Create a Layer 3 Multi-cloud Connection
Last updated
Last updated
Zenlayer's global backbone provides multiple public cloud connections to manage your data across cloud service providers like Amazon Web Services (AWS), Google Cloud Platform (GCP), and Tencent Cloud. A multi-cloud connection is great for synchronizing or migrating large amounts of data between various clouds.
For this demo, we will be using Zenlayer Cloud Router, a layer 3 networking product. If you need a layer 2 connection, you can still reference this guide as the deployment process is very similar. Choose the best connection type based on your actual network topology.
See Layer 3 connection for the detailed steps for deployment. The demo configurations are as follows.
The basic steps of creating a multi-cloud connections are as follows.
Sign in to zenConsole, and go to Solutions > Multi-cloud Connection in the navigation bar.
Select the access points of clouds you want to interconnect.
Here we assume that you have: - AWS services active in Hong Kong - Tencent Cloud services active in Frankfurt - Google Cloud services active in Dallas
Click Go to Configuration, label your Cloud Router and configure each point. See Configure Public Cloud Points for details.
Validate your connection on the consoles of your public clouds. See Validate Public Cloud Connections for details.
Assuming that you have AWS services active in Hong Kong:
Label the connections as aws-hk
and enter your AWS account ID.
Configure the BGP routing.
On-premise private IP address: 10.0.0.1/24
Peer private IP address: 10.0.0.2/24
On-premiseASN: AWS' ASN, 64512 by default
Peer ASN: 62610
BGP MD5: You can customize it or copy AWS’ system-generated key. Just be sure to synchronize with the BGP authentication key on AWS.
Configure the bandwidth. AWS direct connect provides bandwidth caps like 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, and 10 Gbps. You will be charged for the nearest cap higher than your configuration as the cloud connect bandwidth. Your actual access bandwidth of the access point is still what you have configured.
The final configurations are as follows:
Assuming that you have Tencent Cloud services active in Frankfurt:
Label the connections as tencent-fra
and enter your Tencent Cloud account ID.
Configure the BGP routing.
On-premise private IP address: 10.0.2.1/24
Peer private IP address: 10.0.2.2/24
On-premise ASN: Tencent's ASN, 45090 by default
Peer ASN: 62610
BGP MD5: You can customize it or synchronize it with the BGP authentication key on Tencent Cloud.
Configure the bandwidth. Tencent direct connect provides bandwidth specifications like 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 8 Gbps, 10 Gbps, 40 Gbps, and 100 Gbps. You will be charged for the nearest cap higher than your configuration as the cloud connect bandwidth. Your actual access bandwidth of the access point is still what you have configured.
The final configurations are as follows:
Note
Pay attention to the Connection provider ID and Shared tunnel ID, which will be used in configurations on Tencent Cloud.
Assuming that you have Google Cloud services active in Dallas:
Provide your pairing key generated on Google Cloud and select the location of Dallas.
Label the connections as gcp-dfw
.
Configure the BGP routing. The IPs will be allocated automatically after the cloud connect is created successfully.
On-premise ASN: GCP' ASN, 16550 by default
Peer ASN: 62610
BGP MD5: You can customize it or copy GCP’ system-generated key. Just be sure to synchronize with the BGP authentication key on GCP.
Configure the bandwidth. Google Cloud direct connect provides bandwidth caps like 50 Mbps, 100 Mbps, 200 Mbps, 300 Mbps, 400 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps and 10 Gbps. You will be charged for the nearest cap higher than your configuration as the cloud connect bandwidth. Your actual access bandwidth of the access point is still what you have configured.
Go to AWS console > Direct Connect. Click on Virtual private gateways to create a new virtual private gateway and give it a name (test-VGW in this example). Select the default AWS ASN - 64512.
Click Direct Connect gateways to create a new one, then give it a name (test-DC-VGW in this example). Enter the default AWS ASN - 64512.
Click on the Virtual private gateway - test-VGW you created, then go to Your VPCs and create a VPC named test-VPC.
Attach test-VGW to the VPC - test-VPC.
Associate Direct Connect gateway - test-DC-VGW.
Go to Connections and click on the aws-hk connection, confirm the information, then click on Accept.
Create a virtual interface and name it test-hk.
VLAN: The VLAN ID on zenConsole. Here, it is 5.
BGP ASN: The ASN of Zenlayer - 62610
Click on test-hk, then Add peering.
BGP ASN: The ASN of Zenlayer - 62610
Amazon router peer IP: Your intranet address - 10.0.0.1/24
on zenConsole
Your router peer IP: Zenlayer intranet address - 10.0.0.2/24
on zenConsole
BGP authentication key: BGP MD5 of customer - 123 on zenConsole
Note
A virtual interface has at least one peering connection, either IPv4 or IPv6. You won't be able to make a new IPv4 peering connection as a default one was generated when you created the virtual interface test-hk.
To create your own IPv4 peering connection, simply create one in IPv6 first and delete the existing IPv4 connection.
Wait for a few minutes until your AWS direct connect is available and the BGP peering is available and active.
Go to the VPC console, select the region of the VPC, then click on +New to create a VPC and give it a name (test-VPC in this example).
Go to Direct Connect, click on Direct Connect Gateway, then +New to create a direct connect gateway and give it a name (test-GW in this example). Attach test-GW to the VPC - test-VPC.
Go to Direct Connect > Dedicated Tunnels, click on + New to apply for a shared tunnel, and name it test-fra. Attach test-fra to the VPC - test-VPC and the direct connect gateway - test-GW.
Connection provider ID: Zenlayer is the connection provider. Here the ID is 100000669731.
Shared tunnel ID: The ID of the connection instance used to create the shared tunnel, usually starting with dc-. Here, it is dc-povc6phh.
VLAN ID: The VLAN ID on zenConsole. Here, it is 3.
Bandwidth: The access bandwidth. Here, it is 1 Mbps.
Tencent Cloud Primary IP: Your intranet address - 10.0.2.1/24
on zenConsole.
Tencent Cloud Secondary IP: Used to ensure the normal operation of your business when the Tencent Cloud primary IP fails and becomes unavailable. Here, it is 10.0.2.3/24
as an example.
CPE Peer IP: Zenlayer intranet address - 10.0.2.2/24
on zenConsole.
BGP ASN: The ASN of Zenlayer - 62610.
BGP Key: BGP MD5 of customer - 456 on zenConsole.
Wait for a few minutes until your shared dedicated tunnel is connected and the BGP routing is established.
You can check on the status in the advanced configuration of the shared dedicated tunnel - test-fra.
Go to Google Cloud Platform, click VPC network > VPC networks in the navigation menu.
Click CREATE VPC NETWORK. Configure the VPC (test-vpc in this example) information. Select MTU as 1500
.
Configure the subnet (test-subnet in this example) information. Select Region as us-south1
. Refer to Regions and zones to select nearest region.
Configure Dynamic routing mode as Regional
.
Go to Network Connectivity > Cloud Routers in the Navigation menu. Click CREATE ROUTER. Associate test-vpc to this cloud router test-vgw and select the Region as us-south1 (Dallas)
. The default ASN of Google Cloud is 16550
.
Go to Network Connectivity > Interconnect in the Navigation menu. Click ADD VLAN ATTACHMENT. 1) Choose interconnect type as Partner Interconnect connection and click CONTINUE.
2) Click I ALREADY HAVE A SERVICE PROVIDER > Create a single VLAN (no redundancy) and associate test-vpc and test-vgw. Click CREATE to generate a pairing key.
Note
Use the pairing key generated on Google Cloud to create a cloud router.
After Google Cloud access point is created on zenConsole, go back to Google Cloud Platform and you can see that the service is in the status of Activation needed in VLAN Attachment list.
Click ACTIVATE to validate the connection. After activation, select the VLAN attachment that you activated to view its details page.
Click Configure BGP.
In the Peer ASN field, add the ASN of Zenlayer: 62610
.
Click SAVE AND CONTINUE.
After all configurations are completed, the status will change to Up.
Now your AWS Cloud, Tencent Cloud, and Google Cloud are connected via Zenlayer Cloud Router, and you'll be able to transfer data among them easily and securely.