Configuring BGP
Once the connection has been created and accepted, configure the routing between your Equinix Fabric Cloud Router or Network Edge device and your AWS VPC.
Configure BGP Peering in AWS (Z-side)
To configure the Z-side, following parameters are required:
- A new VLAN tag.
- A public or private BGP ASN - If you are using a public ASN, you must own it. If you are using a private ASN, it must be in the 65000 range.
- The network prefixes to advertise - Any advertised prefix must include only your ASN in the BGP AS-PATH.
- The virtual private gateway for connection. For more information about creating a virtual private gateway, see adding a hardware virtual private gateway to your VPC in the Amazon VPC User Guide.
Next, you need to connect your new AWS Direct Connect to a Virtual Interface (VIF) on the virtual private gateway.
Under Define Your New Private Virtual Interface, do the following:
-
In the Interface Name field, enter a name for the virtual interface.
-
In Interface Owner, select the My AWS Account option if the virtual interface is for your AWS account ID.
-
In the VGW list, select the virtual gateway to connect to.
-
The VLAN # field will already be filled in and grayed out.
-
To have AWS generate your router IP address and Amazon IP address, select Auto-generate peer IPs.
-
To specify these IP addresses, de-select the Auto-generate peer IPs option, and then in the Your router peer IP field, enter the destination IPv4 CIDR address that Amazon should send traffic to. In the Amazon router peer IP field, enter the IPv4 CIDR address you will use to send traffic to Amazon Web Services.
-
In the BGP ASN field, enter the Border Gateway Protocol (BGP) Autonomous System Number (ASN) of your gateway; for example, a number between 1 and 65534.
-
Select Auto-generate BGP key to have AWS generate one.
-
To provide your own BGP key, de-select Auto-generate BGP key, and then in the BGP Authorization Key field, enter your BGP MD5 key.
notePublic VIFs are also supported on Equinix Fabric.
-
View the Router (BGP) Configuration. In the Virtual Interfaces pane, select a virtual interface, then click the arrow to show more details.
Configure BGP Peering on Fabric Cloud Router (A-side)
First ensure that the appropriate AWS Direct Connect is fully configured in AWS, including the VIF. Navigate to your Connections inventory in the Customer Portal.
-
From the Connection Name list, click the name of your new connection. Start with your primary connection, if it's not configured yet. A summary of the connection details is displayed, including the status of
Pending Interface Configuration
..
-
Select the Routing Details tab and click Configure Routing. The Configure Routing Details form is displayed.
-
Select the type of subnet to provide: Enter my own IPv4 address.
-
Enter an Equinix-side IPv4 address with CIDR.
/30
is sufficient, but/28
and/29
also are permitted. -
Select Enable Border Gateway Protocol (BGP). Enter a Customer-side ASN, which should typically be the ASN defined on your Direct Connect Gateway, and a Customer-side Peer IPv4 host address.
-
If you are using BGP Authentication, enter the shared secret. Ensure that the secret is appropriately configured and matches on the Direct Connect circuit in the AWS portal as well.
-
If you would like to use Bidirectional Forwarding Detection (BFD), select Enable BFD and set the appropriate interval in milliseconds. The BFD interval must match on both sides of the connection.
-
Click Apply Changes. The Routing Details are updated, and the Fabric side of the connection is provisioned.
-
If you created a secondary connection to AWS, repeat the steps to configure the second connection.
To complete the configuration of the end-to-end connection, make the corresponding routing changes in AWS.
Configure BGP Peering on Network Edge Device (A-side)
How you configure BGP on a virtual device varies on the vendor of the device (such as Cisco or Juniper).
-
Configure physical port with appropriate protocols and tagging.
-
Configure logical ports (sub-interfaces) with appropriate IP addresses and VLAN tags.
-
Configure BGP peering.