This process describes accepting an AWS Direct Connect virtual interface with Red Hat OpenShift service on AWS. For more information about AWS Direct Connect types and configuration, see the AWS Direct Connect components documentation.
A Direct Connect connection requires a hosted Virtual Interface (VIF) connected to a Direct Connect Gateway (DXGateway), which is in turn associated to a Virtual Gateway (VGW) or a Transit Gateway in order to access a remote VPC in the same or another account.
If you do not have an existing DXGateway, the typical process involves creating the hosted VIF, with the DXGateway and VGW being created in the Red Hat OpenShift service on AWS AWS Account.
If you have an existing DXGateway connected to one or more existing VGWs, the process involves the Red Hat OpenShift service on AWS AWS Account sending an Association Proposal to the DXGateway owner. The DXGateway owner must ensure that the proposed CIDR will not conflict with any other VGWs they have associated.
See the following AWS documentation for more details:
When connecting to an existing DXGateway, you are responsible for the costs. |
There are two configuration options available:
Method 1 |
Create the hosted VIF and then the DXGateway and VGW. |
Method 2 |
Request a connection via an existing Direct Connect Gateway that you own. |
Gather Red Hat OpenShift service on AWS AWS Account ID.
View the Direct Connect Virtual Interface details to determine the type of connection.
Log in to the Red Hat OpenShift service on AWS AWS Account Dashboard and select the correct region.
Select Direct Connect from the services menu.
There will be one or more Virtual Interfaces waiting to be accepted, select one of them to view the Summary.
View the Virtual Interface type: private or public.
Record the Amazon side ASN value.
If the Direct Connect Virtual Interface type is Private, a Virtual Private Gateway is created. If the Direct Connect Virtual Interface is Public, a Direct Connect Gateway is created.
A Private Direct Connect is created if the Direct Connect Virtual Interface type is Private.
Log in to the Red Hat OpenShift service on AWS AWS Account Dashboard and select the correct region.
From the AWS region, select VPC from the services menu.
Select Virtual Private Gateways from VPN Connections.
Click Create Virtual Private Gateway.
Give the Virtual Private Gateway a suitable name.
Select Custom ASN and enter the Amazon side ASN value gathered previously.
Create the Virtual Private Gateway.
Click the newly created Virtual Private Gateway and choose Attach to VPC from the Actions tab.
Select the Red Hat OpenShift service on AWS Cluster VPC from the list, and attach the Virtual Private Gateway to the VPC.
From the services menu, click Direct Connect. Choose one of the Direct Connect Virtual Interfaces from the list.
Acknowledge the I understand that Direct Connect port charges apply once I click Accept Connection message, then choose Accept Connection.
Choose to Accept the Virtual Private Gateway Connection and select the Virtual Private Gateway that was created in the previous steps.
Select Accept to accept the connection.
Repeat the previous steps if there is more than one Virtual Interface.
A Public Direct Connect is created if the Direct Connect Virtual Interface type is Public.
Log in to the Red Hat OpenShift service on AWS AWS Account Dashboard and select the correct region.
From the Red Hat OpenShift service on AWS AWS Account region, select Direct Connect from the services menu.
Select Direct Connect Gateways and Create Direct Connect Gateway.
Give the Direct Connect Gateway a suitable name.
In the Amazon side ASN, enter the Amazon side ASN value gathered previously.
Create the Direct Connect Gateway.
Select Direct Connect from the services menu.
Select one of the Direct Connect Virtual Interfaces from the list.
Acknowledge the I understand that Direct Connect port charges apply once I click Accept Connection message, then choose Accept Connection.
Choose to Accept the Direct Connect Gateway Connection and select the Direct Connect Gateway that was created in the previous steps.
Click Accept to accept the connection.
Repeat the previous steps if there is more than one Virtual Interface.
After the Direct Connect Virtual Interfaces have been accepted, wait a short period and view the status of the Interfaces.
Log in to the Red Hat OpenShift service on AWS AWS Account Dashboard and select the correct region.
From the Red Hat OpenShift service on AWS AWS Account region, select Direct Connect from the services menu.
Select one of the Direct Connect Virtual Interfaces from the list.
Check the Interface State has become Available
Check the Interface BGP Status has become Up.
Repeat this verification for any remaining Direct Connect Interfaces.
After the Direct Connect Virtual Interfaces are available, you can log in to the Red Hat OpenShift service on AWS AWS Account Dashboard and download the Direct Connect configuration file for configuration on your side.
Confirm the CIDR range of the Red Hat OpenShift service on AWS VPC will not conflict with any other VGWs you have associated.
Gather the following information:
The Direct Connect Gateway ID.
The AWS Account ID associated with the virtual interface.
The BGP ASN assigned for the DXGateway. Optional: the Amazon default ASN may also be used.
Log in to the Red Hat OpenShift service on AWS AWS Account Dashboard and select the correct region.
From the Red Hat OpenShift service on AWS AWS Account region, select VPC from the services menu.
From VPN Connections, select Virtual Private Gateways.
Select Create Virtual Private Gateway.
Give the Virtual Private Gateway a suitable name.
Click Custom ASN and enter the Amazon side ASN value gathered previously or use the Amazon Provided ASN.
Create the Virtual Private Gateway.
In the Navigation pane of the Red Hat OpenShift service on AWS AWS Account Dashboard, choose Virtual private gateways and select the virtual private gateway. Choose View details.
Choose Direct Connect gateway associations and click Associate Direct Connect gateway.
Under Association account type, for Account owner, choose Another account.
For Direct Connect gateway owner, enter the ID of the AWS account that owns the Direct Connect gateway.
Under Association settings, for Direct Connect gateway ID, enter the ID of the Direct Connect gateway.
Under Association settings, for Virtual interface owner, enter the ID of the AWS account that owns the virtual interface for the association.
Optional: Add prefixes to Allowed prefixes, separating them using commas.
Choose Associate Direct Connect gateway.
After the Association Proposal has been sent, it will be waiting for your acceptance. The final steps you must perform are available in the AWS Documentation.
Further troubleshooting can be found in the Troubleshooting AWS Direct Connect documentation.