Link the public cloud to other products via a public cloud docking subnet with the addition of a subnet on the client Edge router and BGP session setup
With the help of global router Selectel can link the public cloud with other Selectel products that can be connected to a global router, more details in the instructions General information about Selectel Global Router service.
You can customize cohesion in several scenarios, see the instructions for other scenarios Ways to connect a public cloud to a global router.
Customization Description
At your request, we will create a docking private subnet in the public cloud, which will not be visible in the list of networks in the virtual data center. Using the docking subnet, we will connect your (client) Edge router to a Service Edge router managed by Selectel. The gateway will be the service Edge router. On the client Edge router you will be able to configure NAT, Firewall and other features, see the instructions for more details Edge routers. You will define the network address and addresses for the Edge routers yourself and report them in the ticket to create a docked private subnet.
A BGP session is established between the server and client Edge routers: you configure the BGP settings on the client Edge router side, and we perform the configuration on the service Edge router side.
For each subnet communicating with the global router, you configure route redistribution on the client Edge router. The route exchange between the client Edge router and the global router will be performed automatically through the service Edge router.
You will be able to connect virtual machines to the subnets added to the Edge router and they will use the address of the Edge client router as their gateway.
What you need to customize
You can use any infrastructure that you want to connect to the public cloud via a global router for configuration. The infrastructure elements and its network settings are shown as an example.
Customization result
In the example, the dedicated server, cloud server, and public cloud subnets will be connected through a global router using a public cloud docking network.
Customization steps
- Create a global router.
- Connect the subnets of the dedicated server and cloud platform to a global router.
- Create a docking subnet to communicate with the global router.
- Configure BGP.
- Configure Route Redistribution on the Edge router.
- Check the Firewall settings on the Edge client router.
- Write static routes on dedicated and cloud servers.
1. Create a global router
Use the instructions Create a global router.
2. Connect the subnets of the dedicated server and cloud platform to the global router
To connect the subnet of a dedicated server (in the example 192.168.0.0/24) and the subnet of the cloud platform (in the example 192.168.1.0/24) to the global router, use section Connect networks and subnets to a global router instructions Link products and services through a global router.
3. Create a docking subnet to communicate with the global router
-
Create a ticket with a request to create a public cloud docking private subnet that will connect the service Edge router to the client Edge router. In the ticket, specify:
-
The way to connect the public cloud to a global router is the third way;
-
the name of the virtual data center, you can see in the control panels under VMware-based cloud → Virtual data centers → virtual data center card;
-
desired CIDR of the subnet — in the example
10.0.0.0/29; -
the desired subnet gateway, this address will be assigned to the service Edge router — in the example
10.0.0.1; -
The ID of the global router, can be found in the control panels under Network services → Selectel Global Router → router page → the field under the router name;
-
the name of the Edge client router, you can see in the control panels under VMware-based cloud → Virtual data centers → virtual data center page → tab Edge routers;
-
the desired IP address for the Edge client router from the docking subnet — in the example
10.0.0.2; -
the desired Autonomous System Number (ASN) for the client Edge router;
-
optional: additional session parameters. If they are not specified, the default values are used:
- Weight — 60;
- Keep Alive Time (Seconds) — 5;
- Hold Down Time (Seconds) — 15.
-
-
We will create a subnet and report it in the ticket.
4. Configure BGP
- From control panels open the Cloud Director panel: in the top menu, click Products → VMware-based cloud → section Cloud Director.
- Go to the section Networking → Edge Gateways.
- Open your Edge router's page.
- Click SERVICES.
- Open the tab Routing → Routing Configuration.
- In the block DYNAMIC ROUTING CONFIGURATION in the field Router ID Select one of the Edge router's interfaces.
- Click Save changes.
- Open the tab Routing → BGP.
- Turn on the toggle switch Enable BGP.
- In the field Local AS enter your AS number.
- In the block Neighbors click +.
- In the field IP Address enter the address of the service Edge router — in the example
10.0.0.1 - In the field Remote AS enter the ASN value we sent in the ticket.
- In the field Weight specify 60 or the value you specified in the ticket.
- In the field Keep Alive Time specify 5 or the value you specified in the ticket.
- In the field Hold Down Time specify 15 or the value you specified in the ticket.
- Turn on the toggle switch Remove Private AS.
- Optional: to restrict the reception and transmission of routes, in the block BGP Filters configure BGP filters.
- Click KEEP.
5. Configure route redistribution
- From control panels open the Cloud Director panel: in the top menu, click Products → VMware-based cloud → section Cloud Director.
- Go to the section Networking → Edge Gateways.
- Open the Edge router client page.
- Click SERVICES.
- Open the tab Routing → Route Redistribution.
- Turn on the toggle switch BGP Status.
- In the block Ip Prefixes click + and add the public cloud subnet that you associate with the global router — in the example
192.168.2.0/24 - Click KEEP.
- Repeat steps 7-8 for all public cloud networks you want to associate with the global router.
- In the block Route Redistribution Table click +.
- In the field Prefix Name Select Ip Prefix — the subnet of the public cloud for which the allow rule will be configured.
- In the field Learner Protocol select BGP.
- In the field Allow learning from check the box Connected.
- In the field Action select Permit.
- Click KEEP.
- Repeat steps 10-15 for all Ip Prefixes.
- In the block Route Redistribution Table click +.
- In the field Prefix Name select Any.
- In the field Learner Protocol select
BGP. - In the field Allow learning from check the boxes OSPF, Static Routes, Connected.
- In the field Action select Deny.
- Click KEEP.
- Click Save changes.
- Make sure that the deny rule Deny added last on the list.
6. Check the Firewall settings
Make sure the settings Firewall on your Edge router allow the necessary traffic between the public cloud subnets and the subnets connected to the global router.
7. Prescribe static routes on dedicated and cloud servers
If the global router is used as the default gateway on the cloud and dedicated servers, you do not need to specify routes.
If not, on cloud and dedicated servers that are linked to a global router, static routes:
-
specify the CIDR of the new public cloud subnet as the destination subnet — in the example
192.168.2.0/24; -
as gateway, specify the address from the subnet to which the corresponding server is added and which is used as the gateway of the global router, in the example:
- for a dedicated server--
192.168.0.1; - for the cloud server--
192.168.1.1.
- for a dedicated server--