Direct Connect#

General information#

The Direct Connect service provides L3 connectivity between your enterprise network and K2 Cloud via BGP. You thus get a direct link with low latency and guaranteed throughput for accessing K2 Cloud services.

Для организации канала вы можете разместить свое оборудование в любом из облачных ЦОД, либо арендовать внешний канал связи. Для подключения доступны выделенные порты с пропускной способностью 1, 10 и 25 Гбит/с.

Поддерживаемые порты и среды передачи#

Transmission speed

Standard

Transmission media

Distance

Wavelength

Connector type

1 Gbit/s

1000BASE-T

Twisted pair

Up to 100 m

н/п

RJ-45

10 Gbit/s

10GBASE-SR

Multimode fiber

Up to 300 m

850 nm

SFP+,
LC Duplex

10 Gbit/s

10GBASE-LR

Single mode fiber

Up to 20 km

1,310 nm

SFP+,
LC Duplex

25 Gbit/s

25GBASE-LR

Single mode fiber

Up to 20 km

1,310 nm

SFP28,
LC Duplex

В зависимости от скорости выбранного порта могут поддерживаться следующие скорости соединения:

Поддерживаемые скорости соединения#

Скорость соединения, Мбит/с 1

Скорость порта, Гбит/с 2

50

1, 10, 25

100

1, 10, 25

200

1, 10, 25

300

1, 10, 25

400

1, 10, 25

500

1, 10, 25

1000

1, 10, 25

2000

10, 25

3000

10, 25

4000

10, 25

5000

10, 25

10000

10, 25

15000

25

20000

25

25000

25
1

1 Мбит равен 1000000 бит

2

Скорости портов, на которых поддерживается данная скорость соединения

The same constraints apply to inbound and outbound traffic, i.e., if you choose, for example, 50 Mbps, then the maximum transfer speed will be 50 Mbps in both directions.

The Direct Connect service includes two main components (for details, see Key concepts):

  • connection via a physical link between your site and the cloud data center;

  • virtual interface between the connection and the cloud to access cloud services.

За каждое соединение взимается почасовая оплата. Она складывается из:

  • аренды порта/трансивера на стороне облака;

  • скорости соединения через этот порт.

Таким образом, цена за соединение зависит от типа подключения и максимальной гарантированной скорости трафика, который может передаваться через это соединение.

Equipment requirements#

To receive the Direct Connect service, the customer should colocate their equipment in K2 Cloud data centers or provide a dedicated optical connection to the infrastructure outside our data centers using accredited providers. The equipment can be placed at any connection point, since the service makes it possible to connect to resources in any of them.

In K2 Cloud data centers, connection to Direct Connect is provided by the following ISPs 3:

  • GlobalNet;

  • RETN;

  • Telecom birzha.

3

If your ISP is not in the list, please consult the support service.

The equipment in use must support both BGP (IPv4 Unicast) for route information exchange with the cloud and 802.1Q standard for VLAN encapsulation. Using BGP and tagged traffic is mandatory. Routing protocols other than BGP are not supported.

If you need link aggregation to increase throughput, then your equipment must have LACP support enabled.

Traffic is not encrypted, which is why IPSec or other secure traffic transfer methods should be used to protect data in transit between endpoints. Cloud equipment does not support MACSec.

Direct Connect supports transmission of IP packets with a maximum MTU size of 9,000 bytes. This MTU size is used all the way from the customer’s equipment connection point to the VPC.

Request for connection#

To establish a direct connect to K2 Cloud, leave a request on the support portal or email us at support@k2.cloud. The request should specify:

  • number of physical links;

  • throughput of each link;

  • speed limits for ports the links are connected to;

  • тип среды передачи и тип трансивера (см. таблицу с поддерживаемыми скоростями портов и средами передачи):

    Important

    We install transceivers into the equipment on the cloud side, while the customer installs them into the equipment on their side. Customer-purchased transceivers shall not be installed into the cloud equipment. The customer may purchase transceivers from us to install into their equipment.

  • the data center(s) to which the connection is to be established;

  • whether the connection is to be established to single or multiple devices on the K2 Cloud side 4;

  • desired VLAN IDs for each connection or LAG.

4

If links are connected to one device, the respective connections can be aggregated into a group to increase the throughput. Connecting links to different devices provides a high-availability connection between your enterprise network and K2 Cloud.

Note

To establish a high-availability connection, we recommend ordering at least two links and connect them to different devices or data centers.

After processing the request, our engineers will contact you for additional information (if required). The service is provided if technically feasible as per your service plan.

Connection setup at the user’s side#

Once the communication links are installed, our engineers will inform you about the connections and allocated VLAN IDs. Thereafter, you will be able to create virtual interfaces to work with K2 Cloud services. You can view available connections and groups of connections via the API or web interface.

Note

To reorganize or delete a group of connections, contact support service.

When a virtual interface is created, it is associated with a specific VLAN ID. For each virtual interface, configure BGP routing on your equipment. If necessary, you can delete virtual interfaces and create new ones with different settings.

You can configure BGP routing on the client side in advance by specifying the cloud and client IP addresses from the 169.254.252.0/22 ​​subnet. Both addresses must belong to the same /30 CIDR block. The BGP session will be established only after creating a virtual interface. To configure the interface, you must specify the same cloud and client IP addresses.

For BGP to work, enable the ebgp-multihop feature and permit two hops. For example, the configuration for Cisco routers would look like this:

router bgp 64500
  ...
  neighbor <ip> ebgp-multihop 2

Key concepts#

  • Connection – A direct link between the enterprise network and the cloud data center with a fixed throughput. To ensure high-availability connection, order two connections to different devices on the cloud side.

  • LAG – An aggregation group of multiple connections of the same speed in order to increase the throughput. Each connection in LAG must be terminated on the same device on the cloud side. LAG is not intended to provide a high-availability connection.

  • Virtual Interface – The endpoint of the connection through which cloud services are accessed. For a single connection or LAG, you can create several virtual interfaces (as much as the number of VLANs) and establish a BGP peering for each.

  • Direct Connect gateway – A virtual router on the cloud side to which virtual interfaces are attached. For user equipment, it acts as the other side with which BGP sessions are established.

  • Transit gateway – A Direct Connect gateway connects to a VPC via a transit gateway. This connection scheme allows you to access multiple VPCs via a single virtual interface if necessary. The CIDRs of the connected VPCs must not overlap.

  • Transit gateway association – Connection of a Direct Connect gateway to a transit gateway. A single Direct Connect gateway can be connected to multiple transit gateways, and vice versa, multiple Direct Connect gateways can be connected to a single transit gateway. Routing between Direct Connect gateways through a transit gateway is not supported.

  • Allowed prefixes – When creating a transit gateway association, you can specify which subnets should be advertised to the user equipment via BGP. Allowed prefixes thus act as filters for IP addresses that can receive user traffic via virtual interfaces. For each association, you must specify at least one advertised prefix, for example, the CIDR of the VPC being accessed.

  • Route propagation – Routes received via BGP are dynamically installed into the transit gateway’s route tables. Dynamic routes are marked as propagated. By default, route propagation is enabled for all transit gateway attachments.

Establishing access to a VPC (general approach)#

To establish access to a VPC on the cloud side, do the following.

  1. Order the Direct Connect service from the support service.

  2. Create a transit gateway if it was not created earlier and attach the target VPC to it.

  3. Create a Direct Connect gateway.

  4. Create a virtual interface on the Direct Connect gateway.

  5. Create an association between the Direct Connect gateway and the transit gateway.

  6. Add to the VPC route table routes to those user subnets, which user equipment advertises to the cloud.

../../_images/scenario1.png

Establishing access to the VPC via Direct Connect.#

Usage restrictions#

The Direct Connect service allows you to work with K2 Cloud’s resources, except for:

  • object storage;

  • internal load balancers;

  • internal DNS service;

  • virtual switches.

Resource quotas#

The following default quotas are allocated to the service resources:

  • 50 Direct Connect gateways per project;

  • 4 virtual interfaces per connection or LAG;

  • 30 virtual interfaces per Direct Connect gateway;

  • 200 allowed prefixes per association;

  • 1,000 advertised prefixes on the client’s side per virtual interface.

BGP quotas#

When negotiating a BGP neighborship, the BGP timer is set to the lowest supported value:

  • hold timer: default – 90 s, minimum – 3 s;

  • keepalive timer: default – 30 s, minimum – 1 s;

  • graceful restart timer – 120 s.

Managing Direct Connect gateways#

Create a Direct Connect gateway#

  1. Go to Interconnect section Direct Connect Gateways.

  2. Click Create.

  3. In the window that opens, specify the gateway name and the autonomous system number (ASN). Use numbers from private ranges (64512-655345 and 4200000000-4294967294) as the ASN.

  4. If you need to assign tags, proceed to the next step by clicking Add tags. To set the Name tag, click Add Name tag and enter the tag value. To set a custom tag, click Add tag and enter the tag key and value.

  5. Once all parameters are set, click Create.

Create a transit gateway association#

When an association is created, a connection is created between the Direct Connect gateway and the transit gateway.

  1. Go to Interconnect section Direct Connect Gateways.

  2. Select the Direct Connect gateway in the resource table.

  3. Click Create association.

  4. In the window that opens, select the transit gateway with which you want to establish an association. In the Allowed prefixes field, specify at least one CIDR block that will be announced through the virtual interfaces attached to the gateway.

    Important

    If a Direct Connect gateway connects to multiple transit gateways, the allowed prefixes for each association must not overlap.

  5. Once all parameters are set, click Create.

You can also create an association in the Associations tab on the Direct Connect gateway page.

Change allowed prefixes for the association#

  1. Go to Interconnect section Direct Connect Gateways.

  2. Find the Direct Connect gateway in the resource table and click its ID to go to the gateway page.

  3. Open the Associations tab and select the association in the resource table.

  4. Click Change.

  5. In the Allowed prefixes field, add, modify, and/or remove advertised CIDR blocks. After all changes, the field must contain at least one prefix.

  6. Click Save to save changes.

Delete a transit gateway association#

  1. Go to Interconnect section Direct Connect Gateways.

  2. Select the Direct Connect gateway in the resource table.

  3. Click Delete association.

  4. In the dialog window, confirm the deletion.

You can also delete an association in the Associations tab on the Direct Connect gateway page.

Delete a Direct Connect gateway#

Note

To delete a Direct Connect gateway, first delete all of its associations and virtual interfaces.

  1. Go to Interconnect section Direct Connect Gateways.

  2. Select the Direct Connect gateway in the resource table.

  3. Click Delete.

  4. In the dialog window, confirm the deletion.

You can also delete the gateway in the Information tab on the Direct Connect gateway page.

Virtual interface management#

Create a virtual interface#

  1. Go to the section Network connections Direct Connect Virtual interfaces.

  2. Click Create.

  3. In the window that opens, set the virtual interface and BGP session parameters:

    • Virtual interface name.

    • The Direct Connect gateway where the virtual interface is created.

    • The connection or LAG for which the virtual interface is created.

    • VLAN ID within the connection or LAG via which the virtual interface traffic will be transmitted.

    • The IP address on the cloud side. You can set your own address or leave the default one. The IP address must be in the 169.254.252.0/22 subnet and belong to the same /30 subnet as the client IP address.

    • Client BGP ASN. It must be different from the cloud BGP ASN that you set for the Direct Connect gateway.

    • The IP address on the client side. You can set your own address or leave the default one. The IP address must be in the 169.254.252.0/22 subnet and belong to the same /30 subnet as the cloud IP address.

    Note

    When configuring routing on the client side, set the same BGP parameters (IP addresses and ASN).

  4. If you need to assign tags, proceed to the next step by clicking Add tags. To set the Name tag, click Add Name tag and enter the tag value. To set a custom tag, click Add tag and enter the tag key and value.

  5. Once all parameters are set, click Create.

A virtual interface can also be created in the Virtual interfaces tab on the page of the connection / LAG.

Delete a virtual interface#

  1. Go to the section Network connections Direct Connect Virtual interfaces.

  2. Select the virtual interface in the resource table.

  3. Click Delete.

  4. In the dialog window, confirm the deletion.

You can also delete a virtual interface in the Virtual interfaces tab on the page of the relevant connection / LAG.

Viewing resource information#

General information about a specific resource — a connection, LAG, Direct Connect gateway, and virtual interface — can be found by its ID in the resource table in the corresponding subsection of the Direct Connect service. To view details of a particular resource, go to its page.

Information about a connection#

To open the connect page, go to section Interconnect Direct Connect Connects. Find the necessary connection in the resource table and click its ID.

The Information tab displays the main connection parameters:

  • name;

  • value of the Name tag;

  • location — a physical site where the connection is terminated;

  • throughput;

  • ID of the device where the connection is terminated;

  • IDs of free VLANs without virtual interfaces;

  • IDs of used VLANs with virtual interfaces;

  • link aggregation group to which the connection belongs (if applicable);

  • number of virtual interfaces attached to the connection.

The Virtual interfaces tab contains a table with the summary information about the virtual interfaces attached to this connection. More details of a particular interface can be viewed on its page.

In the tab, you can create virtual interfaces for this connection and delete existing ones.

The Tags tab displays the tags assigned to the connection. You can add tags, edit keys and values, and delete tags. Learn more about using tags.

Information about an LAG#

To open the page of an LAG, go to the section Interconnect Direct Connect LAG. Find the necessary LAG in the resource table and click its ID.

The Information tab displays the main group parameters:

  • group name;

  • value of the Name tag;

  • location — a physical site where the LAG is terminated;

  • bandwidth — the speed of an individual connection that belongs to the LAG;

  • number of connections in the LAG;

  • minimum number of connections — if the number of available connections in the LAG drops below the minimum, the LAG is completely disabled because the remaining connections cannot transmit the required amount of traffic;

  • the number of virtual interfaces attached to the LAG.

The Connections tab contains a table with the summary information about the connections that belong to the LAG. More details of a particular connection can be viewed on its page.

The Virtual interfaces tab contains a table with the summary information about the virtual interfaces attached to the LAG. More details of a particular interface can be viewed on its page.

In the tab, you can create virtual interfaces for the LAG and delete existing ones.

The Tags tab displays the tags assigned to the LAG. You can add tags, edit keys and values, and delete tags. Learn more about using tags.

Information about the Direct Connect gateway#

To open the Direct Connect gateway page, go to the section Interconnect* Direct Connect Gateways. Find the necessary gateway in the resource table and click its ID.

The Information tab displays the main gateway parameters:

  • gateway name;

  • value of the Name tag;

  • BGP ASN;

  • the number of associations with the transit gateway;

  • the number of attached virtual interfaces.

Here you can delete the gateway.

The resource table in the Associations tab displays the following information about the associations:

  • ID;

  • transit gateway with which the association is established;

  • transit gateway attachment, which corresponds to the association;

  • allowed prefixes specified in the association.

In the tab, you can create other associations with transit gateways, change allowed prefixes for a particular association, and delete existing associations.

The Virtual interfaces tab contains a table with the summary information about the virtual interfaces attached to this gateway. More details of a particular interface can be viewed on its page.

In the tab, you can create virtual interfaces for this gateway and delete existing ones.

The Tags tab displays the tags assigned to the Direct Connect gateway. You can add tags, edit keys and values, and delete tags. Learn more about using tags.

Virtual interface information#

To open a virtual interface page, go to Interconnect Direct Connects Virtual Interfaces. Find the desired virtual interface in the resource table and click on its ID.

The Information tab displays the main interface parameters:

  • interface name;

  • value of the Name tag;

  • location – the physical site hosting the connection or LAG to which the virtual interface is attached;

  • connection or LAG to which the virtual interface is attached;

  • VLAN transmitting the traffic to this virtual interface;

  • Direct Connect gateway to which the virtual interface is attached;

  • ID of the device to which the connection / LAG is attached;

  • BGP ASN on the client side;

  • IP address of the connection endpoint on the client side;

  • BGP ASN of the Direct Connect gateway;

  • IP address of the connection endpoint on the cloud side.

Here you can delete a virtual interface.

The Tags tab displays the tags assigned to the virtual interface. You can add tags, edit keys and values, and delete tags. Learn more about using tags.