Edge Spoke Gateway Deployment Workflow on Megaport Virtual Edge
Aviatrix Edge on Megaport Virtual Edge is available as a Preview Feature in CoPilot version 4.11 with Controller version 7.1.3958. |
This document provides instructions for deploying a primary and secondary highly available (HA) Edge Spoke Gateways on Megaport Virtual Edge.
For an overview of Aviatrix Edge, see About Aviatrix Hybrid Cloud Edge.
Topology
The design below shows a high-level hybrid cloud solution with Aviatrix Edge leveraging Megaport fabric.
Prerequisites
Before you deploy an Aviatrix Edge Gateway on the Megaport Virtual Edge platform, you must perform the prerequisite steps to set up a Megaport Portal account and a Network Service Provider Platform account.
For instructions on how to create these accounts, see Prerequisites for Edge Spoke Gateway Deployment on Megaport Virtual Edge.
Edge Spoke Gateway Deployment Workflow in Megaport
To deploy Aviatrix Edge Spoke Gateway, first you need to procure and onboard your edge device on the platform of your choice (see Prerequisites for Edge Spoke Gateway Deployment on Megaport Virtual Edge). Next, you deploy the Aviatrix Edge Gateway on the edge device and attach the Edge Gateway to the Aviatrix Transit Gateway for cloud connectivity. Then, configure the Edge Gateway for LAN-side connectivity.
This workflow provides the steps to create a primary and secondary (HA) Edge Gateway in Megaport Virtual Edge. It also provides the steps to attach the Edge Gateways to a Transit Gateway and connect the Edge Gateways to an external device, such as a LAN BGP router.
Creating the ZTP Cloud-Init and Deploying Primary Edge Gateway (Megaport)
The Edge Gateway cloud-init ZTP file is used to provision the Aviatrix Edge Gateway virtual machine and create the Edge Gateway in Megaport Virtual Edge (MVE).
To create the primary Edge Gateway, follow these steps.
Step 1: Gateway Configuration
-
In CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.
-
Click Spoke Gateways, then click +Spoke Gateway and provide the following information.
Field
Description
Name
Name for the Edge Gateway.
The name must start with a letter and contain only letters, numbers, and dashes (no special characters or spaces) and it can be up to 50 characters long.
Platform
The platform account where you want to deploy the Edge Gateway.
You can create and edit platform accounts in CoPilot by going to Cloud Fabric > Hybrid Cloud > Platforms tab.
Site
Identifies the edge location.
You can select an existing name or enter a new name for the edge location.
See Edge site.
ZTP File Type
This is set to cloud-init.
High Availability
High Availability is set to Off for the primary Edge Gateway.
You can turn High Availability to On after the primary Edge Gateway is created.
-
Click Next to configure the edge gateway interfaces.
Step 2: Interface Configurations
By default, an Edge Spoke Gateway has three interfaces: one WAN interface, one LAN interface, and one Management interface. You can configure multiple WAN interfaces on the Edge Gateway, as needed. You will need these configuration information to configure the interfaces.
In the Interface Configuration section, configure the WAN, LAN, and Management interfaces for the Edge Gateway.
Configuring the WAN Interface
You can configure multiple WAN interfaces on the Edge Gateway. Megaport MVE supports a maximum of 5 interfaces. Aviatrix Edge Gateway requires at least 3 interfaces (WAN, LAN, and MGMT), additional two interfaces can be WAN interfaces.
-
Click + WAN Interface, then provide the following information.
Field
Description
Interface
This is set to the Edge Gateway’s logical interface.
Adding multiple WAN interfaces is applicable when the Edge Gateway is set up for BGP underlay to cloud service provider (CSP). Add an interface per CSP underlay (such as Direct Connect or Express Route).
When Edge Gateway is not terminating CSP underlay, use one interface per Edge Gateway to connect to upstream router.
Interface Labels
Name to identify the WAN interface.
BGP
Enables BGP underlay connection to cloud service provider (CSP) on the WAN interface.
Set BGP toggle On to set up BGP connection to cloud routers such as VGW, VNG, and Google cloud router.
Edge Gateway WAN support for BGP underlay to CSP is supported for AWS, Azure, and GCP. Interface Primary CIDR
The CIDR for the WAN interface.
DHCP for dynamic IP address assignment is not supported.
Interface CIDR must be in the format interface_ip/netmask (for example, 192.18.20.1/24).
Interface CIDR cannot be link-local CIDR. If you need to create a BGP underlay connection to cloud service provider (CSP) with a link-local IP address, you must enter the link-local IP address in the Link-local Underlay CIDR setting of the WAN interface.
Default Gateway IP
The Default Gateway IP address for the WAN interface.
For CSP underlay, this is the remote side IP address of the BGP session on CSP VNG or VGW.
If Link-Local Underlay CIDR is configured, the Default Gateway IP should be in the same subnet as the Link-Local Underlay CIDR, otherwise, it should be in the same subnet as the WAN Interface CIDR.
Public IP
The public IP for the WAN interface.
The public IP of the WAN interface is used for peering connections over the public network.
-
If BGP is turned On, provide the following information:
Field
Description
Link-Local Underlay CIDR (GCP only)
The Link-Local Underlay CIDR is used for BGP underlay connections to cloud service provider (CSP).
If you need to create a BGP underlay connection to CSP with a link-local IP address, you must provide the Link-Local Underlay CIDR for the WAN interface in the format of link_local_underlay_ip/netmask (for example 169.254.100.3/24).
This is required for GCP. If terminating GCP Interconnect and using BGP underlay on Edge, provide the WAN Default Gateway of the peer IP address.
If Link-Local Underlay CIDR is configured, the Default Gateway IP should be in the same subnet as the Link-Local Underlay CIDR, otherwise, it should be in the same subnet as the WAN Interface CIDR.
Remote ASN
The AS Number of the CSP side peering connection such as private VIF on VGW (AWS) and VNG ASN (Azure).
Local LAN IP
The IP address of the Edge Gateway. This is the local peering PTP IP for BGP.
Remote LAN IP
The IP address of the CSP VNG or VGW peering PTP IP. (GCP is not supported).
Password (optional)
The MD5 authentication key.
-
If BGP is turned On, in Gateway Configuration, enter the Local AS Number of the Edge Gateway.
-
To add another WAN interface, click + WAN again and provide the required information.
To change or update the Edge Gateway WAN connectivity to Transit Gateway, you will need to first detach the Edge-to-Transit gateway attachment, if there is an attachment.
Configuring the LAN Interface
To configure the Edge Gateway LAN interface, click + LAN Interface, then provide the following information.
Field |
Description |
Interface |
The Edge Gateway’s logical interface name. |
Interface Labels |
Name to identify the LAN interface. |
Interface CIDR |
The CIDR for the LAN interface. DHCP for dynamic IP address assignment is not supported. |
Default Gateway IP |
(Optional) The Default Gateway IP address for the LAN interface. |
Configuring the Management Interface
To configure the Edge Gateway Management interface:
-
Click MGMT, then click + MGMT interface.
-
Leave the default settings and click Save.
Leave the Private Network setting to Off. In the Megaport fabric, the MGMT interface of the Edge Gateway is assigned the Public IP address that is allocated by Megaport.
-
To create the ZTP cloud-init image file, click Done.
CoPilot downloads the ZTP cloud-init file to your Downloads folder.
Next, log in to Megaport and deploy the Edge Gateway VM instance and attach the cloud-init image file to complete the Edge Gateway creation and authentication with the Aviatrix Controller.
The cloud-init image file expires after 24 hours. You cannot download it again and will have to repeat the above steps to recreate the file. You must launch an Edge MVE on the Megaport platform and deploy the Edge Gateway within the 24 hours.
Creating the ZTP Cloud-Init and Deploying the Secondary Edge Gateway (Megaport)
|
To create a highly available (HA) Edge Gateway, follow these steps.
Step 1: Gateway Configuration
-
Go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.
-
Click Spoke Gateways
-
In the table, locate the primary Edge Gateway for which you want to create the HA gateway and click its Edit icon.
-
In Edit Edge Gateway, from the High Availability dropdown menu, select Active-Active or Active-Standby mode.
-
Click Next to configure the edge gateway interfaces.
Step 2: Interface Configuration
In Interface Configuration section, configure the WAN, LAN, and Management interfaces of the secondary (HA) Edge Gateway.
Configuring the WAN Interface
You can configure multiple WAN interfaces on the Edge Gateway. Megaport MVE supports a maximum of 5 interfaces. Aviatrix Edge Gateway requires at least 3 interfaces (WAN, MGMT and LAN), additional two interfaces can be WAN interfaces.
-
Click + WAN Interface, then provide the following information.
Parameter Description Edge Gateway Interface
This is set to eth0.
Adding multiple WAN interfaces is applicable when Edge Gateway is used for BGP underlay to CSP. Add an interface per CSP underlay (such as Direct Connect or Express Route). When Edge Gateway is not terminating CSP underlay, use one interface per Edge Gateway to connect to upstream router.
DHCP for dynamic IP address assignment is not supported.
Interface Labels
A name to identify this WAN interface.
BGP
To enable BGP on the Edge Gateway, set this switch to On.
WAN support for BGP underlay to CSP is supported for AWS and Azure. Interface CIDR
The CIDR for the WAN interface.
Default Gateway IP
The Default Gateway IP address for this WAN interface.
For CSP underlay, this is the remote side IP address of the BGP session on CSP VNG or VGW.
-
If BGP is turned On, provide the following information:
Parameter Description Local ASN
The ASN of the Edge Gateway.
Remote ASN
The ASN of the CSP side peering connection such as private VIF on VGW (AWS) and VNG ASN (Azure).
Password (optional)
The MD5 authentication key.
To change or update the Edge Gateway WAN connectivity to Transit Gateway, you will need to first detach the Edge-to-Transit gateway attachment, if there is an attachment. |
Configuring the LAN Interface
-
Click LAN, then provide the following information.
Parameter
Description
Edge Gateway Interface
This is set to eth1.
DHCP for dynamic IP address assignment is not supported.
Interface Labels
Enter a name to identify this LAN interface.
Interface CIDR
The CIDR for the LAN interface.
Default Gateway IP
(Optional) The Default Gateway IP address for this LAN interface.
Configuring the Management Interface
-
Click + MGMT interface. Leave the default settings and click Save.
Leave the Private Network setting to Off. In the Megaport Fabric, the MGMT interface of the Edge Gateway is assigned the Public IP address that is allocated by Megaport.
-
To create the ZTP cloud-init image file, click Save and Download Configuration.
CoPilot downloads the ZTP cloud-init file to your Downloads folder.
The cloud-init image file expires after 24 hours. You cannot download it again and will have to repeat the above steps to recreate the file. You must launch an Edge MVE on the Megaport platform and deploy the Edge Gateway within the 24 hours.
Attaching Edge Spoke Gateway to Transit Gateway
To attach an Edge Spoke Gateway to a Transit Gateway, perform the prerequisites then create the attachment.
Prerequisites
Before you create the attachment:
-
Ensure Local ASN Number is configured on Edge and Transit Gateway.
-
If the Edge to Transit Gateway attachment is over public network, you need to update the WAN Public IP on the Edge Gateway.
-
Go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.
-
Click Spoke Gateways.
-
Locate the Edge Gateway, and click its Edit icon on the right.
-
In Edit Edge Gateway, go to Interface Configuration and click WAN.
-
In Public IP, click Discover.
-
Verify the WAN Public IP and click Save.
-
Attach Edge Spoke Gateway to Transit Gateway
|
To create the attachment:
-
In Aviatrix CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.
-
Click Spoke Gateways.
-
Locate the Edge Gateway, and click Manage Gateway Attachments icon on the right side of the row.
-
In Manage Gateway Attachments > Transit Gateway tab, click +Attachment and provide the following information.
Field
Description
Transit Gateway
From the dropdown menu, select the Transit Gateway you want to attach to the Edge Transit Gateway.
Local Edge Gateway Interface
From the dropdown menu, select the WAN interface of the local Edge Gateway.
Attach Over
From the dropdown menu, select whether the connection between the Edge Gateways is over a Private Network or the Public Network.
Jumbo Frame
If you want to use Jumbo Frames for the connection between the Edge Gateways, set Jumbo Frame toggle to On.
Jumbo Frame option is applicable when the attachment is over a private network.
High Performance Encryption
If you want to enable High Performance Encryption (HPE) for the connection between the Edge Gateways, set High Performance Encryption toggle to On.
Number of Tunnels
From the dropdown menu, select the number of HPE tunnels to create.
-
Max Tunnels creates the maximum tunnels based on the gateway sizes and the number of interface IPs on the peering gateway.
This option is available only for connection over a private network.
-
Custom allows you to specify the number of tunnels to create.
-
-
To attach the Edge Gateway to another Transit Gateway, click + Attachment again and provide the required information.
You can attach an Edge Gateway to multiple Transit Gateways. Each attachment can be configured with different parameters, such as connecting interfaces, connection over private or public network, high-performance encryption, and Jumbo Frame.
-
Click Save.
Connecting Edge Spoke Gateway to an External Device (BGP over LAN)
For LAN-side connectivity, you can connect the Edge Spoke Gateway to an external device, such as a LAN BGP router.
To connect the Edge Gateway to the LAN BGP router, follow these steps.
-
In CoPilot, navigate to Networking > Connectivity > External Connections (S2C) tab.
-
From + External Connection To dropdown menu, select External Device, then provide the following information.
Field
Description
Name
Name to identify the connection to the LAN router.
Connect Using
Select BGP.
Type
Select LAN.
Local Gateway
The Edge Gateway that you want to connect to the LAN router.
Local ASN
The Local AS number that the Edge Gateway will use to exchange routes with the LAN router.
This is automatically populated if the Edge Gateway is assigned an ASN already. -
In LAN Configuration, provide the following information.
Field
Description
Remote ASN
The BGP AS number that is configured on the LAN router.
Remote LAN IP
The IP address of the LAN router.
Local LAN IP
This is automatically populated with the Edge Gateway’s LAN interface IP address.
-
Click Save.