[AusNOG] AWS With Megaport

Benoit Page-Guitard benoit.page at hostopia.com.au
Tue Feb 12 20:29:30 EST 2019


As Steve indirectly pointed out above, an AWS VPC is not a real layer 2
domain.. so there's nothing really to "extend into".

The best way to conceptualise a VPC at a layer 2 level (at least from a
network engineer's perspective) is to imagine a full mesh of hosts,
connected by overlay tunnels, where every host has (or can have) full
knowledge of MAC-to-tunnel-endpoint mappings for every VPC member. It's
also unicast-only.

Basically, the only way for a MAC to be "added" to a VPC is for it to be
programmed onto each host.

It's not a completely accurate picture of how things actually work, but it
serves well enough to explain why you can't just extend your own layer 2
domain onto a VPC and expect broadcasts and L2 learning to "just work".

Hope that helps..


Benoit

On Tue, 12 Feb 2019 at 03:56, simon thomason <sapage at sapage.net> wrote:

> Friends don't let friends build large layer2 networks!
>
> That said; if you wanted to get a little creative you could run up a
> csr1000v and setup otv and lisp from AWS to your on prem infra. I have
> never set it up but would be interesting to see if the MP transport
> supports it.
>
> I guess the question is really, why would you want to extend your layer2
> domain into the cloud.
> You will not be able to run redundant connections.
> You have just increased your fail domain size and will be tromboning
> traffic.
>
>
>
> On Tue., 12 Feb. 2019, 6:17 pm Tim Raphael <raphael.timothy at gmail.com
> wrote:
>
>> That’s still routed and not bridged over the DC. It’s all layer 3 over
>> DCs unless (as mentioned) you use an L2 tunnelling method onto a compute VM.
>>
>> - Tim
>>
>> On 12 Feb 2019, at 19:01, Andras Toth <diosbejgli at gmail.com> wrote:
>>
>> I'm not sure if the Megaport Direct Connect is any different to a regular
>> AWS Direct Connect, but a friend of mine has successfully used a regular
>> AWS Direct Connect that they extended into their EC2 VPC and assigned IP
>> addresses to their instances from their own /28 range.
>>
>> The subnet has a Route Table that would say send everything to the DX VGW
>> to make this work.
>>
>> The only caveat was the .1 and .2 addresses cannot be used because that's
>> the AWS Default Gateway and DNS, etc.
>>
>> Andras
>>
>>
>> On Tue, Feb 12, 2019 at 1:30 PM Steve Tu <steve.tu at megaport.com> wrote:
>>
>>> Hi Joseph,
>>>
>>> Thank your for your enquiry.
>>>
>>> As Simon Thomason pointed out, AWS Direct Connect - Private Virtual
>>> Interface is mainly for connecting two private networks together by
>>> exchanging routes via BGP.
>>>
>>> In your scenario of extending your on-premises network into the native
>>> AWS VPC so they are on the same broadcast domain, this is not a supported
>>> scenario. Also on AWS VPC route table, the destination via next-hop/default
>>> gateway will need to be an AWS component i.e. Virtual Private Gateway or
>>> Internet Gateway etc. and not something outside of AWS.
>>>
>>> https://aws.amazon.com/vpc/faqs/
>>> Please also check the Topology section of the FAQ
>>>
>>> There are options such as VMware on AWS and creating a L2VPN over Direct
>>> Connect, that may suits your requirements.
>>>
>>> I hope this answers your question, and if you have any further
>>> questions, please do not hesitate to contact me,
>>>
>>> *SteveTu*
>>> *Solutions Architect APAC*
>>>
>>> Phone: +61 430 965 798
>>> [image: Connect on LinkedIn] <https://www.linkedin.com/in/tusteven/>
>>>
>>>
>>>
>>> [image: Visit Megaport.com] <https://www.megaport.com/>
>>>
>>> This message is intended for the addressee named and may contain
>>> confidential information. If you are not the intended recipient please
>>> delete it and notify the sender.
>>>
>>>
>>> On Tue, Feb 12, 2019 at 12:12 PM Gavin Tweedie <
>>> gavin.tweedie at megaport.com> wrote:
>>>
>>>> I'm not our cloud wizard so let me throw on a technical solutions guy
>>>> or two on this thread to bring it to their attention!
>>>>
>>>> Gav
>>>>
>>>> On Tue, 12 Feb 2019 at 10:08, simon thomason <sapage at sapage.net> wrote:
>>>>
>>>>> I would be interested to know how you do this also.
>>>>>
>>>>> My understanding is that over MP you need to peer with AWS in BGP.
>>>>> https://knowledgebase.megaport.com/cloud-connectivity/aws-cloud/
>>>>>
>>>>> Even looking at AWS doco it says you can not
>>>>> https://aws.amazon.com/directconnect/faqs/.
>>>>>
>>>>> Unless you want to run GRE or something over this but i am not certain
>>>>> why you would.
>>>>>
>>>>> On Tue, Feb 12, 2019 at 11:53 AM Nathan Brookfield <
>>>>> Nathan.Brookfield at simtronic.com.au> wrote:
>>>>>
>>>>>> 100% possible :)
>>>>>>
>>>>>> Nathan Brookfield
>>>>>> Chief Executive Officer
>>>>>>
>>>>>> Simtronic Technologies Pty Ltd
>>>>>> http://www.simtronic.com.au
>>>>>>
>>>>>> On 12 Feb 2019, at 12:40, Joseph Goldman <joe at apcs.com.au> wrote:
>>>>>>
>>>>>> Hi *
>>>>>>
>>>>>>  Just wondering if the following scenario is supported for EC2
>>>>>> instances with AWS.
>>>>>>
>>>>>>  Over megaport, I'd like to use a VXC (Or Direct Connect) - On that
>>>>>> interface on my router, I put x.x.x.1/24, then on my EC2 instances I'd want
>>>>>> to put x.x.x.2-254/24 directly on my compute instances, so those EC2
>>>>>> instances basically become a part of my broadcast domain over the VLAN on
>>>>>> Megaport, and I can control data in/out of those instances.
>>>>>>
>>>>>>  I'm fairly fresh to AWS so not entirely sure the correct way to go
>>>>>> about it through the route tables, VPCs etc - is what I'm asking for
>>>>>> relatively easy and possible?
>>>>>>
>>>>>> Thanks,
>>>>>> Joe
>>>>>> _______________________________________________
>>>>>> AusNOG mailing list
>>>>>> AusNOG at lists.ausnog.net
>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>> _______________________________________________
>>>>>> AusNOG mailing list
>>>>>> AusNOG at lists.ausnog.net
>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>>
>>>>
>>>> --
>>>> Global Interconnection Director
>>>> Megaport <https://www.megaport.com>
>>>> +61 498 498 458
>>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190212/1d39d963/attachment.html>


More information about the AusNOG mailing list