Optimize Multi-Cloud Connectivity

Network Edge works with Equinix Fabric to provide a virtual cloud on-ramp that can be spun up in minutes. This provides low-latency multi-cloud access for a variety of applications. If the applications are multi-tiered or latency-sensitive, they can be implemented as part of a secure cross-cloud connectivity solution in real-time using virtual networking constructs.

Architecture

The multi-cloud topology in this architecture scenario has a web tier deployed in one cloud provider and a database tier deployed with another cloud provider in the same region. This solution reduces the number of deployed devices and creates an abstraction layer at the edge of multiple cloud providers. Enterprises find this useful for reducing network complexity and potentially lowering costs for cloud-to-cloud connectivity.

Network communication between the application tiers is provided by direct private Layer 2 interconnections through the Equinix Fabric, with the Network Edge device providing Layer 3 services. The Network Edge device is a virtual network function (VNF) that is hosted by the Network Edge network function virtualization (NFV) platform.


Equinix Components

  • Equinix Fabric – Equinix Fabric is a switching platform that provides private connectivity to a wide selection of providers that are participants on the Fabric. Virtual circuits are provisioned on the Fabric using software-defined networking to establish connectivity to providers that are connected to the Fabric. Virtual connections can be created using the Fabric Portal or APIs.

  • Equinix Network Edge – Network Edge is an ETSI-compliant NFV platform that hosts VNFs (routers, firewalls, and SD-WAN) from various vendors such as Cisco, Juniper, Palo Alto, Fortinet, Versa, Aruba, and Check Point. VNFs can be deployed in real-time and, once deployed, you can start building virtual connections to providers on the Fabric.

Cloud Service Provider (CSP) Components

  • Private interconnection – Private interconnections from the CSP are Layer 2 partner or hosted connections that connect to the Equinix Fabric. Partner or hosted connections provide an intermediate switch between a device and the CSP router it peers with. Once the private Layer 2 interconnection has been established, you can set up Layer 3 peering with the CSP gateway. Private interconnections bypass the internet.

  • Cloud gateway – The cloud gateway is a software-defined router that is instantiated in the CSP network and connected to the virtual private cloud. The cloud gateway is used to establish BGP peering to the Network Edge device and is attached to the virtual private cloud (VPC) providing reachability between clouds.

  • Virtual private cloud – The VPC is a virtual network that serves as the container to deploy subnets and other networking constructs to instantiate compute and other application services.

  • Application tiers – Once the VPC is built, hosts can be deployed as needed for the application. In this architecture example, the customer can deploy IaaS for the web tier, deploy the database tier as IaaS, or deploy as a PaaS solution. With these deployment models, all services can be accessed over the private interconnection.

Recommendations

These recommendations provide a starting point. Customer requirements might differ from this list.

  • Choice of location – This architecture example shows connections between the same region. Depending on the region for deployment, latency will vary, which is an important consideration when designing applications with stringent latency requirements. However, some applications might require inter-region connectivity. In those cases, use the global reach of Equinix Fabric to create those connections.

  • High Availability – This architecture shows a single-threaded deployment with no fault-tolerance. Equinix recommends that customers deploy the level of fault -tolerance needed for their business requirements. Network Edge can be deployed with redundant devices or, in the case of some vendors, devices be deployed as a high-availability pair.

  • IP addressing – For connections to private services over a private virtual interface, customers can use private IP addressing. For some public services, the customer’s own public IP addresses and NAT might be required for the Network Edge device. Because each CSP is different when it comes to public addressing requirements, research is required before trying to create public connections.

Considerations

When implementing this architecture, consider the following factors.

Performance

In addition to latency, bandwidth between the components and device throughput must is important. The virtual circuits must be sized appropriately, and the devices must support the desired throughput.

Security

Private interconnections on the Fabric to the cloud provider are not encrypted. An application that requires encryption must encrypt either at the application layer, or at the network layer where IPSEC tunnels can be built between the Network Edge device and a cloud gateway. IPSEC tunnels involve overhead, which also affects the device selection.

Equinix Costs

  • Device instance – The cost for the virtual device (does not include the license cost).

  • License for the virtual device – Customers can purchase a subscription license for some vendors. Bring Your Own License (BYOL) is available for all vendors.

  • Virtual circuits – Monthly recurring charges are based on the size of the circuits. Connections between metros across the Equinix Fabric, incur an additional surcharge for the remote connection.

CSP Costs

  • Egress Charges – Charged by some service providers based on the amount of data that is transmitted over the private interconnection. These charges vary based on the provider. Using a private interconnection reduces the egress charges when compared to the Internet.

  • Fixed Port Charges – Charged by some providers based on the circuit size, in addition to the egress charges. Both egress and fixed port charges factor into your application design.

By deploying a virtual routing function on Network Edge, customers can consolidate multi-cloud connections at a single control point. This consolidation provides more control and optional high availability while avoiding public egress charges over the internet. Also, this design allows for agile deployments at the edge in a similar fashion to enterprise networks.