CloudLink

Objective

This guide provides instructions on how to create and use a CloudLink using a guided wizard in F5® Distributed Cloud Console (Console). A CloudLink allows Distributed Cloud Services to orchestrate an already provisioned direct connection, establish a multi-cloud networking fabric, and then connect, deliver, secure, and operate networks and apps across hybrid environments. CloudLink is currently available for Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Prerequisites

F5 Distributed Cloud Services account

Note: If you do not have an account, see Create an F5 Distributed Cloud Services Account.

AWS Specific Prerequisites

Order a connection into AWS using Equinix (or other providers) and have a Direct Connect Connection available.

GCP Specific Prerequisites

Use an existing GCP interconnect or order through Equinix (or other providers).
Use an existing VPC or create a new VPC. This VPC will be the same VPC used to provision the Site (Brownfield deployment support only).
Ensure that the Cloud router and the Interconnect are provisioned using the above VPC.

Configuration

Configuration Sequence

The following table presents the sequence of activities in enabling the TSA detection:

Activity	Description
Create CloudLink	Provide cloud credentials and specify connection details
Configure Distributed Cloud Customer Edge (CE) Sites	Deploy CE cloud sites, establish private connectivity, and attach workload
Apply Networking and Security Services	Select and configure networking and security services

Create AWS CloudLink

Perform the following steps to create a CloudLink:

Step 1: Navigate to the CloudLink page.

Log into Console.
Click Multi-Cloud Network Connect.

Figure: Console Homepage

Select Manage > Networking > CloudLinks.

Figure: CloudLinks

Step 2: Create an AWS CloudLink.

Click Add CloudLink.
In the Name field, enter the name for the CloudLink.
Select Amazon Web Services(AWS) from the Type drop-down menu in the Cloud Option section.
Use the Account Credential drop-down menu to select your cloud credentials. Optionally you can select Add Item to create new cloud credentials.
Click Add item in the Bring Your Own Connections section to configure a connection.
- Enter a name for this connection.
- Select the region where the AWS site is located.
- Enter the connection ID in the Direct Connect Connection Id field. Click See Suggestions in the the drop-down menu to see suggested values for Direct Connect Connection ID. Also, enter the VLAN in the Virtual Local Area Network (VLAN) field. You can get these values from your AWS console on the Direct Connect page.
  Figure: AWS Console
- Enter your BGP in the BGP ASN field.
- Click Configure to enter your BGP Authorization key.
- Enter the router IP addresses for both the customer side and the AWS side in the Peer IP Addresses section.
- Click Apply to save the connection.
  Figure: CloudLink Connection
  
  Note: You can add multiple Direct Connect connections to a single CloudLink by using the Add Item button. Up to 10 connections are supported per CloudLink.
Select Custom ASN from the Direct Connect Gateway ASN drop-down menu in the Cloud Option section.
Enter Direct Connect Gateway ASN in the Custom ASN field.
Optionally you can enable private connectivity to the regional edge by selecting Enable from the Connection to RE drop-down menu.
Select a network name from the CloudLink ADN Network Name drop-down menu.

Figure: AWS CloudLink Form
Click Save and Exit.

Step 3: Verify CloudLink.

On the CloudLinks page, verify that the State column shows Up and the Deployment Status column shows Ready.
Figure: AWS CloudLink Created
Click ... > Show Status for the CloudLink you just created. The example below shows two status objects: one that has failed and one that was successful.
Figure: GCP CloudLink Object Status
Click a UID link and verify that the interconnect name(s) is shown in the CloudLink Status section. The example below shows a successful CloudLink creation.
Figure: GCP CloudLink Status Successful
However, in the example below, the CloudLink creation failed. Click the Conditions Type entry and/or the Connection ID entry for more details.
Figure: GCP CloudLink Status Failed
On the AWS Console, verify that a virtual interface (VIF) has been created with the name we specified and that it's status is pending.
Figure: AWS CloudLink VIF Created

At this point, a CloudLink has been created and verified. Next you will associate the CloudLink to one or more sites (up to 20 sites).

Step 4: Create a Site in Console.

Navigate to Manage > Site Management > AWS TGW Sites and click Add AWS TGW Site.
Enter a site name in the Metadata section.
Click Configure in the AWS Resources section to enter AWS credentials and resources.
- Select your AWS credentials from the Credential Reference drop-down menu. Alternatively use the drop-down menu to select Add Item and create new credentials.
- Select your site's region using the AWS Region drop-down menu in the Region & Services VPC section.
- Select New VPC for the New/Existing Services VPC drop-down menu. Then select Autogenerate VPC Name and enter the IP in the new VPC fields.
- Scroll down to the Site Node Parameters section and click Add Item to create an ingress/egress gateway.
  - Enter the availability zone name in the AWS AZ Name field.
  - Select New Subnet in the Workload Subnet drop-down menu and then enter the IPv4 value for the subnet.
  - Select New Subnet in the Subnet for Outside Interface drop-down menu and then enter the IPv4 value for the subnet.
  - Select Autogenerate Subnet for the Subnet for Inside Interface drop-down menu.
  - Click Apply to save the AZ parameters.
    
    Figure: AWS AZ Setup
- In the Public SSH key field, enter the key that will allow access to the nodes of the site.
- Scroll to the bottom and click Apply to save your AWS credentials and resources.
Figure: AWS Credentials and Resources
Scroll down to the Private Connectivity section, select Enable Private Connectivity from the drop-down menu, and click Configure.
- Select the CloudLink you created previously using the Associate CloudLink drop-down menu.
- Click Apply to save the private connection.
Note: if you already have a site created, you can associate it with a CloudLink by editing the site and enabling private connectivity as outlined above.
Click Save and Exit to create the site.

Step 5: Apply the Terraform.

In the Multi-Cloud Network Connect service on the AWS TGW Sites page, click the Apply button associated with the site you just created. This will start the process of creating the site in AWS, which will take some time (approximately 15 to 50 minutes). Once the process is complete, the status will change to Applied.

Create GCP CloudLink

A GCP CLoudLink allows you to use a private connection for your site registration and communications with your regional edge (RE).

Creating a GCP CloudLink requires an existing and configured router and interconnect in the Google Cloud Platform. Distributed Cloud Console will not do any orchestration. You simply provide the interconnect attachment name, and the Console will pull all information required to create the CloudLink.

Step 1: Navigate to the CloudLink page.

Log into Console.
Click Multi-Cloud Network Connect.

Figure: Console Homepage

Select Manage > Networking > CloudLinks.

Figure: CloudLinks

Step 2: Create a GCP CloudLink.

Click Add CloudLink.
In the Name field, enter the name for the CloudLink.
Select Google Cloud Platform from the Type drop-down menu in the Cloud Option section.
Use the Account Credential drop-down menu to select your cloud credentials. Optionally you can select Add Item to create new cloud credentials.
Click Add item in the Bring Your Own Connections section to configure a connection.
- Enter a name for this connection.
- Select the region where the GCP site is located.
- Use the Project drop-down menu to select Same as Credential (the project for the interconnect and the credential are the same) or Specified Project and enter the project for the interconnect.
  Figure: CloudLink Connection
- Click Apply to save the connection.

Figure: GCP CloudLink Form

Note: You can add multiple Direct Connect connections to a single CloudLink by using the Add Item button. Up to 10 connections are supported per CloudLink.

Click Save and Exit to create your CloudLink.

Step 3: Verify CloudLink.

On the CloudLinks page, verify that the State column shows Up and the Deployment Status column shows Customer Deployed.
Figure: GCP CloudLink Created
Click ... > Show Status for the CloudLink you just created.
Figure: GCP CloudLink Object Status
Click the UID link and verify that the interconnect name(s) is shown in the CloudLink Status section.
Figure: GCP CloudLink Status
Click on a router in the Cloud Router Name column to see the router status.
Figure: GCP GCP Router Status
The router status shown here comes from Google Cloud Platform. Scroll to the BGP Peers section at the bottom to verify that the BGP peer state is Established and the BGP status is Up.

At this point, a CloudLink has been created and verified. Next you will associate the CloudLink to one or more sites (up to 20 sites).

Step 4: Associate CloudLink with a site.

Navigate to Manage > Site Management > GPC VPC Sites.
Enter a site name in the Metadata section.
Click ... for your site and select Manage Configuration to open the site configuration form.
Click Edit Configuration in the top right corner of the form.
Scroll down to the Advanced Configuration section and select Enable Private Connectivity from the Private Connectivity drop-down menu. Click Configure.
- Select the CloudLink you created previously using the Associate CloudLink drop-down menu.
- Select Outside Network or Inside Network from the Choose Site Network drop-down menu.
  Figure: Private Connectivity
- Click Apply to save the private connection.
Click Save and Exit.

CloudLink Monitoring

You can monitor your CloudLinks as part of monitoring your site networking. See Monitor your Site Networking for more information.

Figure: CloudLink Dashboard