MCR Peering Between Private Clouds
Megaport Cloud Router (MCR) supports multicloudThe use of multiple cloud computing services in a single heterogeneous architecture. For example, an enterprise might use multiple cloud providers for infrastructure (IaaS) and software (SaaS) services. One of Megaport’s core value propositions is enabling multicloud connectivity.
architectures that include combinations of private and public cloud peering types, as well as non-cloud connectivity to your data center. This topic describes:
- The MCR connectivity options supported by the Cloud Service Providers (CSPs) for peering between private clouds.
- How autonomous system numbers (ASNs) work with the Border Gateway Protocol (BGP) routing to advertise routes.
Supported connectivity options with MCR
MCR allows you to build a robust architecture that supports private peering to multiple cloud providers. You can provide connectivity to the same cloud provider, in different regions, with different on-ramps, as long as each BGP peer has a different ASN.
This section describes many, but not all, of the supported private peering connectivity architectures with the MCR. Because networks are not identical, the examples provide a starting point for your peering architecture.
AWS private peering between VPCs
AWS provides the ability to route between different AWS Virtual Private Clouds (VPCs) when using your own private ASN and the MCR.
Azure private peering with a single ExpressRoute and multiple VNets
With Azure, you can attach multiple virtual networks (VNets) to the same ExpressRoute and route traffic between the VNets without leaving the Azure network.
Note
Azure private peering with dual ExpressRoute is not supported. In this scenario, BGP loop prevention will prevent routes from being advertised, because Azure will detect its own ASN in the AS path.
Azure private peering with dual ExpressRoute inter-VNet routing
MCR supports an architecture with dual ExpressRoute circuits connecting each VNet to both ExpressRoute circuits. Because the inter-VNet routing occurs without leaving Azure, the AS path is not evaluated. This deployment provides high availability while also allowing for inter-VNet routing.
Google Cloud Platform VPC peering
VPCs in Google Cloud Platform (GCP) are global and include subnets for each region. GCP provides the ability to perform VPC peering to route traffic between two VPCs.
Oracle Cloud Infrastructure VCN peering
Oracle provides remote Virtual Cloud Network (VCN) peering to route between regions. Support includes routing between Oracle Cloud Infrastructure (OCI) and OCI Classic, or between OCI and Oracle Government Cloud.
Note
External routing between OCI commercial regions is not supported.
For more information, see Remote VCN Peering.
Understanding autonomous system numbers
An autonomous system (AS) is a single network or a set of networks and routers that are managed and supervised on behalf of a single administrative entity, such as a business division. An AS is assigned a globally unique number that identifies the network to the world.
The MCR uses BGP to exchange routes between private peering and non-cloud peering types. To reduce the complexity of BGP support for the CSPs, the MCR provides automated configuration and follows standard BGP routing policies and inter-AS routing best practices. Although the MCR follows routing best practices and BGP has built-in loop prevention, an understanding of the autonomous system path list is helpful when assigning ASNs to peers.
Understanding AS path loop prevention
When routes are advertised to an external BGP (eBGP) neighbor, the ASN of the local router is added to the AS path list (AS_PATH). To the receiving autonomous system (AS), this creates a breadcrumb trail to the originating AS. This image shows two routers, R2 and R3, with the same ASN:
When an eBGP peer receives an eBGP route that includes its own AS number in the AS path, it will drop the route to prevent a BGP route loop. This is the expected behavior with BGP. In this scenario, because R2 and R3 have the same ASN, R3 will drop R2’s routes upon arrival.
After updating R2’s configuration with a unique AS number, 64515, R3 now accepts the routes being advertised by R2. It’s important to keep this in mind when configuring peering between two private clouds.
Private ASN support
With AWS Direct Connect gateway, you can bring your own private ASN to the Amazon side of the connection. Other cloud service providers require you to peer using their public ASN.
This table summarizes the supported ASNs from each CSP:
| Cloud Provider | Peering Type | Customer Side AS | Cloud Provider Side AS |
|---|---|---|---|
| AWS | PRIV_CLOUD | Private or Public ASN | Private ASN or ASN 7224 |
| Google Cloud | PRIV_CLOUD | Private or Public ASN | ASN 16550 |
| Oracle Cloud | PRIV_CLOUD | Private or Public ASN | ASN 31898 (Gov Cloud 6142) |
| Microsoft Azure | PRIV_CLOUD | Private or Public ASN | ASN 12076 |
To learn more, explore these resources.
- AWS – AWS Direct Connect FAQs
- Google Cloud – Establishing 99.99% Availability for Partner Interconnect
- Oracle Cloud – FastConnect Requirements
- Microsoft Azure – Autonomous System numbers (ASN)