# Create a Layer 3 Multi-cloud Connection Zenlayer's global backbone provides multiple public cloud connections to manage your data across cloud service providers like Amazon Web Services (AWS), Google Cloud Platform (GCP), and Tencent Cloud. A multi-cloud connection is great for synchronizing or migrating large amounts of data between various clouds.

## Background Information * For this demo, we will be using Zenlayer Cloud Router, a layer 3 networking product. If you need a layer 2 connection, you can still reference this guide as the deployment process is very similar. Choose the best connection type based on your actual network topology. * See [**Layer 3 connection**](https://docs.console.zenlayer.com/welcome/cloud-networking/get-started/create-a-layer-3-connection) for the detailed steps for deployment. The demo configurations are as follows. ## Procedures The basic steps of creating a multi-cloud connections are as follows. 1. Sign in to [**zenConsole**](https://console.zenlayer.com/), and go to **Solutions** > **Multi-cloud Connection** in the navigation bar. 2. Select the access points of clouds you want to interconnect.

\ Here we assume that you have:\ \- AWS services active in Hong Kong\ \- Tencent Cloud services active in Frankfurt\ \- Google Cloud services active in Dallas 3. Click **Go to Configuration**, label your Cloud Router and configure each point.\ See [**Configure Public Cloud Points**](#add-access-point-of-tencent-cloud) for details.

4. Validate your connection on the consoles of your public clouds.\ See [**Validate Public Cloud Connections**](#configurations-on-the-aws-side-1) for details. ### Configure Public Cloud Points ### 1. Configure an AWS Access Point Assuming that you have AWS services active in Hong Kong:

1. Label the connections as `aws-hk` and enter your AWS account ID. 2. Configure the BGP routing. * On-premise private IP address: `10.0.0.1/24` * Peer private IP address: `10.0.0.2/24` * On-premiseASN: AWS' ASN, **64512** by default * Peer ASN: **62610** * BGP MD5: You can customize it or copy AWS’ system-generated key. Just be sure to synchronize with the BGP authentication key on AWS. 3. Configure the bandwidth. AWS direct connect provides bandwidth caps like 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, and 10 Gbps. You will be charged for the nearest cap higher than your configuration as the cloud connect bandwidth. Your actual access bandwidth of the access point is still what you have configured. The final configurations are as follows:

### 2. Configure a Tencent Cloud Access Point Assuming that you have Tencent Cloud services active in Frankfurt:

1. Label the connections as `tencent-fra` and enter your Tencent Cloud account ID. 2. Configure the BGP routing. * On-premise private IP address: `10.0.2.1/24` * Peer private IP address: `10.0.2.2/24` * On-premise ASN: Tencent's ASN, **45090** by default * Peer ASN: **62610** * BGP MD5: You can customize it or synchronize it with the BGP authentication key on Tencent Cloud. 3. Configure the bandwidth. Tencent direct connect provides bandwidth specifications like 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 8 Gbps, 10 Gbps, 40 Gbps, and 100 Gbps. You will be charged for the nearest cap higher than your configuration as the cloud connect bandwidth. Your actual access bandwidth of the access point is still what you have configured. The final configurations are as follows:

Configurations of Tencent Cloud Access Point

{% hint style="info" %} **Note** Pay attention to the **Connection provider ID** and **Shared tunnel ID**, which will be used in configurations on Tencent Cloud. {% endhint %} ### 3. Configure a Google Cloud Access Point Assuming that you have Google Cloud services active in Dallas:

1. [Provide your pairing key generated on Google Cloud](#generate-a-pairing-key) and select the location of Dallas. 2. Label the connections as `gcp-dfw`. 3. Configure the BGP routing.\ The IPs will be allocated automatically after the cloud connect is created successfully. * On-premise ASN: GCP' ASN, **16550** by default * Peer ASN: **62610** * BGP MD5: You can customize it or copy GCP’ system-generated key. Just be sure to synchronize with the BGP authentication key on GCP. 4. Configure the bandwidth. Google Cloud direct connect provides bandwidth caps like 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps and 10 Gbps. You will be charged for the nearest cap higher than your configuration as the cloud connect bandwidth. Your actual access bandwidth of the access point is still what you have configured. ### Validate Public Cloud Connections ### 1. Validate AWS Connections 1. Go to [**AWS console**](https://console.aws.amazon.com/console/home?nc2=h_ct\&src=header-signin) > [**Direct Connect**](https://us-east-1.console.aws.amazon.com/directconnect/v2/home?region=us-east-1#/connections). Click on **Virtual private gateways** to create a new virtual private gateway and give it a name (**test-VGW** in this example). Select the default AWS ASN - **64512**.

2. Click **Direct Connect gateways** to create a new one, then give it a name (**test-DC-VGW** in this example). Enter the default AWS ASN - **64512**.

3. Click on the Virtual private gateway - **test-VGW** you created, then go to **Your VPCs** and create a VPC named **test-VPC**.

4. Attach **test-VGW** to the VPC - **test-VPC**.

5. Associate Direct Connect gateway - **test-DC-VGW**.

6. Go to **Connections** and click on the **aws-hk** connection, confirm the information, then click on **Accept**.

7. Create a virtual interface and name it **test-hk**.

* VLAN: The **VLAN ID** on zenConsole. Here, it is **5**. * BGP ASN: The ASN of Zenlayer - **62610**

8. Click on **test-hk,** then **Add peering**.

* BGP ASN: The ASN of Zenlayer - **62610** * Amazon router peer IP: **Your intranet address** - `10.0.0.1/24` on zenConsole * Your router peer IP: **Zenlayer intranet address** - `10.0.0.2/24` on zenConsole * BGP authentication key: **BGP MD5 of customer** - **123** on zenConsole

{% hint style="info" %} **Note** A virtual interface has at least one peering connection, either IPv4 or IPv6. You won't be able to make a new IPv4 peering connection as a default one was generated when you created the virtual interface **test-hk**. To create your own IPv4 peering connection, simply create one in IPv6 first and delete the existing IPv4 connection. {% endhint %} #### **Result** Wait for a few minutes until your AWS direct connect is available and the BGP peering is available and active.

AWS Direct Connect & BGP Peering Available

### 2. Validate Tencent Cloud Connections 1. Go to the [**VPC console**](https://console.tencentcloud.com/vpc), select the region of the VPC, then click on **+New** to create a VPC and give it a name (**test-VPC** in this example).

2. Go to [**Direct Connect**](https://console.tencentcloud.com/dc/dc), click on **Direct Connect Gateway**, then **+New** to create a direct connect gateway and give it a name (**test-GW** in this example). Attach **test-GW** to the VPC - **test-VPC**.

3. Go to [**Direct Connect**](https://console.tencentcloud.com/dc/conn) > **Dedicated Tunnels**, click on **+ New** to apply for a shared tunnel, and name it **test-fra**. Attach **test-fra** to the VPC - **test-VPC** and the direct connect gateway - **test-GW**. * Connection provider ID: Zenlayer is the connection provider. Here the ID is **100000669731**. * Shared tunnel ID: The ID of the connection instance used to create the shared tunnel, usually starting with **dc-**. Here, it is **dc-povc6phh**. * VLAN ID: The VLAN ID on zenConsole. Here, it is **3**. * Bandwidth: The access bandwidth. Here, it is **1 Mbps**. * Tencent Cloud Primary IP: **Your intranet address** - `10.0.2.1/24` on zenConsole. * Tencent Cloud Secondary IP: Used to ensure the normal operation of your business when the **Tencent Cloud primary IP** fails and becomes unavailable. Here, it is `10.0.2.3/24` as an example. * CPE Peer IP: **Zenlayer intranet address** - `10.0.2.2/24` on zenConsole. * BGP ASN: The ASN of Zenlayer - **62610**. * BGP Key: **BGP MD5 of customer** - **456** on zenConsole.

#### **Result** Wait for a few minutes until your shared dedicated tunnel is connected and the BGP routing is established. You can check on the status in the advanced configuration of the shared dedicated tunnel - **test-fra**. ### 3. Configure Google Cloud Connections #### Generate a Pairing Key 1. Go to [**Google Cloud Platform**](https://console.cloud.google.com/), click **VPC network** > **VPC networks** in the navigation menu.

2. Click **CREATE VPC NETWORK**. Configure the VPC (**test-vpc** in this example) information. Select MTU as `1500`.

3. Configure the subnet (**test-subnet** in this example) information. Select Region as `us-south1`. Refer to [**Regions and zones**](https://cloud.google.com/compute/docs/regions-zones/regions-zones?authuser=1\&hl=en&_ga=2.24046782.-52980460.1706170042) to select nearest region.

4. Configure Dynamic routing mode as `Regional`.

5. Go to **Network Connectivity** > **Cloud Routers** in the Navigation menu. Click **CREATE ROUTER**. Associate **test-vpc** to this cloud router **test-vgw** and select the Region as `us-south1 (Dallas)`. The default ASN of Google Cloud is `16550`.

6. Go to **Network Connectivity** > **Interconnect** in the Navigation menu. Click **ADD VLAN ATTACHMENT**.\ 1\) Choose interconnect type as **Partner Interconnect connection** and click **CONTINUE**.

2\) Click **I ALREADY HAVE A SERVICE PROVIDER** > **Create a single VLAN (no redundancy)** and associate **test-vpc** and **test-vgw**. Click **CREATE** to generate a pairing key.

{% hint style="info" %} **Note** Use the pairing key generated on Google Cloud to [**create a cloud router**](#configurations-on-the-aws-side). {% endhint %} #### Validate Cloud Connection 1. After Google Cloud access point is created on zenConsole, go back to [**Google Cloud Platform**](https://console.cloud.google.com/) and you can see that the service is in the status of **Activation needed** in VLAN Attachment list.

2. Click **ACTIVATE** to validate the connection. After activation, select the VLAN attachment that you activated to view its details page.

3. Click **Configure BGP**. 4. In the **Peer ASN** field, add the ASN of Zenlayer: `62610`. 5. Click **SAVE AND CONTINUE**. After all configurations are completed, the status will change to **Up**.

### Result Now your AWS Cloud, Tencent Cloud, and Google Cloud are connected via Zenlayer Cloud Router, and you'll be able to transfer data among them easily and securely. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.console.zenlayer.com/welcome/cloud-networking/best-practice/create-a-multi-cloud-connection-in-cloud-networking.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.