How to configure Cisco router for AWS direct connect line

WorldAquariumSingapore · ‎01-20-2022

Hi All

I have a new aws direct connect line and also have a customer router connected via ISP.

and in the aws virtual interface was created using the router peer ip and aws router ip info

eg ip and details not real

vpn lan 1300

Your router peer ip 198.1.2.1

Amazon router peer ip 198.1.2.2

BGP ASN 9000

BGP authorization key hellow-world

and after my colleague created the aws virtual interface, the cisco router config was downloaded to be as such

<start>
interface GigabitEthernet0/1
! channel-group 1 mode passive (In case of a LAG connection)
no ip address

interface GigabitEthernet0/1.1300
! interface port-channel 1.1300 (In case of a LAG connection)
description "Direct Connect to your Amazon VPC or AWS Cloud"
encapsulation dot1Q 1300
ip address 198.1.2.1 255.255.255.252

router bgp 9000
address-family ipv4
neighbor 198.1.2.2 remote-as 64512
neighbor 198.1.2.2 password hellow-world
network 0.0.0.0
exit

<end>

and there are many more !commented cisco commands which i ignored

next inside my customer router there are two GigabitEthernet interfaces

GigabitEthernet0/0/1=ISP WAN IP e.g 119.1.1.1 (this is not the real ip) and GigabitEthernet0/0/0=customer internal lan int e.g. 192.168.1.1 connect to fw, & g010 int & others not in used

198.1.2.1 ISP wan IP

198.1.2.2 ISP wan IP

so my question is , do i change the exported cisco cmds from aws from GigabitEthernet0/1 to GigabitEthernet0/0/1 like the one below only and the rest remain the same and then run these below cmds inside the customer router?? Please advice is this the correct way to do it? as i cant find any of these in the aws or cisco documents

<start> below are all sample example ip only not real/actual

interface GigabitEthernet0/0/1
! channel-group 1 mode passive (In case of a LAG connection)
no ip address

interface GigabitEthernet0/0/1.1300
! interface port-channel 1.1300 (In case of a LAG connection)
description "Direct Connect to your Amazon VPC or AWS Cloud"
encapsulation dot1Q 1300
ip address 198.1.2.1 255.255.255.252

router bgp 9000
address-family ipv4
neighbor 198.1.2.2 remote-as 64512
neighbor 198.1.2.2 password hellow-world
network 0.0.0.0

<end>

Georg Pauwen · ‎01-20-2022

Hello,

that sounds correct. The configuration needs to go on the WAN interface of the router, GigabitEthernet0/0/1. When you configure that, what is the result, do you have AWS connectivity ?

WorldAquariumSingapore · ‎01-20-2022

Thanks Georg, i have not tried yet as i saw there is a no ip add below and these are from the aws exported files, so im not sure if aws wants me to remove the ISP IP first at the customer router int then do a vlan as per cmds below? i am afraid that i might break the wan connect, thats is what holding me back and thats why i posted here to verify first, any other advices will be appreciated thanks Georg and all

<start> below are all sample example ip only not real/actual

interface GigabitEthernet0/0/1
! channel-group 1 mode passive (In case of a LAG connection)
no ip address

interface GigabitEthernet0/0/1.1300
! interface port-channel 1.1300 (In case of a LAG connection)
description "Direct Connect to your Amazon VPC or AWS Cloud"
encapsulation dot1Q 1300
ip address 198.1.2.1 255.255.255.252

router bgp 9000
address-family ipv4
neighbor 198.1.2.2 remote-as 64512
neighbor 198.1.2.2 password hellow-world
network 0.0.0.0

<end>

WorldAquariumSingapore · ‎01-20-2022

and this router which i am trying to apply this cisco cmds is the on premise router at customer end

and the other end is the aws direct connect line

aws direct connect line <---> ISP <---> customer router (applying here)

and i am trying to connect the customer router to the aws direct connect (there is a virtual interface created in the AWS which is link to the VPC)

paul driver · ‎01-20-2022

Hello
I think this is the first AWS question on here I have come across tbh!
Are you troubleshooting the reason why you don’t have BGP peering?

It looks like you have the DX direct connect already established between DX<>AWS locations and given you’ve download what’s looks like the config file and its contents

Which assumes the following:
The physical connectivity is already provisioned regards the physical cross connect between your DX site router or comms port and DX-AWS rtr and physical fiber connection (SM /SFP) DXC/comms<>AWS is correct and manually hardcoded.

Are you are deploying a private/public vrf?
Can you confirm if the aws xconnect is being extended towards your on premises rtr.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

WorldAquariumSingapore · ‎01-20-2022

Hi Paul,

Yes i am trying to troubleshoot why there are no BGP peering, your understanding is correct

And i am trying to deploy a private connection

and yes i am trying to linkup or extend from AWS/VPC via the aws direct connect line <--> ISP <---> customer onpremise router

and i had downloaded the required cisco cmds from AWS and now i need to know if i should run these downloaded cisco cmds (paste below again start to end) inside the customer onpremise router using the ISP interface g001 and current g001 already has a wan ip e.g 119.1.1.1 which is used to connect to the ISP's pe , so if i run the below cmds downloaded from Aws is it alright and will it break the wan interface?

<start>

below are all sample example ip only not real/actual

interface GigabitEthernet0/0/1
! channel-group 1 mode passive (In case of a LAG connection)
no ip address

interface GigabitEthernet0/0/1.1300
! interface port-channel 1.1300 (In case of a LAG connection)
description "Direct Connect to your Amazon VPC or AWS Cloud"
encapsulation dot1Q 1300
ip address 198.1.2.1 255.255.255.252

router bgp 9000
address-family ipv4
neighbor 198.1.2.2 remote-as 64512
neighbor 198.1.2.2 password hellow-world
network 0.0.0.0

<end>

vencislav.metev · ‎01-21-2022

Hello,

I`m not sure if you have to change something at customer site.

You have ISP and BGP configuration with the ISP.

In AWS you have direct connect line which is between AWS and the ISP.

This is the most common option.

Something like that:

AWS cloud <---> AWS connection point <---> ISP connection point <----> ISP connection point at customer site <---> Customer network.

This AWS generated configuration is for your ISP. They have to configure their equipment with this config.

"AWS connection point" and "ISP connection point" are usually in the same data center (this is a third party DC from another vendor)

If you want you can install your router instead of "ISP connection point" and you can manage this router.

In that case you will install AWS generated configuration.

This may help you as well:

https://www.youtube.com/watch?v=jEcl5H8Ow_8

Regards,

Ventsi

WorldAquariumSingapore · ‎01-21-2022

Hi Ventsi,

i am referencing this aws link step5 at https://docs.aws.amazon.com/directconnect/latest/UserGuide/getting_started.html#routerconfig

vencislav.metev · ‎01-21-2022

correct.

This configuration should be applied to the device which is in the DC where AWS Direct connect location is.

Do you have an equipment there or you are using an AWS ISP partner?

Regards,

Ventsi

WorldAquariumSingapore · ‎01-21-2022

im using a local ISP partner , so this downloaded cmds should be run inside the pe or ce? thanks

WorldAquariumSingapore · ‎01-21-2022

Hi Ventsi,

in the downloaded cmd file are stated below the asn 9000 is configured as part of the customer gateway, im not sure what is the customer gateway which this is referring to?

! The local BGP Autonomous System Number (ASN) (9000) is configured as
! part of your Customer Gateway. If the ASN must be changed, the Customer Gateway
! and Direct Connect Virtual Interface will need to be recreated with AWS.

router bgp 9000
address-family ipv4
neighbor 198.1.2.2 remote-as 64512
neighbor 198.1.2.2 password hellow-world
network 0.0.0.0

WorldAquariumSingapore · ‎01-21-2022

Hi Ventsi, is it the aws direct connect location as stated in the diagram above?

vencislav.metev · ‎01-22-2022

Yes.

This part "ISP partner" is actually a DC where AWS has routers for connectivity point to AWS.

In this DC an ISP can install their equipment and connect it to AWS equipment.

This DC might not be even to the ISP partner.

For example Century link put a router there. This router is used for a lot of customers in most cases.

So when you create the configuration in AWS you have to send this config to the ISP.

Regards,

Ventsi