[go: up one dir, main page]
action.skip
Megaport Documentation
Configuring an MCR
Copy for LLM ▼
Copy Page Content Open in ChatGPT Open in Claude Open in VS Code View Markdown
PDF

Configuring an MCR

This topic describes how to edit and configure a Megaport Cloud Router (MCR) and Virtual Cross Connect (VXC). Before you begin, you need to create an MCR and configure a VXC, as described in Creating an MCR and Creating an MCR VXC.

Editing an MCR

For each MCR, you can edit any field on the MCR Configuration page, except the rate limit, which is fixed for the duration of the service. The Megaport Marketplace service availability must also be set in your Megaport Marketplace profile.
For more information about how to make your service visible to the Megaport Marketplace, see Adding services to your profile.

To edit an MCR

  1. Log in to the Megaport Portal and choose Services.

  2. Select the MCR you want to edit.
    Edit MCR

  3. Edit any field on the MCR Configuration page as required, except for the MCR Rate Limit or Megaport Marketplace visibility.

    • The Initial BGP State lets you select whether newly created BGP connections are enabled or shut down by default. Select Enabled (the default) if you want any new BGP sessions you configure to be live as soon as you save the configuration. Select Shut Down if you want any new BGP sessions you configure to be left in a shut down state when you save the configuration.

      For example, you might want to select the Shut Down option if you are planning to add several BGP sessions across your Virtual Cross Connects (VXCs) but know that you want to do some other router setup before you want them exchanging route information. When you are finished configuring your routers, you can then go into the relevant BGP sessions and enable them.

    • The setting you choose here just sets the default state for the new BGP session. You can override this in the MCR Connection detail screen. For more information about overriding the BGP state for an individual connection, see Shutting down a BGP connection.

    For more information, see Creating an MCR.

  4. Click Save.

Editing a VXC

For each VXC connected to an MCR you can configure one or more interfaces, IP addresses, BGP connections, or static routes.

Depending on the VXC destination or CSP provider, the MCR connection settings might have been auto-configured during VXC creation. Follow the steps in this task to configure the connection settings as required.

Note

If the VXC provisioning status is LIVE, CONFIGURED, or DEPLOYABLE, the connection configuration fields will be available when editing a VXC regardless of provider.

To edit a VXC interface

  1. Select the MCR VXC you want to edit.

  2. Select the VXC A-End or B-End.

    Edit MCR VXC

  3. Enter one or more Interface IP addresses and subnet masks to configure on the A-End interface.

  4. (Optional) Select a NAT source IPv4 address from the Network Address Translation drop-down list. All packets leaving this interface will have their source NAT rewritten to this address.

    Network Address Translation (NAT)Network Address Translation (NAT) is the process that translates the unregistered private IP addresses used for an organization’s private inner network into a single registered public IP address before packets are sent to an external network. NAT allows private IP networks to use the internet and cloud.
     allows flexibility in designing a scalable and secure multi-vendor, multicloud, or hybrid cloud scenario. Source NAT translates the source IP address of a packet leaving the MCR. When you assign a NAT IP address in MCR, all packets leaving the interface use that IP address as their source IP address. Enable this feature when NAT is required for a connection, for example, when you need to translate several private IP addresses into a single public IP address to meet Cloud Service Provider (CSP) requirements.

    For more information about how MCR performs NAT to support public peering types to cloud service providers, see How MCR performs NAT.

  5. (Optional) If IPsec has been enabled on your MCR, you can configure one or more IPsec tunnels.
    Click + Add IPsec Tunnel Interface.
    Add the IPsec tunnel details:

    • Description – Add a description for your reference.
    • Source IP Address – Click the box and select from the drop-down list.
      This is a list of interface IP addresses defined on this VXC.
    • Destination IP Address – Add the destination IP address.
    • Pre-shared key – Add a key that is common to both the IKE2 (Internet Key Exchange version 2) initiator and responder. The length must be between 8 and 100 characters.
    • Start Action – Select either active or passive. Passive indicates that the local MCR is an IPsec responder waiting for the remote to perform IKE2 initiation.
    • Phase 1 Lifetime – Enter a value between 300 and 604800 seconds. This is the lifetime of IKE2 session in seconds. The default value is 28800 seconds (8 hours). When it expires, rekeying will occur.
    • Phase 2 Lifetime – Enter a value between 300 and 604800 seconds. This is the lifetime in seconds of the IPsec Security Association (SA). The value must be less than the phase1Lifetime. The default value is 3600 seconds (1 hour). When it expires, rekeying will occur. IPSec config details

  6. Enter any details specific to the VXC type.

  7. Click Save.

Using packet filter lists

Packet filters are used to manage the traffic that is allowed to flow through your MCR. You can apply packet filter lists to your VXC if they have been defined on the MCR. Using packet filter lists is optional.
For more information, see Using Packet Filters.

To apply packet filter lists

  1. In the Megaport Portal, go to the Services page.

  2. Select the VXC and select the A-End or B-End.

  3. Select the packet filter lists to apply from the drop-down lists.
    You can select inbound and outbound filters.

  4. Click Save.

Configuring BGP

The Border Gateway Protocol (BGP) allows dynamic route table updates from the MCR across the VXC to the port. Enable one or more BGP peers for the MCR, up to a maximum of five.

To configure BGP

  1. On the MCR Connection detail page, click Add BGP Connection.

    IP details

  2. Specify these values:

    • Local IP – Select the IP address on this interface that communicates with the BGP peer. The drop-down menu is auto-populated based on the address you specified in the connection detail.

    • Peer IP – Specify the IP address for the BGP peer. For example, if the local IP is 198.162.100.1, the peer IP address would be 198.162.100.2.

    • Peer ASN – The ASN of the target routing device that will terminate the BGP connection. The ASN range is from 2 to 4294967294. 4-byte ASNs are supported in the asplain format.

    • BGP Password – The shared key to authenticate the BGP peer. A shared key is optional when creating the VXC, but is required to set up the BGP peering. You can add it after you create the VXC. The shared key length is from 1 to 25 characters. The key can include any of these characters:
      a-z
      A-Z
      0-9
      ! @ # . $ % ^ & * + = - _

      Tip

      Click the eye icon to see the password as you type. The view persists until you click the eye icon again to hide the password.

    • Description (optional) – Enter a description that will help identify this connection. The minimum description length is from 1 to 100 characters.

    • BGP State – Shuts down the connection without removing it. The initial setting will be taken from the setting on the A-End of the MCR. Enabling or shutting down the BGP state does not affect existing BGP sessions. The BGP state only affects new VXCs. This setting overrides the MCR state for an individual connection. For more information, see Shutting down a BGP connection and Creating an MCR.

    Note

    • If you have entered multiple CIDR ranges, the IP addresses are available for selection.
    • Use a CIDR calculator to ensure that all data is valid and within range.

  3. Click Add.

  4. Click Next.

To edit a BGP connection

  1. Select the VXC and select MCR A-End or MCR B-End.
  2. Next to the BGP connection, click Edit.
  3. Make your changes.
  4. Click Update.

For information on the BGP Advanced tab settings, see Configuring BGP Advanced Settings.

Configuring static routes

Static routes establish reachability to peers in place of BGP connections that provide dynamic routing. You configure static routes to provide connectivity to a customer device that doesn’t support BGP or to a target device that requires manually configured addressing and routes. With static routes, you need to manually update any topology changes.

An MCR supports up to 100 static routes.

To add a static route

  1. Select the VXC and select MCR A-End.
  2. In the MCR Connection detail page, under Static Routes, specify the IPv4 or IPv6 destination network address in CIDR notation.
  3. Specify the IPv4 or IPv6 address of the next-hop router.
    The address must be in the same subnet as the interface but it cannot match the interface IP address.
  4. (Optional) In the Description field, include any notes that will help identify this static route.
    The description range is from 1 to 100 characters.
  5. Click Next.
  6. Update the MCR B-End, if necessary.
  7. Click Next.
  8. Click Update.

To view static routes, see Viewing Traffic Routing through the MCR Looking Glass.

Verifying the BGP configuration

The MCR Looking Glass provides single-screen visibility into the BGP configuration. For more information, see Viewing Traffic Routing through MCR Looking Glass.

To view the BGP status

  1. In the Megaport Portal, go to the Services page.
  2. Select the VXC.
  3. Choose Details.
    The Configuration Details page shows the provisioning, service, and BGP status.
    View the BGP status in the Configuration Details page

Troubleshooting BGP

If the Services > Connection Detail page displays a status issue, verify these items:

  1. Select the VXC and select MCR A End or B End.
  2. Under BGP Connections, verify that the correct local ASN is in use for the A-End of the VXC.
  3. Verify that the correct peer IP address is in use.
  4. Verify that the correct BGP MD5 password is in use for the A-End of the VXC.

If the BGP configuration looks correct:

  • Make sure that a BGP peer is not blocking ingress or egress from TCP port 179 (BGP) and other relevant ephemeral ports.

  • Verify that a BGP peer is not advertising more than 100 prefixes to AWS. The maximum number of advertised routes to AWS is 100. The BGP session is disabled if it exceeds the prefix limit of 100 advertised routes.

Shutting down a BGP connection

Use this setting to temporarily disable the BGP session without removing it. BGP shutdown provides a way to administratively shut down a BGP connection while setting up a new route, performing maintenance, troubleshooting, and so on.

To temporarily disable a BGP connection

  1. In the Megaport Portal, go to the Services page.

  2. Select the VXC and select the A-End or B-End.

  3. After the BGP connection details, click Shut Down.

  4. Click Yes to confirm.

Helpful references