May 26, 2018 at 1:41 pm #100034462
We have setup a direct connect using the AWS partner MegaPort for a public connection in order to push data into our S3 buckets.
We setup the connection with MegaPort which automatically provisioned the Direct Connect within AWS. We have configured our firewall with BGP information and the public IP that AWS provided, however we are not able to see any ARP entries. We are also not able to ping the public IP for AWS. We have gone over the config and everything looks fine, however we are still not able to get connectivity between AWS and our site.
AWS gave us 2 public /31 addresses for this connection.
We are using a private ASN instead of a public which from the direct connect user guide says should be ok.
We have confirmed that the bgp auth key is correct.
Not sure where to go from here.
Any help would be appreciated.May 26, 2018 at 1:42 pm #100034463
I noticed that you have one public virtual interface in your account in us-east-1 region. The BGP neighborship between the peers for the public VIF is established (since 3d 3:04:19).
Do you still experience any issue? If yes, please let us know.
MelissaMay 26, 2018 at 1:42 pm #100034464
I have the same issue here, don’t know if this is resolved?
Currently, we have 1 direct connect setup through Megaport, in that direct connect we have 2 VIFs, 1 private and 1 public. The private is up and running fine for my VPC traffic (EC2, RDS, etc.). The problem we have is with public VIF (which we plan to use for S3 traffic), it was successful configured with information provided by Amazon (2 IP addresses /31), stand on router, we can ping S3 objects and traceroute result shown that the traffic is going through Direct Connect.
However, standing on servers within my internal network, we could not reach S3 objects, as support from Amazon, they requires us to NAT our internal network to the BGP peer IP which I have no idea how to do it, anyone have experience about this please kindly show me the way. Great appreciate that!May 26, 2018 at 1:43 pm #100034465
What is your device ?
For you to be able to reach Public Services from your inside LAN, you need to NAT all egress traffic through the virtual interface with the public VIF IP address on your side.May 26, 2018 at 1:44 pm #100034466
I’m using Cisco Catalyst 3650 IP Base, but looks like this device does not support NAT.May 26, 2018 at 1:44 pm #100034467
Nat is not an option on that platform. It’s not supported.
You would need a router in order to do NATMay 26, 2018 at 1:44 pm #100034468
Thanks Mike Stephen.
I’m planning to implement a router in front of the L3 switch, but not sure if the router will automatically distributes those S3 routes to L3 switch? Should they have BGP up and run between L3 switch and the router? Thanks!
You must be logged in to reply to this topic.