How to access AWS using Cloud Connect

Leaseweb offers private connectivity to AWS services, such as their VPC, from selected Leaseweb Data Centers. You can create a network connection from your Leaseweb services to your AWS services using the Leaseweb Cloud Connect service.

Optionally, this connection can be fully redundant using different devices and paths between AWS and Leaseweb.

Description

Cloud Connect supports the following AWS Direct Connect models:

Hosted Virtual Interface (VIF)
Hosted Connection

Both Direct Connect models provide access to private IP space (RFC 1918) to a Virtual Private Cloud (VPC) within AWS.

Hosted VIF features:

Managed and monitored shared customer bandwidth
Ability to change the connection speed without an impact on service
Supports one AWS Private Virtual Interface
This model does not support Transit Gateway virtual interfaces
AWS Direct Connect port fee is not billed through AWS
Does not support redundant connections via diverse paths

Hosted Connection features:

Dedicated bandwidth
Connection speed cannot be changed (a new connection will need to be created)
Supports Private VIF or Transit VIF (from 1 Gbps connections and up)
Support for AWS diverse ports for resiliency/redundancy
AWS Direct Connect port fee is billed through AWS

Information

For both AWS Hosted VIF and AWS Hosted Connection, the outgoing traffic (traffic from AWS to Leaseweb) is billed through AWS. Leaseweb itself does not charge for the traffic you send between AWS and Leaseweb over Cloud Connect.

Deploying an AWS Hosted VIF connection

The delivery of a Cloud Connect – AWS Hosted VIF order has 3 phases:

Phase 1: Requesting information
Phase 2: Accepting Virtual Interface in the AWS console
Phase 3: BGP configuration and testing

Phase 1 (Requesting information)

To deploy a Hosted VIF connection, we will first need some of your information. You will receive an email requesting the following details:

AWS Account ID
If your AWS VPC is attached to a Virtual Private Gateway, we require the Amazon side ASN of the Virtual Private Gateway
If you have already created a Direct Connect Gateway, we require the Amazon side ASN of the Direct Connect Gateway
If you are using another Private IP space than the default one.

Information

If you have both a Virtual Private Gateway ASN and a Direct Connect Gateway ASN, we only require the Direct Connect Gateway ASN

Please refer to the AWS Documentation for instructions on finding your AWS ID.

How to find the ASN of your AWS Virtual Private Gateway

Log in to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
In the navigation pane, click on Virtual private gateways.
Select the radio button next to your Virtual Private gateway and click Edit.
You will see the ASN in the new screen that pops up. Note: default AWS ASN is 65001.

How to find the ASN of your AWS Virtual Direct Connect Gateway

Log in to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
In the navigation pane, click on Direct Connect gateways.
Click on the Direct Connect gateway.
On the next page, you will see the ASN. Note: default AWS ASN is 65001.

The above information is required for us to deploy the Hosted Virtual Interface.

Phase 2 (Accepting Virtual Interface in AWS console)

Once the Hosted VIF has been deployed, you will need to accept the Virtual Interface in the AWS console.

Leaseweb will configure the connection, and we will notify you by email to accept the Interface in AWS.
We will also provide the name of the interface to accept and ask you to provide the Amazon side ASN, in case you haven’t created a Virtual Private Gateway or Direct Connect Gateway.
If you already have a Gateway, please provide us with the used Amazon ASN from your gateway settings.

Information

If you do not have a Virtual Private Gateway or Direct Connect Gateway, we recommend creating one before accepting the virtual interface.

Creating an AWS Private Virtual Gateway

Log in to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
In the navigation pane, click on Virtual private gateways.
In the next screen, click on Create virtual private gateway.
In the next screen, fill in the Name tag field, select the Custom ASN check box, and fill in the ASN that you prefer to use, which should be in the 64512-65534 range or use AWS default 65001.
Then click Create Virtual Private Gateway.
In the next screen, you will see the message that the gateway is successfully created. Click on the Virtual Private Gateway.
In this screen, you can see that the Virtual Private gateway is in the detached state.
Click on Actions and select Attach to a VPC from the drop-down list.
In the next screen, select your VPC that you want to attach the Virtual Private Gateway and click Yes, Attach.
The state of the gateway will be in attaching for a few minutes, then it will change to attached.

Creating an AWS Direct Connect Gateway

Log in to the AWS console. Under Services, go to Networking & Content Delivery. Click on Direct Connect.
In the navigation pane, click on Direct Connect gateways.
In the next screen, click Create Direct Connect Gateway.
In the next screen, fill in the Name field (any name that helps you identify the gateway), enter the Amazon side ASN (use the AWS default ASN 65001 or define one yourself), and click Create Direct Connect Gateway.
The Direct Connect Gateway is created, and the state is available.

Accepting the Virtual Interface

To accept the Virtual Interface in the AWS console, log in to your AWS account. Under Services, go to Networking & Content Delivery, then click on Direct Connect.
In the navigation pane, click on Virtual Interfaces and then select the Virtual Interface and click Accept.
In the Accept virtual interface dialogue box, select a Virtual Private gateway or Direct Connect gateway, and then choose ‘Accept virtual interface‘.

Reply to the email that the Virtual Interface has been accepted by you, so Leaseweb can configure BGP on the CloudConnect router.

Phase 3 (BGP configuration and testing)

You will be notified by email that BGP is configured by Leaseweb, and you will be asked to test the connection. We will also provide the Leaseweb Private IP address that we reserved to be the Gateway on the Private Network.

Enable route propagation between AWS VPC and AWS Virtual Private Gateway

You will need to enable route propagation between AWS VPC and AWS Virtual Private Gateway.

How to enable route propagation between VPC and Virtual Private Gateway:

Log in to the AWS console and go to your VPC.
Click on Route Tables on the left navigation pane.
In the next screen, click on Route Propagation.
If under propagate, you see “No”, click on Edit route propagation.
If you see “Yes”, then route propagation is already enabled.
In the next screen, check the box next to the Virtual Private Gateway of your VPC and click Save.

Your route propagation is now enabled.

ACL rules

Please change inbound/outbound security rules to your AWS VMs to allow communication between the two environments.

Set static routes on your Leaseweb servers

On your Leaseweb servers, please add a static route for your AWS IP space using the Leaseweb Private IP address as the Gateway that we provided.

This completes the setup of your AWS Hosted VIF connection, and you should be able to test and use the connection between your Leaseweb servers and AWS Instances.

Deploying an AWS Hosted Connection

An AWS Hosted Connection can be delivered as a single connection or a redundant connection.
Both options use the same Direct Connect Gateway or Virtual Private Gateway, but use a different Virtual Interface with different settings.

The delivery of a Cloud Connect – AWS Hosted Connection order has 3 phases:

Phase 1: Requesting information
Phase 2: Accepting connection and creating a Virtual Interface in the AWS console
Phase 3: BGP configuration and testing