to attached.
    37683323

    37683324

  1.  Login to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
    37683325
  2. In the navigation pane, click on Direct Connect gateways.
    37683326
  3. In the next screen click on Create Direct Connect Gateway.
    37683327
  4. In the next screen, fill in the Name field (any name that helps you identify the gateway), enter the Amazon side ASN (the ASN that we provided), and click Create Direct Connect Gateway
    37683328
  5. The Direct Connect Gateway is created, and the state is available.
    37683329
  1. Login to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
    37683302

  2. In the navigation pane, click on Connections.
    37683303
  3. The new connection will appear. Please click on it and then click Accept. The state will be pending for a few minutes while AWS deploys the connection. After it is deployed, the state will change from “ordering” to “available”.
    37683304

  4. The connection is now available. However, you will need to create a Virtual Interface and attach the Virtual Interface to a gateway.
  5. To create a Virtual Interface go to Virtual Interfaces and click Create Virtual Interface.
    37683305
  6. There are three Virtual interface types on the next page: Public, Private and Transit. We support Private or Transit Interfaces, so please select either Private or Transit. Please note that Transit Gateway is only supported for connections from 1Gbps and above.
    37683306

  7.  Fill in the fields below:

    Virtual Interface Name: use the connection name

    Connection: in the drop down, the connection ID you just accepted will be displayed as Virtual Interface owner: select My AWS account

    Gateway type: select the type of Gateway that you would like to use

    – Direct Connect Gateway is a global resource and you can associate it with up to 10 Virtual Private Gateways

    – Virtual Private Gateway can be attached to a single VPC

    VLAN: the VLAN ID of Leaseweb Private Network. (To find the VLAN ID, login to the Leaseweb Customer Portal and click on Private Network)

    BGP ASN:  Enter the Customer ASN that we provided

    Click Additional Settings

    Information

    The same information is required if you create a Transit Gateway.

    Note: If you have selected to create Transit Interface, on Gateway type the only option is Direct Connect Gateway.

    37683307

  8. Under Additional Settings, fill in the fields:

    Address family: Select IPv4

    Your router peer IP: Enter the Customer IP address that we provided

    Amazon router IP: Enter the AWS IP address that we provided

    BGP authentication key: Enter the BGP auth key that we provided

    Click Create virtual interface.

    Note: Please do not enable MTU size 9001
    37683308

  9. The new Virtual Interface will appear under Virtual Interfaces. Navigate to Virtual Interfaces and click on the Virtual Interface. The state will be down because the BGP is not configured yet.
    37683309
  10. Reply to the email that you received from us and confirm that the connection is accepted, a virtual interface has been created, and it has been associated with a gateway.

Phase 3

You will be notified by email that BGP is configured, and you will be asked to test the connection.

We will provide also the Leaseweb Private IP address that we reserved to be the Gateway,

Notes:

  • Please enable route propagation between AWS VPC and AWS Virtual Private Gateway.

    1. Log in to the AWS console and go to your VPC.
      37683310
    2.  Click on Route Tables on the navigation pane on the left side.
      37683311
    3. In the next screen, click on Route Propagation.
      37683312
    4.  If under propagate, you see “No”, click on Edit route propagation. If you see “Yes”, then route propagation is already enabled.
      37683313
    5. In the next screen, check the box next to the Virtual Private Gateway of your VPC and click Save.
      37683314

      Your route propagation is now enabled.
      37683315

    • Please change the inbound/outbound security rules to your AWS VMs to allow communication between the two environments.
    • On your Leaseweb servers, please add a static route for your AWS IP space using the Leaseweb Private IP address as Gateway that we provided.

FAQs for Cloud Connect-AWS

Do you support AWS Public Virtual Interfaces?

We do not support AWS Public Virtual Interfaces in this version of Cloud Connect.