Direct connect#

General information#

Attention

Currently, the service is at the technology preview stage and is only available to a limited number of customers. If you are ready to try the service in the beta mode, please contact your manager or leave a request on the support portal. In the request, describe the planned usage and desired connect configuration (for details, see Connecting to the cloud)

The Direct Connect service provides L3 connectivity between your enterprise network and K2 Cloud. You get a direct link with low latency and guaranteed throughput for accessing K2 Cloud services.

To establish the link, you may colocate your equipment in any of the data centers underlying the cloud or rent an external communication link; 1, 10, and 25 Gbps links are supported.

The Direct Connect service includes two main components (for details, see Key concepts):

  • connection via a physical link between your site and the cloud data center;

  • virtual interface between the connection and the cloud to access cloud services.

Connecting to the cloud#

To establish a direct connect to K2 Cloud, leave a request on the support portal or email us at support@k2.cloud. The request should specify:

  • how many connections you need;

  • throughput of each connection;

  • media type (copper/FO and its type) and transceiver type;

  • the data center(s) to which the connection is to be established;

  • whether the connection is to be established to single or multiple devices on the K2 Cloud side 1;

  • desired VLAN IDs for each connection or LAG.

1

If links are connected to one device, the respective connections can be aggregated into a group to increase the throughput. Connecting links to different devices provides a high-availability connection between your enterprise network and K2 Cloud.

Note

To establish a high-availability connection, we recommend ordering at least two links and connect them to different devices or data centers.

After processing the request, our engineers will contact you for additional information (if required). The service is provided if technically feasible as per your service plan.

Connection setup at the user’s side#

Attention

The equipment in use should support both BGP for exchanging route information with the cloud and dot1q extension of 802.1Q as a VLAN encapsulation format.

Once the communication links are installed, our engineers will inform you about the connections and allocated VLAN IDs. Thereafter, you will be able to create virtual interfaces to work with K2 Cloud services. You can view available connections and groups of connections via the API or web interface.

Note

To reorganize or delete a group of connections, contact support service.

When a virtual interface is created, it is associated with a specific VLAN ID. For each virtual interface, configure BGP routing on your equipment. If necessary, you can delete virtual interfaces and create new ones with different settings.

You can configure BGP routing on the client side in advance by specifying the cloud and client IP addresses from the 169.254.252.0/22 ​​subnet. Both addresses must belong to the same /30 CIDR block. The BGP session will be established only after creating a virtual interface. To configure the interface, you must specify the same cloud and client IP addresses.

For BGP to work, enable the ebgp-multihop feature and permit two hops. For example, the configuration for Cisco routers would look like this:

router bgp 64500
  ...
  neighbor <ip> ebgp-multihop 2

Key concepts#

  • Connection – A direct link between the enterprise network and the cloud data center with a fixed throughput. To ensure high-availability connection, order two connections to different devices on the cloud side.

  • LAG – An aggregation group of multiple connections of the same speed in order to increase the throughput. Each connection in LAG must be terminated on the same device on the cloud side. LAG is not intended to provide a high-availability connection.

  • Virtual Interface – The endpoint of the connection through which cloud services are accessed. For a single connection or LAG, you can create several virtual interfaces (as much as the number of VLANs) and establish a BGP peering for each.

  • Direct Connect gateway – A virtual router on the cloud side to which virtual interfaces are attached. For user equipment, it acts as the other side with which BGP sessions are established.

  • Transit gateway – A Direct Connect gateway connects to a VPC via a transit gateway. This connection scheme allows you to access multiple VPCs via a single virtual interface if necessary. The CIDRs of the connected VPCs must not overlap.

  • Transit gateway association – Connection of a Direct Connect gateway to a transit gateway. A single Direct Connect gateway can be connected to multiple transit gateways, and vice versa, multiple Direct Connect gateways can be connected to a single transit gateway. Routing between Direct Connect gateways through a transit gateway is not supported.

  • Allowed prefixes – When creating a transit gateway association, you can specify which subnets should be advertised to the user equipment via BGP. Allowed prefixes thus act as filters for IP addresses that can receive user traffic via virtual interfaces. For each association, you must specify at least one advertised prefix, for example, the CIDR of the VPC being accessed.

  • Route propagation – Routes received via BGP are dynamically installed into the transit gateway’s route tables. Dynamic routes are marked as propagated. By default, route propagation is enabled for all transit gateway attachments.

Establishing access to a VPC (general approach)#

To establish access to a VPC on the cloud side, do the following.

  1. Order the Direct Connect service from the support service.

  2. Create a transit gateway if it was not created earlier and attach the target VPC to it.

  3. Create a Direct Connect gateway.

  4. Create a virtual interface on the Direct Connect gateway.

  5. Create an association between the Direct Connect gateway and the transit gateway.

  6. Add to the VPC route table routes to those user subnets, which user equipment advertises to the cloud.

../../_images/scenario1.png

Establishing access to the VPC via Direct Connect.#

Usage restrictions#

The Direct Connect service allows you to work with K2 Cloud’s resources, except for:

  • object storage;

  • internal load balancers;

  • internal DNS service;

  • virtual switches.

Resource quotas#

The following default quotas are allocated to the service resources:

  • 50 Direct Connect gateways per project;

  • 4 virtual interfaces per connection or LAG;

  • 30 virtual interfaces per Direct Connect gateway;

  • 200 allowed prefixes per association;

  • 1,000 advertised prefixes on the client’s side per virtual interface.

BGP quotas#

When negotiating a BGP neighborship, the BGP timer is set to the lowest supported value:

  • hold timer: default – 90 s, minimum – 3 s;

  • keepalive timer: default – 30 s, minimum – 1 s;

  • graceful restart timer – 120 s.

Managing Direct Connect gateways#

Create a Direct Connect gateway#

  1. Go to Interconnect section Direct Connect Gateways.

  2. Click Create.

  3. In the window that opens, specify the gateway name and the autonomous system number (ASN). Use numbers from private ranges (64512-655345 and 4200000000-4294967294) as the ASN.

  4. If you need to assign tags, proceed to the next step by clicking Add tags. To set the Name tag, click Add Name tag and enter the tag value. To set a custom tag, click Add tag and enter the tag key and value.

  5. Once all parameters are set, click Create.

Create a transit gateway association#

When an association is created, a connection is created between the Direct Connect gateway and the transit gateway.

  1. Go to Interconnect section Direct Connect Gateways.

  2. Select the Direct Connect gateway in the resource table.

  3. Click Create association.

  4. In the window that opens, select the transit gateway with which you want to establish an association. In the Allowed prefixes field, specify at least one CIDR block that will be announced through the virtual interfaces attached to the gateway.

    Important

    If a Direct Connect gateway connects to multiple transit gateways, the allowed prefixes for each association must not overlap.

  5. Once all parameters are set, click Create.

You can also create an association in the Associations tab on the Direct Connect gateway page.

Change allowed prefixes for the association#

  1. Go to Interconnect section Direct Connect Gateways.

  2. Find the Direct Connect gateway in the resource table and click its ID to go to the gateway page.

  3. Open the Associations tab and select the association in the resource table.

  4. Click Change.

  5. In the Allowed prefixes field, add, modify, and/or remove advertised CIDR blocks. After all changes, the field must contain at least one prefix.

  6. Click Save to save changes.

Delete a transit gateway association#

  1. Go to Interconnect section Direct Connect Gateways.

  2. Select the Direct Connect gateway in the resource table.

  3. Click Delete association.

  4. In the dialog window, confirm the deletion.

You can also delete an association in the Associations tab on the Direct Connect gateway page.

Delete a Direct Connect gateway#

Note

To delete a Direct Connect gateway, first delete all of its associations and virtual interfaces.

  1. Go to Interconnect section Direct Connect Gateways.

  2. Select the Direct Connect gateway in the resource table.

  3. Click Delete.

  4. In the dialog window, confirm the deletion.

You can also delete the gateway in the Information tab on the Direct Connect gateway page.

Virtual interface management#

Create a virtual interface#

  1. Go to the section Network connections Direct Connect Virtual interfaces.

  2. Click Create.

  3. In the window that opens, set the virtual interface and BGP session parameters:

    • Virtual interface name.

    • The Direct Connect gateway where the virtual interface is created.

    • The connection or LAG for which the virtual interface is created.

    • VLAN ID within the connection or LAG via which the virtual interface traffic will be transmitted.

    • The IP address on the cloud side. You can set your own address or leave the default one. The IP address must be in the 169.254.252.0/22 subnet and belong to the same /30 subnet as the client IP address.

    • Client BGP ASN. It must be different from the cloud BGP ASN that you set for the Direct Connect gateway.

    • The IP address on the client side. You can set your own address or leave the default one. The IP address must be in the 169.254.252.0/22 subnet and belong to the same /30 subnet as the cloud IP address.

    Note

    When configuring routing on the client side, set the same BGP parameters (IP addresses and ASN).

  4. If you need to assign tags, proceed to the next step by clicking Add tags. To set the Name tag, click Add Name tag and enter the tag value. To set a custom tag, click Add tag and enter the tag key and value.

  5. Once all parameters are set, click Create.

A virtual interface can also be created in the Virtual interfaces tab on the page of the connection / LAG.

Delete a virtual interface#

  1. Go to the section Network connections Direct Connect Virtual interfaces.

  2. Select the virtual interface in the resource table.

  3. Click Delete.

  4. In the dialog window, confirm the deletion.

You can also delete a virtual interface in the Virtual interfaces tab on the page of the relevant connection / LAG.

Viewing resource information#

General information about a specific resource — a connection, LAG, Direct Connect gateway, and virtual interface — can be found by its ID in the resource table in the corresponding subsection of the Direct Connect service. To view details of a particular resource, go to its page.

Information about a connection#

To open the connect page, go to section Interconnect Direct Connect Connects. Find the necessary connection in the resource table and click its ID.

The Information tab#

Displayed parameters:

  • Name.

  • Name tag.

  • Location — a physical site of the connect.

  • Bandwidth.

  • Device ID — The ID of the device to which the connection goes.

  • Unassigned VLAN IDs — The numbers of VLANs without virtual interfaces.

  • Assigned VLAN IDs — The numbers of VLANs with virtual interfaces.

  • LAG — The aggregation group to which the connection belongs (if applicable).

  • Virtual interfaces — The number of virtual interfaces attached to the connection.

Virtual interfaces tab#

The tab contains a table with the summary information about the virtual interfaces attached to this connection. More details of a particular interface can be viewed on its page.

In the tab, you can create virtual interfaces for this connection and delete existing ones.

Tags tab#

The tab displays the tags assigned to the connection. You can add tags, edit keys and values, and delete tags. Learn more about using tags.

Information about an LAG#

To open the page of an LAG, go to the section Interconnect Direct Connect LAG. Find the necessary LAG in the resource table and click its ID.

The Information tab#

Displayed parameters:

  • Name.

  • Name tag.

  • Location — A physical site to which the LAG is connected.

  • Bandwidth — The speed of an individual connection that belongs to the LAG.

  • Connections — The number of connections in the LAG.

  • Minimum connections — If the number of available connections in the LAG drops below the minimum, the group is completely disabled because the remaining connections cannot transmit the required amount of traffic.

  • Virtual interfaces — The number of virtual interfaces attached to the LAG.

Connections tab#

The tab contains a table with the summary information about the connections that belong to the LAG. More details of a particular connection can be viewed on its page.

Virtual interfaces tab#

The tab contains a table with the summary information about the virtual interfaces attached to the LAG. More details of a particular interface can be viewed on its page.

In the tab, you can create virtual interfaces for the LAG and delete existing ones.

Tags tab#

The tab displays the tags assigned to the LAG. You can add tags, edit keys and values, and delete tags. Learn more about using tags.

Information about the Direct Connect gateway#

To open the Direct Connect gateway page, go to the section Interconnect* Direct Connect Gateways. Find the necessary gateway in the resource table and click its ID.

The Information tab#

Displayed parameters:

  • Name.

  • Name tag.

  • BGP ASN.

  • Associations — The number of associations with the transit gateway.

  • Virtual interfaces — The number of attached virtual interfaces.

Actions available:

  • Delete gateway

Associations tab#

The resource table displays the following information about the associations:

  • ID.

  • Transit gateway with which the association is established.

  • Transit gateway connection, which corresponds to the association.

  • Allowed prefixes specified in the association.

In the tab, you can create other associations with transit gateways, change allowed prefixes for a particular association, and delete existing associations.

Virtual interfaces tab#

The tab contains a table with summary information about the virtual interfaces attached to this gateway. For details about a particular interface, see its page.

In the tab, you can create virtual interfaces for this gateway and delete existing ones.

Tags tab#

The tab displays the tags assigned to the Direct Connect gateway. You can add tags, edit keys and values, and delete tags. Learn more about using tags.

Virtual interface information#

To open a virtual interface page, go to Interconnect Direct Connects Virtual Interfaces. Find the desired virtual interface in the resource table and click on its ID.

The Information tab#

Displayed parameters:

  • Name.

  • Name tag.

  • Location – The physical site hosting the connection or LAG to which the virtual interface is attached.

  • Connection/LAG – The connection or LAG to which the virtual interface is attached.

  • VLAN – The number of the VLAN transmitting the traffic to this virtual interface.

  • Direct Connect gateway – The gateway to which the virtual interface is attached.

  • Device ID – ID of the device to which the connection / LAG is attached.

  • Client BGP ASN – BGP ASN on the client’s side.

  • Client IP – IP address of the connection endpoint on the client’s side.

  • Cloud BGP ASN – BGP ASN of the Direct Connect gateway.

  • Cloud IP – IP address of the connection endpoint on the cloud side.

Actions available:

  • Deleting a virtual interface.

Tags tab#

The tab displays the tags assigned to the virtual interface. You can add tags, edit keys and values, and delete tags. Learn more about using tags.