Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Let us make clear the aws directconnect

This slides show the procedure of allocating/confirming the virtual-interface.

  • Login to see the comments

Let us make clear the aws directconnect

  1. 1. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved Let us make clear the [aws directconnect ~] ! 2016-07-18 16:10-16:20 @AWS CLI Conference 2016 Bit-isle Equinix Inc. IT Infrastructure Engineering Dept. Tomoaki Hira
  2. 2. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved Information These slides will be uploaded to slideshare. The json files in the slides have shown in Qiita. ‣ http://qiita.com/rfhira/items/52b402f48e86cf59fe88 2
  3. 3. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved About us 3
  4. 4. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved The company profile of Bit-isle Equinix We were domestic Internet Datacenter Provider. Equinix was acquired us in last year. Equinix obtained five IBXs by acquisition. Bit-isle Equinix provides managed AWS direct connect service during two years. 4
  5. 5. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved Let us make clear the [aws directconnect ~] ! 5
  6. 6. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved Tables of Contents 0: Components of AWS directconnect [private connection] 1: The scenario of this LT 2: See what I can build 3: Conclusion 6
  7. 7. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved Connection 0: Components of AWS directconnect 7 corporate data center virtual private cloud Account: #B virtual private cloud Account: #C Vlan 10 169.254.0.0/30 Vlan 20 169.254.0.4/30 Vlan 30 169.254.0.8/30 Virtual Gateway Virtual Gateway Direct connect Account: #A Up to 4094 vlans? Virtual Interface Confirming the virtual interface Datacenter Network The account of user dept.: #B, #C The account of admin dept.: #A BGP Router *Customer router
  8. 8. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 0: Components of AWS directconnect These are commands the slides covered. ‣ describe-connections [admin dept.] ‣ describe-virtual-interfaces [user dept.] ‣ allocate-private-virtual-interface [admin dept.] ‣ confirm-private-virtual-interface [user dept.] ‣ delete-virtual-interface [user dept.] 8
  9. 9. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved VPC Subnet 172.29.0.0/20 Connection 1: The scenario of this LT 9 corporate data center virtual private cloud Account: #B Virtual Gateway Direct connect Account: #A Up to 4094 vlans? Datacenter Network 172.30.100.0/24 The account of user dept.: #B The account of admin dept.: #A [1] We have a connection already between the DC to AWS(Account #A) [2] We have already set up the BGP router [4] We will execute a command “confirm-virtual- interface”(Account #B) [5] We will set up some configuration of EC2/VPC. (eg. Security Group / Route Table) Vlan 511 169.254.15.212/30 [3] We will execute a command “allocate-virtual- interface”(Account #A)
  10. 10. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved See what I can build 10
  11. 11. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-0: Check our environment [user dept.] Input command # aws ec2 describe-vpcs # aws ec2 describe-subnets # aws ec2 describe-vpn-gateways # aws ec2 describe-route-tables 11
  12. 12. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-0: Check our environment [user dept.] 12  Response The response of vpcs, subnets, and vpn-gateways is omitted. Following is a response of a part of “aws ec2 describe-route-tables”. { "Associations": [ { "RouteTableAssociationId": "rtbassoc-c7c749a3", "Main": true, "RouteTableId": "rtb-f3629e97" } ], "RouteTableId": "rtb-f3629e97", "VpcId": "vpc-07f8f462", "PropagatingVgws": [], "Tags": [], "Routes": [ { "GatewayId": "local", "DestinationCidrBlock": "172.29.0.0/16", "State": "active", "Origin": "CreateRouteTable" } ] } Important attributes
  13. 13. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-1: Check our connections [admin dept.] Input command # aws directconnect describe-connections 13 Response { "ownerAccount": "1790********", "connectionId": "dxcon-fg0z****", "connectionState": "available", "bandwidth": "10Gbps", "location": "EqTY2", "connectionName": "DX2BACKUP", "region": "ap-northeast-1" }
  14. 14. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-2: BGP Configuration 14  Link network : 169.254.15.212/30  Vlan ID : 511  Customer router IP address : 169.254.15.213/30  Amazon router IP address : 169.254.15.214/30  ASNumber of the customer : 65000  BGP TCP MD5 Auth Key : fr3gUCLDLS6MQsVLVBw9zgdt
  15. 15. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-3: Allocate the virtual interface Input command # CONNECTION='dxcon-fg0z****' # VIFNAME='NWG-HIRA-BK' # ACCOUNTID='5651********' # VLANID='511' # ROUTERIP='169.254.15.213/30' # AMAZONIP='169.254.15.214/30' # BGPASN='65000' # BGPMD5='fr3gUCLDLS6MQsVLVBw9zgdt‘ # aws directconnect allocate-private-virtual-interface --connection-id $CONNECTION --owner-account $ACCOUNTID --new-private-virtual-interface- allocation virtualInterfaceName=$VIFNAME,vlan=$VLANID,asn=$BGPASN,authKey=$BG PMD5,amazonAddress=$AMAZONIP,customerAddress=$ROUTERIP 15 Account ID of the User Dept
  16. 16. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-3: Allocate the virtual interface Response { "virtualInterfaceState": "confirming", "asn": 65000, "vlan": 511, "customerAddress": "169.254.15.213/30", "ownerAccount": "5651********", "connectionId": "dxcon-fg0z****", "virtualInterfaceId": "dxvif-********", "authKey": "fr3gUCLDLS6MQsVLVBw9zgdt", "routeFilterPrefixes": [], "location": "EqTY2", "customerRouterConfig": "<?xml version="1.0" encoding="UTF-8…>” } ※I removed most part of the customerRouterConfig because it is too long 16 The status will be confirming
  17. 17. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-4: Confirm the virtual interface Input command # VGWID=`aws ec2 describe-vpn-gateways | jq .VpnGateways[0].VpnGatewayId | tr -d '"'` # VIFID=`aws directconnect describe-virtual-interfaces | jq .virtualInterfaces[0].virtualInterfaceId | tr -d '"'` # cat <<ETX VIFID=$VIFID VGWID=$VGWID ETX # aws directconnect confirm-private-virtual-interface --virtual-interface-id $VIFID --virtual-gateway-id $VGWID 17
  18. 18. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-4: Confirm the virtual interface Response and a part of confirming { "virtualInterfaceState": "pending" } (This process needs few minutes) # aws directconnect describe-virtual-interfaces { "virtualInterfaces": [ { "virtualInterfaceState": "available", … 18 virtualInterfaceState will be changed automatically.
  19. 19. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-5: Some configuration for VPC [Security Group] Input command # aws ec2 describe-security-groups | jq .SecurityGroups[2].IpPermissions[1] Response and a part of confirming { "IpProtocol": "-1", "IpRanges": [ { "CidrIp": "172.30.100.0/24" } ], "UserIdGroupPairs": [], "PrefixListIds": [] } 19
  20. 20. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-5: Some configuration for VPC [vgw Route Propagation]  Input command # aws ec2 enable-vgw-route-propagation --route-table-id rtb-4998**** --gateway-id $VGWID  A part of confirming "PropagatingVgws": [ { "GatewayId": "vgw-abbd****" } ], "Routes": [ … { "GatewayId": "vgw-abbd0baa", "DestinationCidrBlock": "172.30.100.0/24", "State": "active", "Origin": "EnableVgwRoutePropagation" } ] 20 If you want to use all of the route from BGP router, the feature “vgw-route-propagation” can be used. From vgw To RouteTable
  21. 21. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved 2-6: Delete the virtual interface Input command # VIFID=`aws directconnect describe-virtual-interfaces | jq .virtualInterfaces[0].virtualInterfaceId | tr -d '"'` # cat <<ETX VIFID: $VIFID ETX #aws directconnect delete-virtual-interface --virtual-interface-id $VIFID Response and a part of confirming { "virtualInterfaceState": "deleting" } 21 virtualInterfaceState will be changed automatically.
  22. 22. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved VPC Subnet 172.29.0.0/20 Connection 4: Conclusion 22 corporate data center virtual private cloud Account: #B Virtual Gateway Direct connect Account: #A Up to 4094 vlans? Datacenter Network 172.30.100.0/24 The account of user dept.: #B The account of admin dept.: #A [1] We have a connection already between the DC to AWS(Account #A) [2] We have already set up the BGP router [4] We have executed a command “confirm-virtual- interface”(Account #B) [5] We have set up some configuration of EC2/VPC. (eg. Security Group / Route Table) Vlan 511 169.254.15.212/30 [3] We have execute a command “allocate-virtual- interface”(Account #A)
  23. 23. Copyright © 2016 Bit-isle Equinix Inc. All Rights Reserved ビットアイル・エクイニクス株式会社 TEL 03-5805-8154 FAX 03-3474-5538 URL http://www.bit-isle.jp/ 23

×