Direct connect connection through partner MegaPort

Home Community Forums Amazon Web Services Certifications AWS Certified Advanced Networking โ€“ Specialty Direct connect connection through partner MegaPort

This topic contains 6 replies, has 4 voices, and was last updated by Mathew George Saim Qadeer 5 months, 4 weeks ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #100034462
    Mathew George
    Mathew George
    Participant

    Good morning,
    We have setup a direct connect using the AWS partner MegaPort for a public connection in order to push data into our S3 buckets.

    We setup the connection with MegaPort which automatically provisioned the Direct Connect within AWS. We have configured our firewall with BGP information and the public IP that AWS provided, however we are not able to see any ARP entries. We are also not able to ping the public IP for AWS. We have gone over the config and everything looks fine, however we are still not able to get connectivity between AWS and our site.

    AWS gave us 2 public /31 addresses for this connection.
    We are using a private ASN instead of a public which from the direct connect user guide says should be ok.
    We have confirmed that the bgp auth key is correct.

    Not sure where to go from here.

    Any help would be appreciated.

    #100034463
    Melissa Stephen
    Melissa Stephen
    Participant

    Hello,

    I noticed that you have one public virtual interface in your account in us-east-1 region. The BGP neighborship between the peers for the public VIF is established (since 3d 3:04:19).

    Do you still experience any issue? If yes, please let us know.

    Thanks,
    Melissa

    #100034464
    Saim Qadeer
    Saim Qadeer
    Participant

    Hello,

    I have the same issue here, don’t know if this is resolved?
    Currently, we have 1 direct connect setup through Megaport, in that direct connect we have 2 VIFs, 1 private and 1 public. The private is up and running fine for my VPC traffic (EC2, RDS, etc.). The problem we have is with public VIF (which we plan to use for S3 traffic), it was successful configured with information provided by Amazon (2 IP addresses /31), stand on router, we can ping S3 objects and traceroute result shown that the traffic is going through Direct Connect.

    However, standing on servers within my internal network, we could not reach S3 objects, as support from Amazon, they requires us to NAT our internal network to the BGP peer IP which I have no idea how to do it, anyone have experience about this please kindly show me the way. Great appreciate that!

    #100034465
    Mike Stephen
    Mike Stephen
    Participant

    What is your device ?

    For you to be able to reach Public Services from your inside LAN, you need to NAT all egress traffic through the virtual interface with the public VIF IP address on your side.

    #100034466
    Saim Qadeer
    Saim Qadeer
    Participant

    I’m using Cisco Catalyst 3650 IP Base, but looks like this device does not support NAT.

    #100034467
    Mike Stephen
    Mike Stephen
    Participant

    Nat is not an option on that platform. It’s not supported.
    You would need a router in order to do NAT

    #100034468
    Saim Qadeer
    Saim Qadeer
    Participant

    Thanks Mike Stephen.
    I’m planning to implement a router in front of the L3 switch, but not sure if the router will automatically distributes those S3 routes to L3 switch? Should they have BGP up and run between L3 switch and the router? Thanks!

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

Translate ยป