Prerequisites

To connect to AWS, you must have:

  • A Pureport Account with permissions to create Networks and Connections
  • An AWS Direct Connect Gateway configured with the Amazon ASN set as 64512.
  • Access to your AWS Account(s) via the AWS Console. 

    Note: If you are using an IAM account or Role, ensure you have the necessary permissions granted.


Log into AWS Console and find your AWS Account ID

To locate your AWS Account ID, access AWS Management Console Support Center (https://console.aws.amazon.com/support).


Your Account number is locate at the top of the page:




Create an AWS DirectConnect connection in the Pureport Console

To create a new connection:

  1. Login to the Pureport Console using an account with an appropriate Role.
    At a minimum you will need the Create and Update permissions for Networks. For more information on Roles, see the Accounts, Members and Roles article.  

  2. In the left navigation bar, select the Networks tab.
     
  3. On the Networks screen, select the network to add the connection to AWS.
    Note: To create a new network for this connection, see the Creating a Network article.

  4. Select Add Connection... at the top-right of the console, or  click a location on the network map.

  5. In the New Connection window, select AWS Direct Connect as the connection type, then click Next.

  6. Select the AWS Cloud Region for the connection, then click Next.

  7. Select the Pureport location you would like this connection to be created, and click Next. Note that only Pureport locations with direct access to the chose AWS Region will be selectable.

  8. Select a Peering Type. For VPC Connectivity via a VGW or Direct Connect Gateway, choose Private. Refer to the article on Creating an AWS Public VIF for more info on the Public option.

  9. Select the Speed of the connection. By default redundant, HA connections will be created according to AWS best practices. Uncheck this box if you do not wish to have a High Availability connection. Note that Pureport's connection SLAs only apply to when HA is enabled.

  10. Enter your AWS Account ID, and click Next.
     
  11. In the BGP Settings section, enter the default ASN (autonomous system number) used by AWS, 64512 then click Next.
    Note: If you used a custom ASN when you created the VGW in the AWS Console, you will need to enter the value you used here.

  12. Optionally add any CIDR networks you may be connecting. Note, these are only used when subsequently connecting a policy-based VPN to your Pureport network and are completely optional. Click Next when finished.

  13. You may also enable and configure Cloud Grade NAT if desired, as detailed in the Cloud Grade NAT knowledge-base article. Then click Next.

  14. Enter a meaningful Name and Description, then click Add Connection.

  15. After saving the Connection, the system displays the Primary and Secondary Gateway information:connection.
  16. Record the following information from the Primary and Secondary Gateways in the new connection (you can use the copy icon to the right of each item to ensure an exact copy to the clipboard):
    • Pureport IP
    • Pureport ASN
    • Remote IP
    • BGP Password

You will need this information in order to accept the connection and complete the steps in the AWS console.


Accept the Hosted Connection in the AWS Console

After creating the new Connection, use this procedure to accept the Connection in the AWS Console. See "Accepting a Hosted Connection" in the AWS Direct Connect User Guide for details. 

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.
    If necessary, change the Region in the navigation bar.

  2. In the navigation pane, choose Connections.

  3. You will see two connections, a Primary and Secondary. Both in pending acceptance state.
    If you are not using an HA connection, there is only a Primary connection.

  4. Select the Primary connection.

  5. Select the confirmation check box and choose Accept Connection.

  6. Select the Secondary connection

  7. Select the confirmation check box and choose Accept Connection.



Create a Private Virtual Interface

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. In the navigation pane, choose Connections.

  3. Select the Primary connection and choose Actions > Create Virtual Interface. The Create a Virtual Interface page appears.

  4. At the top of the page, select Private.
     

  5. In the Define Your Private Virtual Interface area:

    • Virtual Interface Name: Enter a name for the virtual interface.

    • Virtual Interface Owner: Select My AWS Account if the virtual interface is for your AWS account.
       

  6. In the Gateway area:

    • Connection To: Select Direct Connect Gateway

    • Direct Connect Gateway: Select the you your direct connect gateway.

  7. In the VLAN area:

    • VLAN: The ID is already set and cannot be changed.

    • Address family: Select IPv4. Pureport only supports IPv4 at this time.

    • Auto-generate peer IPs: Unselect this field.

    • Your router peer IP: Enter the value of the Pureport IP in CIDR format from Creating a Connection.

    • Amazon router peer IP: Enter the value of the Remote IP in CIDR format from Creating a Connection.

  8. In the BGP area:

  9. Select Continue.

Repeat this process for the Secondary connection.


VPC Route Propagation

If you have not already done so, you will need to enable route propagation at the VPC level in order for your VPC(s) to announce and learn routes via BGP. Given that you are using the Direct Connect Gateway, you will need to do this for each VPC that is attached to the Direct Connect Gateway.


In the AWS Console, open the VPC dashboard, click on Route Tables and select the route table which corresponds to your VPC, then click on Route Propagation to determine whether propagation is enabled:

 

If propagation is set to No, click the Edit route propagation button to change the setting: