Prerequisites

To connect to AWS, you must have:

  • A Pureport Account with permissions to create Networks and Connections
  • An AWS Direct Connect Gateway configured with the Amazon ASN set to either the AWS default of 64512 or to another ASN that you have documented.
  • Access to your AWS Account(s) via the AWS Console. 

    Note: If you are using an IAM account or Role, ensure you have the necessary permissions granted.


Log into AWS Console and find your AWS Account ID

To locate your AWS Account ID, access AWS Management Console Support Center (https://console.aws.amazon.com/support).


Your Account number is locate at the top of the page:



Create an AWS DirectConnect connection in the Pureport Console

To create a new connection:

  1. Login to the Pureport Console using an account with an appropriate Role.
    At a minimum you will need the Create and Update permissions for Networks. For more information on Roles, see the Accounts, Members and Roles article.

  2. In the left navigation bar, select the Networks tab.
     
  3. On the Networks screen, select the network to add the connection to AWS.
    Note: To create a new network for this connection, see the Creating a Network article.

  4. Select Add Connection... at the top-right of the console, or click a location on the network map.

  5. In the Type drop-down list, select AWS Direct Connect as the connection type, then click Next.


  6. Next, select the Pureport location you want to connect from:
  7. Select the AWS region you would want to connect to, and click Next. Note that only AWS Regions that are directly accessible from the Pureport POP you selected are available. This is typically limited to a single AWS region.
    Be aware that connecting to a Direct Connect Gateway allows you to connect from any Pureport POP to any AWS Region, and connecting to Regions in the same geopolitical region (eg: North America) can be done at no additional cost with the Direct Connect Gateway.
  8. Select a Peering Type. For via a Direct Connect Gateway, choose Private or, if you're also using Transit Gateway, Transit.. Refer to the article on Creating an AWS Public VIF for more info on the Public option.

  9. Select the Speed & Availability of the connection. Note that Pureport's connection SLAs only apply to when HA is selected.
  10. Enter your AWS Account ID, and click Next.
     
  11. In the BGP Ssettings section, enter the default ASN (autonomous system number) used by AWS, 64512 then click Next.
    Note: If you used a custom ASN when you created the VGW in the AWS Console, you will need to enter the value you used here.
  12. Optionally add any CIDR networks you may be connecting. Note, these are only used when subsequently connecting a policy-based VPN to your Pureport network OR when configuring NAT on the connection and are otherwise completely optional. Click Next when finished.
  13. You may also enable and configure Cloud Grade NAT if desired, as detailed in the Cloud Grade NAT knowledge-base article. Then click Next.
  14. Enter a meaningful Name and Description, then click Add Connection.
  15. After saving the Connection, the system displays the Primary and Secondary Gateway information:connection.
  16. Record the following information from the Primary and Secondary Gateways in the new connection (you can use the copy icon to the right of each item to ensure an exact copy to the clipboard):
    • Pureport ASN
    • Pureport IP
    • Remote IP
    • BGP Password


You will need this information later.


Accept the Hosted Connection in the AWS Console

After creating the new Connection, use this procedure to accept the Connection in the AWS Console. See "Accepting a Hosted Connection" in the AWS Direct Connect User Guide for details. 


  1. In the Purport Console, you will be presented with a Post-Configuration screen with details about the connection next steps once the connection to AWS has been provisioned.

  2. To create Accept each of the connections, Click on the "Via the AWS Console" drop box (Via the AWS CLI can also be used if you are leveraging the CLI to manage your cloud environment.  This option will produce the CLI command to accept each of the provisioned connections).

  3. Click on each of the Blue boxes, a new window will open to AWS directly to the associated connection with all values pre-populated.  Simply click accept in the AWS screen to accept the connection and close the new window.

  4. Repeat steps 2 & 3 to accept the second connection.  Optionally, if you do not wish to leverage the links through the Pureport console, the following steps can be taken via the AWS console to complete the acceptance.
  5. Click Next to start creating the Virtual Interface.


Note:  The following steps are only needed if not using the Connection Acceptance steps via the Pureport console as mentioned above.


  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.
    If necessary, change the Region in the navigation bar.

  2. In the navigation pane, choose Connections.

  3. On the Connections page are the two connections you created: Primary and Secondary. These connections are named the same as the connections you created in the Pureport Console. Both in the ordering state.
    Note: If you are not using an HA connection, there is only a Primary connection. 

  4. Select the Primary hosted connection and choose Accept.
  5. Select Confirm in the confirmation window.

Repeat steps 4 and 5 for the Secondary connection.


Create a Direct Connect Gateway

If you have not already created a Direct Connect gateway, you will need to create one to proceed with the Private Virtual interface creation. If you already have a Direct Connect gateway you will terminate this Direct Connect circuit on, you may skip this step.


  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.
  2. In the navigation pane, choose Direct Connect gateways.
  3. Choose Create Direct Connect gateway.  The Direct connect gateway creation page appears.
  4. Enter the Name you wish for your Direct Connect gateway under the Name section.
  5. Enter the Amazon Side ASN using Amazon's ASN number 64512 or another ASN if you so desire.


Create a Private Virtual Interface

  1. Now that the connections have been created, you will be presented with the steps to create your Virtual Interfaces for your new connections in the Pureport Console.
  2. You will be presented with an option to create your connection using a Direct Connect Gateway (AWS best practice) or via a Virtual Private Gateway.  Simply select the radio button for Direct Connect Gateway and enter in the associated AWS Direct Connect Gateway ID.
  3. Expand the "Via the AWS Console" drop down box and click on each of the buttons to create your Virtual Interface. This will open a new window with the AWS console pre-populated with the necessary settings to create your virtual interface.

  4. Review the settings in the AWS console and click "create virtual interface".  You may need to scroll to the top of the AWS console for a successful creation notice.

    Note:  It can take up to five minutes for the connection acceptance to process in AWS.  If you receive an error at this point, ensure that enough time has elapsed for the connection acceptance to be processed.

  5. Repeat steps 3 & 4 to create a VIF for the secondary connection.

If you do not wish to leverage the above steps, your connection can be manually created in the AWS console by following the below steps. 

The following steps can be skipped (go to the Create a Virtual Private Gateway (VGW) and Attach it to your VPC

section) if you have already completed the VIF creation above.

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.

  2. In the navigation pane, choose Connections.

  3. Select the Primary connection and choose Create Virtual Interface. The Create a Virtual Interface page appears.

  4. At the top of the page, select Private.

  5. In the Private Virtual Interface settings area:

    • Virtual Interface Name: Enter a name for the virtual interface.

    • Virtual Interface Owner: Select My AWS Account if the virtual interface is for your AWS account.

  6. In the Gateway type area:
    • Connection To: Select Direct Connect Gateway

    • Direct Connect Gateway: Select the your direct connect gateway.

  7. In the VLAN area:

    • VLAN: The ID is automatically set to match the Gateway VLAN in the Pureport Console and SHOULD NOT be changed.

  8. In the BGP area:

  9. Expand the Additional Settings area:
    • Address family: Select IPv4. Pureport only supports IPv4 at this time.

    • Your router peer IP: Enter the value of the Pureport IP in CIDR format from Creating a Connection.

    • Amazon router peer IP: Enter the value of the Remote IP in CIDR format from Creating a Connection.

    • BGP Authentication Key: Enter the BGP Password from Creating a Connection.

  10. Select Continue.

Repeat this process for the Secondary connection.



Create a Virtual Private Gateway (VGW) and Attach it to your VPC

If your VPC does not already have a Virtual Private Gateway (VGW) configured, you will need to configure one now to proceed in the setup. Please note your VPC can only be attached to one VGW at a time.


  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.
  2. In the navigation pane, choose Virtual Private gateways.
  3. Choose Create virtual private gateway.  The Virtual Private Gateway creation page appears.
  4. Enter a Name Tag of your choosing and select the Amazon Default ASN radio button
  5. Select Create Virtual Private Gateway to create the VGW
  6. Select the VGW that was just created and choose Actions
  7. Select Attach to VPC. The Attach to VPC page appears.
  8. Select the VPC you wish to attache the VGW too and select Yes, Attach


Associate the Direct Connect Gateway (DCG) to the Virtual Private Gateway (VGW)

The already created Direct Connect Gateway and Virtual Private Gateway will now need to be associated to allow for communication.

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.
  2. In the navigation pane, choose Direct Connect gateways.
  3. Select your already created Direct Connect Gateway from the list by clicking on it's ID. The General configuration page will load.
  4. Navigate to the Gateway associations tab and click on Associate gateway. The Associate Gateway screen will load.
  5. Select the VGW you have created and attached to your VPC from the Gateways drop-down. You can optionally add allowed prefixes here, however most use cases do not require this and can leave this section blank.
  6. Select Associate gateway.

VPC Route Propagation

If you have not already done so, you will need to enable route propagation at the VPC level in order for your VPC(s) to announce and learn routes via BGP. Given that you are using the Direct Connect Gateway, you will need to do this for each VPC Route Table that belongs to a VPC that is associated to the Direct Connect Gateway.


In the AWS Console, open the VPC dashboard, click on Route Tables and select the route table which corresponds to your VPC, then click on Route Propagation to determine whether propagation is enabled:

 

If propagation is set to No, click the Edit route propagation button to change the setting: