After reviewing the previous article, we are ready to deploy the solution in the AWS Portal. For this example, we will deploy a DX Gateway with a Private VIF and a VPG.
Pre-requisites
Accept the DX Hosted Connection
Create a Direct Connect Gateway (DX Gateway)
Create a Virtual Private Gateway (VGW) and associate it with the desired VPC
The VGW is not a global service; please make sure when creating it that you do it so in the same region as your resources.
Associate the VGW with the DX Gateway.
You can associate up to 10 VGW
Think about a /30 IP range network for establishing BGP toward AWS
Now that all the pre-requisites are in place, let’s create a Private VIF and interconnect everything.
Create a Private VIF
Steps for creating a Private VIF
Go to the Direct Connect Service, and click on Create virtual interface.
Select Private VIF
Add the name you consider to this Virtual interface
In connection, select the DX Connection you have previously ordered and accepted
Select the created Direct Connect Gateway in the pre-requisites
Skip the VLAN field; AWS will take care of it
BGP ASN from your router
IMPORTANT
Click on Additional settings and complete the following information
Fill in with the BGP IPs from the pre-requisites
The first IP should be yours
The second IP is for AWS
Add a secret Password.
Enable Jumbo MTU size.
Click on create virtual interface.
Note:
If you want resiliency, you should repeat this step, creating another Private VIF with a new DX Hosted Connection, and attaching it to the same DX Gateway:
Check the VIF and establish BGP
Now AWS will create the VIF; it can take up to 10 minutes to be ready
We can download the configuration file by clicking on Actions, Download Sample Configuration.
Important:
You’ll need to edit the VLAN ID from the sample configuration and put the VLAN ID you would like to use towards DE-CIX; we’ll handle the rest.
If you use a different VLAN from the DE-CIX one, this setup will not work.
After applying the configuration with the corrected VLAN, the BGP came up.
There is one last step to complete:
Edit the routing table in the VPC to allow connection via DirectConnect
To allow the traffic from the cloud to our on-premises, we need to edit the subnet route table we want to interconnect and add the routes to our network.
Activate the routing propagation in the routing table; it will automatically add the received route once the connection is UP.
Important:
The networks can’t overlap, so if you are using the same IP Space as the VPC, it will not work. Also, don’t forget to configure on the on-premises side to redirect the traffic to the Direct Connect path.
If everything is up and the routes have been added, you should be able to ping between your on-premise and the cloud.