Link the public cloud to other products via a public cloud docking subnet with the addition of a subnet on the client Edge router and BGP session setup
With the Selectel Global Router, you can link the public cloud with other Selectel products that can be connected to the Global Router, see the Selectel Global Router Service General Information instructions for more information.
There are several scenarios to configure connectivity, see the instructions Ways to connect a public cloud to a global router for other scenarios.
Customization Description
At your request, we will create a docking private subnet in the public cloud, which will not be visible in the list of networks in the virtual data center. Using the docking subnet, we will connect your (client) Edge router to a Service Edge router managed by Selectel. The gateway will be the service Edge router. On the client Edge router you will be able to configure NAT, Firewall and other features, more details in the Edge router instructions. You will define the network addressing and addresses for the Edge routers yourself and specify them in the ticket to create a docking private subnet.
A BGP session is established between the server and client Edge routers: you configure the BGP settings on the client Edge router side, and we perform the configuration on the service Edge router side.
For each subnet communicating with the global router, you configure route redistribution on the client Edge router. The route exchange between the client Edge router and the global router will be performed automatically through the service Edge router.
You will be able to connect virtual machines to the subnets added to the Edge router and they will use the address of the Edge client router as their gateway.
What you need to customize
You can use any infrastructure that you want to link to the public cloud via a global router for configuration.The infrastructure elements and its network settings are shown for example.
Customization result
In the example, the dedicated server, cloud server, and public cloud subnets will be connected through a global router using a public cloud docking network.
Customization steps
- Create a global router.
- Connect the subnets of the dedicated server and cloud platform to a global router.
- Create a docking subnet to communicate with the global router.
- Configure BGP.
- Configure Route Redistribution on the Edge router.
- Check the Firewall settings on the client Edge router.
- Write static routes on dedicated and cloud servers.
1. Create a global router
Use the instructions Create a global router.
2. Connect the subnets of the dedicated server and cloud platform to the global router
To connect the dedicated server subnet ( 192.168.0.0/24 in the example) and the cloud platform subnet ( 192.168.1.0/24 in the example ) to a global router, use the Connect Networks and Subnets to a Global Router section of the Connecting Products and Services through a Global Router instructions.
3. Create a docking subnet to communicate with the global router
-
Create a ticket requesting the creation of a public cloud docking private subnet that will connect the service Edge router to the client Edge router. In the ticket, specify:
-
The way to connect the public cloud to a global router is the third way;
-
virtual data center name, can be viewed in the Control Panel under VMware-based Cloud → Virtual Data Centers → Virtual Data Center Card;
-
the desired CIDR of the subnet — in the example
10.0.0.0.0/29; -
desired subnet gateway, this address will be assigned to the Service Edge router — in the example
10.0.0.1; -
Global router ID, can be viewed in the control panel under Network Services → Selectel Global Router → router page → router page → field under router name;
-
name of the client Edge router, can be viewed in the Control Panel under VMware-based Cloud → Virtual Data Centers → Virtual Data Center page → Edge routers tab;
-
the desired IP address for the Edge client router from the docking subnet — in the example
10.0.0.2; -
the desired Autonomous System Number (ASN) for the client Edge router;
-
optional: additional session parameters. If they are not specified, the default values are used:
- Weight — 60;
- Keep Alive Time (Seconds) — 5;
- Hold Down Time (Seconds) — 15.
-
-
We will create a subnet and report it in the ticket.
4. Configure BGP
- From the Control Panel, open the Cloud Director panel: from the top menu, click Products → VMware-based Cloud → Cloud Director.
- Go to Networking → Edge Gateways.
- Open your Edge router's page.
- Press SERVICES.
- Open the Routing → Routing Configuration tab.
- In the DYNAMIC ROUTING CONFIGURATION block, in the Router ID field, select one of the Edge router interfaces.
- Click Save changes.
- Open the Routing → BGP tab.
- Enable the Enable BGP toggle switch.
- In the Local AS field, enter your AS number.
- In the Neighbors block, press +.
- In the IP Address field, enter the address of the service Edge router — in the example
10.0.0.1 - In the Remote AS field, enter the ASN value we sent in the ticket.
- In the Weight field, enter 60 or the value you specified on the ticket.
- In the Keep Alive Time field, enter 5 or the value you specified in the ticket.
- In the Hold Down Time field, enter 15 or the value you specified in the ticket.
- Turn on the Remove Private AS toggle switch.
- Optional: To restrict route reception and transmission, configure BGP filters in the BGP Filters block.
- Press KEEP.
5. Configure route redistribution
- From the Control Panel, open the Cloud Director panel: from the top menu, click Products → VMware-based Cloud → Cloud Director.
- Go to Networking → Edge Gateways.
- Open the Edge router client page.
- Press SERVICES.
- Open the Routing → Route Redistribution tab.
- Turn on the BGP Status toggle switch.
- In the Ip Prefixes block, click + and add the public cloud subnet you are associating with the global router — in the example
192.168.2.0/24 - Press KEEP.
- Repeat steps 7-8 for all public cloud networks you want to associate with the global router.
- In the Route Redistribution Table block, click +.
- In the Prefix Name field, select Ip Prefix — the public cloud subnet for which the authorizing rule will be configured.
- In the Learner Protocol field, select BGP.
- In the Allow learning from field, check the Connected checkbox.
- In the Action field, select Permit.
- Press KEEP.
- Repeat steps 10-15 for all Ip Prefixes.
- In the Route Redistribution Table block, click +.
- In the Prefix Name field, select Any.
- In the Learner Protocol field, select
BGP. - In the Allow learning from field, check the OSPF, Static Routes, Connected checkboxes.
- In the Action field, select Deny.
- Press KEEP.
- Click Save changes.
- Make sure that the Deny Deny rule is added last in the list.
6. Check the Firewall settings
Ensure that the Firewall settings on your Edge router allow the necessary traffic between the public cloud subnets and the subnets connected to the global router.
7. Prescribe static routes on dedicated and cloud servers
If the global router is used as the default gateway on the cloud and dedicated servers, you do not need to specify routes.
If not, on the cloud and dedicated servers that are connected to the global router, write static routes:
-
specify the CIDR of the new public cloud subnet as the destination subnet — in the example
192.168.2.0.0/24; -
as gateway, specify the address from the subnet to which the corresponding server is added and which is used as the gateway of the global router, in the example:
- for a dedicated server —
192.168.0.1; - for the cloud server —
192.168.1.1.
- for a dedicated server —