Edge Transit Gateway Deployment Workflow on Megaport Virtual Edge

This document provides instructions for deploying a primary and secondary highly available (HA) Edge Transit Gateways on Megaport Virtual Edge.

Edge Transit Gateway on Megaport Virtual Edge is available as a Preview Feature in CoPilot version 4.14 with Controller version 7.2.4820.

For an overview of Aviatrix Edge, see About Aviatrix Hybrid Cloud Edge.

Topology

The following diagram shows an example of network connectivity for Edge Transit Gateway to a Transit Gateway in AWS. This topology shows Edge Transit connection to an upstream WAN router which is used to terminate CSP underlay private connections.

650

The topology below shows Edge Transit Gateway used to terminate CSP underlay private connections (which does not require upstream WAN router).

650
Edge Transit Gateway requires the latest versions of Aviatrix Controller 7.2 and Aviatrix Edge Image 7.2 to support BGP underlay connectivity to CSP.

Prerequisites

Before you can deploy an Edge Transit Gateway on the Megaport platform, you must perform the prerequisite steps to set up an Equinix account, a Network Service Provider (NSP) platform account, and provide network access.

For instructions to create these accounts, see Prerequisites for Edge Transit Gateway Deployment on Megaport Virtual Edge.

Edge Transit Gateway Deployment Workflow in Megaport

To deploy an Edge Transit Gateway, first you need to procure and onboard your edge devices on the platform of your choice (see Prerequisites for Edge Transit Gateway Deployment on Megaport Virtual Edge.

Next, you deploy the primary and secondary highly available (HA) Edge Transit Gateways on the edge devices. Then, attach the primary Edge Transit Gateway to the Aviatrix Transit Gateway for cloud connectivity and to the Edge Spoke Gateway for LAN-side connectivity. The workflow below guides you through these steps.

  1. Create and deploy the primary Edge Transit Gateway.

  2. Create and deploy the secondary HA Edge Transit Gateway.

  3. Attach the primary Edge Transit Gateway to the Transit Gateway.

  4. Attach the primary Edge Transit Gateway to the Edge Spoke Gateway.

  5. Connect the Edge Spoke Gateway to an external device.

Creating the ZTP Cloud-Init for the Primary Edge Transit Gateway (Megaport)

The Edge Gateway cloud-init ZTP file is used to provision the Edge Gateway virtual machine and create the Edge Gateway in Megaport Virtual Edge (MVE).

To create the primary Edge Transit Gateway cloud-init ZTP file, follow these steps.

Step 1: Gateway Configuration

  1. In CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.

  2. Click Transit Gateways, then click + Transit Gateway and provide the following information.

    Field

    Description

    Name

    Name for the Edge Gateway.

    The name must start with a letter and contain only letters, numbers, and dashes (no special characters or spaces) and it can be up to 50 characters long.

    Platform

    The platform account where you want to deploy the Edge Gateway.

    You can create and edit platform accounts in CoPilot by going to Cloud Fabric > Hybrid Cloud > Platforms tab. See Setting up Accounts for Edge Platforms.

    Site

    Identifies the edge location.

    You can select an existing name or enter a new name for the edge location. See Edge site.

    ZTP File Type

    This is set to cloud-init.

    High Availability

    High Availability is set to Off for the primary Edge Gateway.

    You can turn High Availability to On after the primary Edge Gateway is created.

  3. Next, configure the gateway interfaces.

Step 2: Interface Configuration

By default, an Edge Transit Gateway has two interfaces: one WAN interface on eth0, and one Management interface on eth2. You can configure multiple WAN interfaces on the Edge Gateway, as needed. You will need these configuration information to configure the interfaces.

In the Interface Configuration, configure the WAN and Management interfaces for the Edge Transit Gateway.

Configure the WAN Interface

You can configure up to 9 WAN interfaces on the Edge Transit Gateway.

  1. In Interface Configuration, click + WAN Interface and provide the following information.

    Field

    Description

    Interface Labels

    Name to identify the WAN interface.

    BGP

    Enables BGP underlay connection to cloud service provider (CSP) on the WAN interface.

    Set BGP toggle On to set up BGP connection to cloud routers such as VGW, VNG, and Google cloud router.

    Edge Gateway WAN support for BGP underlay to CSP is supported for AWS, Azure, and GCP.

    Interface Primary CIDR

    The CIDR for the WAN interface.

    Interface CIDR must be in the format interface_ip/netmask (for example, 192.18.20.1/24).

    Interface CIDR cannot be link-local CIDR.

    If you need to create a BGP underlay connection to cloud service provider (CSP) with a link-local IP address, you must enter the link-local IP address in the Link-local Underlay CIDR setting of the WAN interface.

    Interface Secondary CIDRs

    The secondary CIDRs for the WAN interface.

    Interface CIDR must be in the format interface_ip/netmask (for example, 192.18.20.1/24).

    The secondary CIDRs are used for High Performance Encryption (HPE) attachment peering connections over a private network between the Edge Transit Gateway to another Edge Transit Gateway or Edge Spoke Gateway. The secondary IP addresses (based on the secondary CIDRs) are automatically assigned to create the peering connections. You can define /32 CIDR for specific secondary IP address.

    Secondary CIDR cannot be link-local CIDR.

    Default Gateway IP

    The Default Gateway IP address for the WAN interface.

  2. If BGP is turned On, provide the following information:

    Field

    Description

    Link-Local Underlay CIDR (GCP only)

    The Link-Local Underlay CIDR is used for BGP underlay connections to cloud service provider (CSP).

    If you need to create a BGP underlay connection to CSP with a link-local IP address, you must provide the Link-Local Underlay CIDR for the WAN interface in the format of link_local_underlay_ip/netmask (for example 169.254.100.3/24).

    This is required for GCP. If terminating GCP Interconnect and using BGP underlay on Edge, provide the WAN Default Gateway of the peer IP address.

    If Link-Local Underlay CIDR is configured, the Default Gateway IP should be in the same subnet as the Link-Local Underlay CIDR, otherwise, it should be in the same subnet as the WAN Interface CIDR.

    Local ASN

    The Local ASN Number of the Edge Gateway.

    Remote ASN

    The AS Number of the CSP side peering connection such as private VIF on VGW (AWS) and VNG ASN (Azure).

    Local LAN IP

    The IP address of the Edge Gateway. This is the local peering PTP IP for BGP.

    Remote LAN IP

    The IP address of the CSP VNG or VGW peering PTP IP. (GCP is not supported).

    Password (optional)

    The MD5 authentication key.

  3. To add another WAN interface, click + WAN Interface again and provide the required information.

    To change or update the Edge Gateway WAN connectivity to Transit Gateway, you will need to first detach the Edge-to-Transit gateway attachment, if there is an attachment.

    If a required field is missing, the interface tab is highlighted to indicate there is an error.

Configure the Management Interface

To configure the Edge Transit Gateway Management interface:

  1. In Interface Configuration, click MGMT > + MGMT Interface.

  2. Leave the default settings and click Save.

    Leave the Private Network setting to Off. In Megaport, the MGMT interface of the Edge Transit Gateway is assigned the public IP address that is allocated by Megaport.

    If a required field is missing, the interface tab is highlighted to indicate there is an error.

  3. Click Next to view the interface mapping.

Step 3: Interface Mapping

The Interface Mapping shows how the Edge Gateway’s logical interface names maps to the Edge Gateway’s Linux interface names. These interface names are used in the Aviatrx log files and error messages. The mapping is provided for your reference when performing any diagnostic or troubleshooting on the Aviatrix Platform.

Field

Description

Interface

The Edge Gateway’s logical interface name.

Primary Gateway Ethernet Interface

The primary Edge Gateway’s Linux interface name.

Secondary Gateway Ethernet Interface

The secondary (HA) Edge Gateway’s Linux interface name.

The secondary gateway interface mappings are shown only when high availability is configured for the primary Edge Gateway.

Click Done to create the ZTP cloud-init image file. CoPilot downloads the ZTP cloud-init file to your downloads folder.

The cloud-init file is valid for 24 hours after you create it, so you must launch an Edge VM and deploy the Edge Gateway on your Equinix platform within that time. You will not be able to download the cloud-init file again and will have to recreate a new file.

Step 4: Deploy the Edge Transit Gateway in Megaport Virtual Edge

See, Launching the Edge Gateway in Megaport Virtual Edge.

Step 5: Verify the Edge Transit Gateway Creation

See, Verifying the Edge Gateway Creation.

Next, create the secondary HA Edge Transit Gateway.

Creating the ZTP Cloud-Init for the Secondary Edge Transit Gateway (Megaport)

  • Before you can create the secondary highly available (HA) Edge Gateway, the primary Edge Gateway must be deployed, and its status must be Up.

  • When creating the HA Edge Gateway, the primary Edge Gateway cannot have BGP underlay or BGP over LAN external connections. This does not apply when multiple Edge Gateways are created on the same site without HA configuration.

  • Edge Transit Gateway high availability on the Megaport platform is supported on the latest Aviatrix Controller release version.

To create the secondary HA Edge Transit Gateway, first you need to set the high availability mode for the primary Edge Transit Gateway, then configure the secondary HA gateway settings. The workflow below guides you through these steps.

Step1: Set the Primary Edge Gateway High Availability Mode

  1. In CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.

  2. Click Transit Gateways.

  3. In the table, locate the primary Edge Transit Gateway for which you want to create the HA gateway and click its Edit icon.

  4. In Gateway Configuration, from the High Availability dropdown menu, select Active-Active mode.

  5. Click Next and configure the gateway interfaces.

Step 2: Configure the Secondary Edge Gateway Interfaces

In Interface Configuration, configure the WAN and Management interfaces for the secondary Edge Gateway.

Configure the WAN Interfaces

To configure the secondary Edge Gateway’s WAN interfaces:

  1. In Interface Configuration, provide the following information.

    Field

    Description

    Interface Labels

    Name to identify the WAN interface.

    BGP

    Enables BGP underlay connection to cloud service provider (CSP) on the WAN interface.

    Set BGP toggle On to set up BGP connection to cloud routers such as VGW, VNG, and Google cloud router.

    Edge Gateway WAN support for BGP underlay to CSP is supported for AWS, Azure, and GCP.

    Interface Primary CIDR

    The CIDR for the WAN interface.

    Interface CIDR must be in the format interface_ip/netmask (for example, 192.18.20.1/24).

    Interface CIDR cannot be link-local CIDR.

    If you need to create a BGP underlay connection to cloud service provider (CSP) with a link-local IP address, you must enter the link-local IP address in the Link-local Underlay CIDR setting of the WAN interface.

    Interface Secondary CIDRs

    The secondary CIDRs for the WAN interface.

    Interface CIDR must be in the format interface_ip/netmask (for example, 192.18.20.1/24).

    The secondary CIDRs are used for High Performance Encryption (HPE) attachment peering connections over a private network between the Edge Transit Gateway to another Edge Transit Gateway or Edge Spoke Gateway. The secondary IP addresses (based on the secondary CIDRs) are automatically assigned to create the peering connections. You can define /32 CIDR for specific secondary IP address.

    Secondary CIDR cannot be link-local CIDR.

    Default Gateway IP

    The Default Gateway IP address for the WAN interface.

  2. If BGP is turned On, provide the following information:

    Field

    Description

    Local ASN

    The Local AS Number of the Edge Gateway.

    Remote ASN

    The AS Number of the CSP side peering connection such as private VIF on VGW (AWS) and VNG ASN (Azure).

    Local LAN IP

    The IP address of the Edge Gateway. This is the local peering PTP IP for BGP.

    Remote LAN IP

    The IP address of the CSP VNG or VGW peering PTP IP. (GCP is not supported).

    Password (optional)

    The MD5 authentication key.

Configure the Management Interface

To configure the secondary Edge Transit Gateway Management interface:

  1. In Interface Configuration, click MGMT.

  2. Leave the default settings and click Next.

    Leave the Private Network setting to Off. In Megaport, the MGMT interface of the Edge Transit Gateway is assigned the public IP address that is allocated by Megaport.

    If a required field is missing, the interface tab is highlighted to indicate there is an error.

  3. Click Next to view the interface mapping.

Step 3: Interface Mapping

The Interface Mapping shows how the Edge Gateway’s logical interface names maps to the Edge Gateway’s Linux interface names. These interface names are used in the Aviatrx log files and error messages. The mapping is provided for your reference when performing any diagnostic or troubleshooting on the Aviatrix Platform.

Field

Description

Interface

The Edge Gateway’s logical interface name.

Primary Gateway Ethernet Interface

The primary Edge Gateway’s Linux interface name.

Secondary Gateway Ethernet Interface

The secondary (HA) Edge Gateway’s Linux interface name.

The secondary gateway interface mappings are shown only when high availability is configured for the primary Edge Gateway.

  1. In Backup Peering:

    1. Select a WAN interface to use to establish the attachment peering between the primary and HA Edge Transit Gateway.

    2. Select whether the attachment is over a Private Network or Public Network.

  2. Click Done to create the ZTP cloud-init image file. CoPilot downloads the ZTP cloud-init file to your downloads folder.

The cloud-init file is valid for 24 hours after you create it, so you must launch an Edge VM and deploy the Edge Gateway on your Megaport platform within that time. You will not be able to download the cloud-init file again and will have to recreate a new file.

Step 4: Deploy the Edge Gateway in Megaport

See, Launching the Edge Gateway in Megaport Virtual Edge.

Step 5: Verify the Edge Gateway Creation

See, Verifying the Edge Gateway Creation.

Next, attach the Edge Transit Gateway to the Transit Gateway.

Creating an Edge Transit Gateway to Transit Gateway Attachment

  • To create a High Performance Encryption (HPE) attachment, make sure the Transit Gateway in the cloud is created with HPE enabled.

  • If you want to use Jumbo Frames for the attachment, make sure to enable Jumbo Frames on the Edge Transit Gateway and the Transit Gateway in the cloud before you create the attachment.

To attach an Edge Transit Gateway to a Transit Gateway in the cloud:

  1. In Aviatrix CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways > Transit Gateways tab.

  2. Locate the Edge Transit Gateway to which you want to attach the Transit Gateway, then click the Manage Gateway Attachments icon on the right side of the row.

  3. In Manage Gateway Attachments > Transit Gateway tab, click + Attachment and provide the following information.

    Field

    Description

    Transit Gateway

    From the dropdown menu, select the Transit Gateway you want to attach to the Edge Transit Gateway.

    Local Edge Gateway Interface

    From the dropdown menu, select the WAN interface of the local Edge Gateway.

    Attach Over

    From the dropdown menu, select whether the connection between the Edge Gateways is over a Private Network or the Public Network.

    Jumbo Frame

    If you want to use Jumbo Frames for the connection between the Edge Gateways, set Jumbo Frame toggle to On.

    Jumbo Frame option is applicable when the attachment is over a private network.

    High Performance Encryption

    If you want to enable High Performance Encryption (HPE) for the connection between the Edge Gateways, set High Performance Encryption toggle to On.

    Number of Tunnels

    From the dropdown menu, select the number of HPE tunnels to create.

    • Max Tunnels creates the maximum tunnels based on the gateway sizes and the number of interface IPs on the peering gateway.

      This option is available only for connection over a private network.

    • Custom allows you to specify the number of tunnels to create.

    Excluded Network CIDRs

    If you want to exclude CIDRs from the local Edge Gateway from being propagated to the remote Edge Gateway, set Excluded Network CIDRs toggle to On.

    In Excluded Network CIDRs field, enter the CIDRs to be excluded.

  4. To attach the Edge Transit Gateway to another Transit Gateway, click + Attachment again and provide the required information.

    You can attach an Edge Transit Gateway to multiple Transit Gateways. Each attachment can be configured with different parameters, such as connecting WAN interfaces, connection over private or public networks, and enabling high-performance encryption.

  5. Click Save.

Creating an Edge Transit Gateway to Edge Spoke Gateway Attachment

If you want to use Jumbo Frames for the attachment peering connection between the Edge Gateways, make sure to enable Jumbo Frames on the Edge Gateways before you create the attachment.

To attach an Edge Transit Gateway to an Edge Spoke Gateway:

  1. In Aviatrix CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways > Transit Gateways tab.

  2. Locate the Edge Transit Gateway to which you want to attach the Edge Spoke Gateway, then click the Manage Gateway Attachments icon on the right side of the row.

  3. In Manage Gateway Attachments > Spoke Gateway tab, click + Attachment and provide the following information.

    Field

    Description

    Spoke Gateway

    From the dropdown menu, select the Edge Spoke Gateway you want to attach to the Edge Transit Gateway.

    Local Edge Gateway Interface

    From the dropdown menu, select the WAN interface of the local Edge Gateway.

    Remote Edge Gateway Interface

    From the dropdown menu, select the WAN interface of the remote Edge Gateway you want to attach.

    Attach Over

    From the dropdown menu, select whether the connection between the Edge Gateways is over a Private Network or the Public Network.

    • On the Aviatrix Edge Platform (AEP), Edge Transit Gateway to Edge Spoke Gateway peering for high performance encryption over private and public networks is supported.

    • On the Equinix and Megaport platforms, Edge Transit Gateway to Edge Spoke Gateway peering for high performance encryption is supported over private networks only.

    • Regular encryption is supported over both private and public networks for all environments.

    Jumbo Frame

    If you want to use Jumbo Frames for the connection between the Edge Gateways, set Jumbo Frame toggle to On.

    Jumbo Frame option is applicable when the attachment is over a private network.

    High Performance Encryption

    If you want to enable High Performance Encryption (HPE) for the connection between the Edge Gateways, set High Performance Encryption toggle to On.

    Number of Tunnels

    From the dropdown menu, select the number of HPE tunnels to create.

    • Max Tunnels creates the maximum tunnels based on the gateway sizes and the number of interface IPs on the peering gateway.

      This option is available only for connection over a private network.

    • Custom allows you to specify the number of tunnels to create.

  4. To attach the Edge Transit Gateway to another Edge Spoke Gateway, click + Attachment again and provide the required information.

    You can attach an Edge Transit Gateway to multiple Edge Spoke Gateways. Each attachment can be configured with different parameters, such as connecting WAN interfaces, connection over private or public networks, and enabling high-performance encryption.

  5. Click Save.

Connecting the Edge Gateway to an External Device (BGP over LAN)

For LAN-side connectivity, you can connect the Edge Spoke Gateway to an external device, such as a LAN BGP router.

To connect the Edge Gateway to the LAN BGP router, follow these steps.

  1. In CoPilot, navigate to Networking > Connectivity > External Connections (S2C) tab.

  2. Click + External Connection, then provide the following information.

    Parameter Description

    Name

    Name to identify the connection to the LAN router.

    Connect Local Gateway To

    Select External Device radio button, then from the dropdown menu, select BGP over LAN.

    Local Gateway

    The Edge Gateway that you want to connect to the LAN router.

    Local ASN

    The Local AS number that the Edge Gateway will use to exchange routes with the LAN router.

    This is automatically populated if the Edge Gateway is assigned an ASN already.

    Remote ASN

    The BGP AS number that is configured on the LAN router.

  3. Click + Connection and provide the following information.

    Parameter Description

    Remote LAN IP

    The IP address for the LAN router.

    Local LAN IP

    The Edge Gateway’s WAN interface primary IP address.
    edge external connection

  4. Click Save.