Connect with IBM Cloud Direct Link (2.0)

The Equinix Fabric customers can use IBM Cloud™ Direct Link to connect on-premises resources to cloud resources.

Equinix Fabric IBM Cloud Direct Link is ideal for working with IBM Cloud when there are:

  • IBM Cloud deployments on VPC

  • Hybrid workloads

  • Cross-provider workloads

  • Large or frequent data transfers

  • Private or regulated workloads

IBM Cloud Direct Link Connect is more suitable than IBM Cloud Direct Link Dedicated when you need:

  • Quicker connectivity for mission-critical workloads

  • A high degree of granularity and flexibility in the connection bandwidth

  • Connections at speeds of at 5 Gbps or less

  • Diverse ports in a point of presence (PoP) are available

Technical Considerations

Review these technical considerations before deployment.

Architecture

In this diagram, the Service Provider Network refers to Equinix Fabric.

IP Addresses

If you use Classic IaaS, be aware that IBM infrastructure uses the 10.x.x.x network. You can't overlap your on-premises hosts within IBM Cloud or with the IBM Cloud services networks 10.0.0.0/14, 10.198.0.0/15, and 10.200.0.0/14. See Direct Link prerequisites (item 7) for more information.

As stated in IBM Cloud Direct Link on Classic BGP configuration instructions, the following networks are filtered out and can't be accepted: 10.0.0.0/14, 10.198.0.0/15, 10.200.0.0/14, 169.254.0.0/16, and 224.0.0.0/4.

BGP Interconnection Network

Before deployment, verify that the parameters fulfill the IBM Cloud limitations.

The BGP peering interconnection subnet can be automatically or manually assigned when defining the IBM Cloud Direct Link Connect parameters.

If you choose auto-select IP, a /30 subnet is automatically assigned in this range:

  • 169.254.0.0/16
    IBM Cloud uses the first IP, and the on-premises router uses the second IP.

If you choose manual-select IP, you can assign your interconnection CIDR in these ranges:

  • 10.254.0.0/16

  • 169.254.0.0/16

  • 172.16.0.0/12

  • 192.168.0.0/16

  • Any public IP addresses

Autonomous System Number (ASN)

Both private and public ASN can be used for the on-premises router. The default ASN is 64999.

The following ASNs are not allowed:

  • 0

  • 13884

  • 36351

  • 64512–64513

  • 65100

  • 65201‍–‍65234

  • 65402‍–‍65433

  • 65500

  • 4201065000‍–‍4201065999

Virtual Routing and Forwarding (VRF)

IBM Cloud Direct Link does not require a global VRF unless connection to the IBM Cloud Classic environment is required.

For more information, see these IBM documents:

If you do need to migrate your account to VRF before deployment, open a support ticket. For instructions, see Converting to virtual routing and forwarding.

Note: Migrating to a VRF requires a short outage window (up to 30 minutes). During this time, the backend network VLANs lose mutual connectivity while they are moved to the VRF.

To verify if your account is migrated to VRF, go to the IBM Cloud console. Select Manage > Account Settings > Virtual Routing and Forwarding. The VRF setting displays Yes or No.

Connection Process

Connection to IBM Cloud Direct Link Connect with Equinix Fabric requires three phases:

  1. Create the virtual connection on the Equinix Fabric Portal to the IBM Cloud Direct Link 2.0 profile.

  2. Accept and finish configuration of the Direct Link Connect gateway on the IBM Cloud console.

  3. Configure the BGP session on your on-premises or Network Edge router.

Additional instructions are available on IBM's Equinix ordering considerations.

This procedure is focused on the interconnection between an on-premises router and an IBM Cloud VPC. The following elements will be deployed:

  • IBM Cloud Direct Link 2.0 Connect gateway

  • Virtual connection from the IBM Cloud Direct Link gateway to the VPC

  • Virtual connection from the on-premises router to IBM Cloud Direct Link 2.0

A Network Edge virtual device is the on-premises router used in examples and images.

Prerequisites

  • This procedure assumes that a VPC is deployed and configured in IBM Cloud.

    In this example, the VPC is deployed in Frankfurt and has three subnets. A virtual server is running in one of the subnets (only the routes to subnets with virtual servers running are advertised).

  • To configure the Direct Link connection, the 32-character IBM account ID is required. From the IBM Cloud console, select Manage Account > Account Settings.

Connect to IBM Cloud through Direct Link in Equinix Fabric

  1. Log in to Equinix Fabric.
  2. Click Create Connection.
  3. In the Frequent Connections section, click IBM Cloud.
  4. On the IBM Cloud Direct Link 2 card, click Create Connection.

  5. In the Origin section, click Port or Virtual Device.
  6. Select a Location.
  7. Select a port or Virtual Device Type.
  8. Select a Destination.
  9. Click Next.
  10. In the Connection Information section:
    • Virtual Connection Name – Enter a name for your virtual connection.
    • IBM Cloud Account – Enter your IBM Cloud Account ID. To locate this number, see the Prerequisites.
    • Purchase Order Number – Enter your PO number.

    • ASN – Enter the ASN of your on-premises router.
    • CER IPv4 CIDR and IBM IPv4 CIDR – These addresses are not required, because the IBM Cloud can supply them automatically. But if you provide your own addresses, you must complete both fields.

  1. Select a Connection Speed.

  2. Click Next.
  3. Review your order, then click Submit Order. A Success message is displayed, and you will receive a confirmation email.

You can view your newly created virtual connection for Direct Link by going to Connections. Click the connection name to display more details. The Status displays Pending Approval, and the Provider Status displays Not Available.

The IBM Special Network Services (SNS) team receives your request and approves the connection. The SLA for the approval is 24 hours. If this is not acceptable, you can open a support ticket. For more information, see Equinix ordering considerations.

Accept the IBM Direct Link Connection and Continue Configuration

  1. Log in to the IBM Cloud console.
  2. Go to Interconnectivity and select Direct Link.

    The new Direct Link gateway status is pending approval.

  3. To view more details in a drop-down, click the new Direct Link name that matches the new virtual connection.

  4. Click Review. Configuration details are displayed.

  5. Click Accept.
  6. In the Finalize creation form:

    1. Choose a group from the Resource group drop-down list.

    2. Select your choices in the Gateway, Billing, and other sections, or leave the default settings.

    3. Review and select the Direct Link Connect prerequisites.

    4. Click Create.

  7. Click the name of the new Direct Link gateway. The details are displayed.

  8. Once it is provisioned, verify that the BGP session is configured but idle, and scroll down to Add connection.

  9. Click Add to add a virtual connection from your new Direct Link to your VPC.

    In the Equinix Fabric portal, the Equinix Status and the Provider Status display Provisioned for the new connection.

Configure the BGP Connection

  1. Configure the BGP session in your on-premises router.

    • The necessary data can be found in the Direct Link Connect Details if it was auto-assigned.

    • Use the data to configure the on-premises router (for example, the Network Edge virtual device).

  2. Verify that the BGP session is up in the Equinix Fabric Portal. The Provisioning Status should display Provisioned, and the BGP State should display Established.

  3. Verify that the BGP session is up in the IBM Cloud console. In the IBM Cloud Direct Link Details, the BGP Status should change from Active to Connect, then to Established.

Increase or Decrease Connection Bandwidth

You can increase or decrease the bandwidth or your connection to IBM Direct Link without deleting or recreating the connection. To change to bandwidth of your connection:

  1. In the Equinix Fabric portal, select your connection in the Connection Inventory.

  2. In the Overview section, scroll to Bandwidth and click Change.

  3. Click the Bandwidth drop-down to select a new speed.

  4. Select I am authorized to make this change and accept the new monthly charge.

  5. Click Confirm.

  6. Return to the IBM Cloud console to approve the bandwidth change.

Once the change is approved on the IBM console, Equinix Fabric will provision the new bandwidth and start charging for the updated bandwidth tier.

Troubleshooting

Currently there is no capability to connect to the IBM router to check the BGP session behavior, routes learned, or routes advertised. If that information is required, open a support ticket (team: ACS-Network) to request it.

Troubleshooting can be done by SSH into the on-premises or Network Edge router by verifying the connection, BGP session, and routes toward the IBM neighbor.

The example below describes a typical troubleshooting session. In this example, the VRF cloud must be used for the Network Edge router.

  • Show the route table and verify that you can reach the BGP peer and the VPC on IBM Cloud:

    # show ip route vrf cloud

    Routing Table: cloud

    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

    (...)

       10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

    C     10.0.0.0/30 is directly connected, GigabitEthernet4

    L     10.0.0.1/32 is directly connected, GigabitEthernet4

    B     192.168.200.0/24 [20/0] via 169.254.0.2, 00:54:13

  • In this case, everything looks fine. If not, BGP session and neighbors could be checked:

    # show bgp vrf cloud neighbors

    BGP neighbor is 10.0.0.2, vrf cloud, remote AS 13884, external link

    BGP version 4, remote router ID 10.0.0.2

    (...)

  • Verify that you can reach the BGP peer (the IBM Cloud router):

    # ping vrf cloud 10.0.0.2

    Type escape sequence to abort.

    Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:

    !!!!!

    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

  • List the routes that the router is learning from the BGP peer:

    # show bgp vrf cloud neighbor 10.0.0.2 routes

    % Command accepted but obsolete, unreleased or unsupported; see documentation.

     

    BGP table version is 2, local router ID is 89.202.19.34

    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

    (...)

    Origin codes: i - IGP, e - EGP, ? - incomplete

    (...)

       Network Next Hop Metric LocPrf Weight Path

    Route Distinguisher: 65000:17137 (default for vrf cloud)

    *> 192.168.200.0 10.0.0.2 0 13884 36351 i

     

    Total number of prefixes 1

IBM Cloud does not advertise the prefixes associated with a subnet unless services are deployed and running in it. In this example, the route 192.168.200.0/24 via 169.254.0.2 is received because a virtual server is running in the subnet. If there is no server or if the server is stopped, the route is not advertised. Therefore, the other subnet’s prefixes (192.168.201.0/24, 192.168.202.0/24) are not received.

Remove the IBM Cloud Direct Link Connection

To remove the created connection, delete the resources created in both the IBM Cloud console and the Equinix Fabric portal. The connections must first be deleted in the IBM Cloud console, and then in Equinix Fabric.

Delete the IBM Cloud Direct Link Connect on the IBM Cloud Console

  1. Go to the IBM Cloud console, click Interconnectivity, and select Direct Link.

  2. Click the Direct Link name to display the Direct Link details.

  3. Delete all the virtual connections.

  4. In the Actions menu, delete the Direct Link.

Delete the Connection on the Equinix Fabric Portal

  1. In the Equinix Fabric Portal, click Connections and select Connection Inventory.

  2. Locate and click the connection.

  3. Scroll to the bottom of the page and click Delete Connection.

Accept the Deletion on the IBM Cloud Console

  1. Go to the IBM Cloud console, click Interconnectivity, and select Direct Link.

  2. Click the bell icon close to the Direct Link name.

  3. Confirm the deletion.

Redundancy for IBM Direct Link 2.0

Although BM Direct Link service is designed with high availability using multi-zone regions (MZRs), your connection is linked to a specific location. Therefore, you must design and deploy redundancy or disaster recovery architectures.

  • As described in Models for diversity and redundancy in Direct Link, Direct Link is not a redundant service at the cross-connect router (XCR), so it's your responsibility to create redundancy through your BGP schemas.

  • Also, as described in Direct Link prerequisites (item 4), for redundancy through the Direct Link service, you can purchase two separate Direct link connections in a single IBM Cloud network PoP on two separate routers, or you can order two single connections into two geographically diverse Direct Link PoP locations.

Three models can be used to achieve redundancy:

  • Configure 2x IBM Direct Link Connect gateways over diverse ports and XCR in the same market (location and metro). If all the Cloud resources are deployed in that market, only Local Routing is required.

  • Configure 2x IBM Direct Link Connect gateways over diverse POPs in the same market. If all the Cloud resources are deployed in that market, only Local Routing is required.

    Using Equinix Fabric, this model can be achieved in the Tokyo market (POPs: Tokyo 3 and Osaka 1) and in the Dallas market (POPs: Chicago 1 and Dallas 3).

  • Configure 2x IBM Direct Link Connect gateways over diverse POPs and diverse markets. This model requires global routing.

See Models for diversity and redundancy in Direct Link for the diagrams for each model. More information is also available at High availability and disaster recovery for Direct Link.