CloudLink

Objective

This guide provides instructions on how to create and use a CloudLink using a guided wizard in F5® Distributed Cloud Console (Console). A CloudLink allows Distributed Cloud Services to orchestrate an already provisioned direct connection, establish a multi-cloud networking fabric, and then connect, deliver, secure, and operate networks and apps across hybrid environments. CloudLink is currently available for Amazon Web Services (AWS) and Google Cloud Platform (GCP).


Prerequisites

Note: If you do not have an account, see Create an F5 Distributed Cloud Services Account.

AWS Specific Prerequisites

  • Order a connection into AWS using Equinix (or other providers) and have a Direct Connect Connection available.

GCP Specific Prerequisites

  • Use an existing GCP interconnect or order through Equinix (or other providers).

  • Use an existing VPC or create a new VPC. This VPC will be the same VPC used to provision the Site (Brownfield deployment support only).

  • Ensure that the Cloud router and the Interconnect are provisioned using the above VPC.


Configuration

Configuration Sequence

The following table presents the sequence of activities in enabling the TSA detection:

ActivityDescription
Create CloudLinkProvide cloud credentials and specify connection details
Configure Distributed Cloud Customer Edge (CE) SitesDeploy CE cloud sites, establish private connectivity, and attach workload
Apply Networking and Security ServicesSelect and configure networking and security services

Perform the following steps to create a CloudLink:

Step 1: Navigate to the CloudLink page.
  • Log into Console.

  • Click Multi-Cloud Network Connect.

Figure: Console Homepage
Figure: Console Homepage
  • Select Manage > Networking > CloudLinks.
CloudLinks
Figure: CloudLinks
Step 2: Create an AWS CloudLink.
  • Click Add CloudLink.

  • In the Name field, enter the name for the CloudLink.

  • Select Amazon Web Services(AWS) from the Type drop-down menu in the Cloud Option section.

  • Use the Account Credential drop-down menu to select your cloud credentials. Optionally you can select Add Item to create new cloud credentials.

  • Click Add item in the Bring Your Own Connections section to configure a connection.

    • Enter a name for this connection.

    • Select the region where the AWS site is located.

    • Enter the connection ID in the Direct Connect Connection Id field. Click See Suggestions in the the drop-down menu to see suggested values for Direct Connect Connection ID. Also, enter the VLAN in the Virtual Local Area Network (VLAN) field. You can get these values from your AWS console on the Direct Connect page.

      AWS Connection ID
      Figure: AWS Console

    • Enter your BGP in the BGP ASN field.

    • Click Configure to enter your BGP Authorization key.

    • Enter the router IP addresses for both the customer side and the AWS side in the Peer IP Addresses section.

    • Click Apply to save the connection.

      CloudLink Connection
      Figure: CloudLink Connection

      Note: You can add multiple Direct Connect connections to a single CloudLink by using the Add Item button. Up to 10 connections are supported per CloudLink.

  • Select Custom ASN from the Direct Connect Gateway ASN drop-down menu in the Cloud Option section.

  • Enter Direct Connect Gateway ASN in the Custom ASN field.

  • Optionally you can enable private connectivity to the regional edge by selecting Enable from the Connection to RE drop-down menu.

  • Select a network name from the CloudLink ADN Network Name drop-down menu.

    CloudLink Form
    Figure: AWS CloudLink Form
  • Click Save and Exit.

Step 3: Verify CloudLink.
  • On the CloudLinks page, verify that the State column shows Up and the Deployment Status column shows Ready.

    CloudLink Created
    Figure: AWS CloudLink Created

  • Click ... > Show Status for the CloudLink you just created. The example below shows two status objects: one that has failed and one that was successful.

    CloudLink Object Status
    Figure: GCP CloudLink Object Status

  • Click a UID link and verify that the interconnect name(s) is shown in the CloudLink Status section. The example below shows a successful CloudLink creation.

    CloudLink Success
    Figure: GCP CloudLink Status Successful
    However, in the example below, the CloudLink creation failed. Click the Conditions Type entry and/or the Connection ID entry for more details.
    CloudLink Fail
    Figure: GCP CloudLink Status Failed

  • On the AWS Console, verify that a virtual interface (VIF) has been created with the name we specified and that it's status is pending.

    AWS VIF Created
    Figure: AWS CloudLink VIF Created

At this point, a CloudLink has been created and verified. Next you will associate the CloudLink to one or more sites (up to 20 sites).

Step 4: Create a Site in Console.
  • Navigate to Manage > Site Management > AWS TGW Sites and click Add AWS TGW Site.

  • Enter a site name in the Metadata section.

  • Click Configure in the AWS Resources section to enter AWS credentials and resources.

    • Select your AWS credentials from the Credential Reference drop-down menu. Alternatively use the drop-down menu to select Add Item and create new credentials.

    • Select your site's region using the AWS Region drop-down menu in the Region & Services VPC section.

    • Select New VPC for the New/Existing Services VPC drop-down menu. Then select Autogenerate VPC Name and enter the IP in the new VPC fields.

    • Scroll down to the Site Node Parameters section and click Add Item to create an ingress/egress gateway.

      • Enter the availability zone name in the AWS AZ Name field.

      • Select New Subnet in the Workload Subnet drop-down menu and then enter the IPv4 value for the subnet.

      • Select New Subnet in the Subnet for Outside Interface drop-down menu and then enter the IPv4 value for the subnet.

      • Select Autogenerate Subnet for the Subnet for Inside Interface drop-down menu.

      • Click Apply to save the AZ parameters.

        AZ Parameters
        Figure: AWS AZ Setup
    • In the Public SSH key field, enter the key that will allow access to the nodes of the site.

    • Scroll to the bottom and click Apply to save your AWS credentials and resources.

    AWS Creds
    Figure: AWS Credentials and Resources
  • Scroll down to the Private Connectivity section, select Enable Private Connectivity from the drop-down menu, and click Configure.

    • Select the CloudLink you created previously using the Associate CloudLink drop-down menu.

    • Click Apply to save the private connection.

    Note: if you already have a site created, you can associate it with a CloudLink by editing the site and enabling private connectivity as outlined above.

  • Click Save and Exit to create the site.

Step 5: Apply the Terraform.
  • In the Multi-Cloud Network Connect service on the AWS TGW Sites page, click the Apply button associated with the site you just created. This will start the process of creating the site in AWS, which will take some time (approximately 15 to 50 minutes). Once the process is complete, the status will change to Applied.

You can monitor your AWS CloudLinks as part of monitoring your site networking. See Monitor your Site Networking for more information.

CloudLink Dashboard
Figure: CloudLink Dashboard

A GCP CLoudLink allows you to use a private connection for your site registration and communications with your regional edge (RE).

Creating a GCP CloudLink requires an existing and configured router and interconnect in the Google Cloud Platform. Distributed Cloud Console will not do any orchestration. You simply provide the interconnect attachment name, and the Console will pull all information required to create the CloudLink.

Step 1: Navigate to the CloudLink page.
  • Log into Console.

  • Click Multi-Cloud Network Connect.

Figure: Console Homepage
Figure: Console Homepage
  • Select Manage > Networking > CloudLinks.
CloudLinks
Figure: CloudLinks
Step 2: Create a GCP CloudLink.
  • Click Add CloudLink.

  • In the Name field, enter the name for the CloudLink.

  • Select Google Cloud Platform from the Type drop-down menu in the Cloud Option section.

  • Use the Account Credential drop-down menu to select your cloud credentials. Optionally you can select Add Item to create new cloud credentials.

  • Click Add item in the Bring Your Own Connections section to configure a connection.

    • Enter a name for this connection.
    • Select the region where the AWS site is located.
    • Use the Project drop-down menu to select Same as Credential (the project for the interconnect and the credential are the same) or Specified Project and enter the project for the interconnect.
      CloudLink Connection
      Figure: CloudLink Connection
    • Click Apply to save the connection.
GCP CloudLink Form
Figure: GCP CloudLink Form

Note: You can add multiple Direct Connect connections to a single CloudLink by using the Add Item button. Up to 10 connections are supported per CloudLink.

  • Click Save and Exit to create your CloudLink.
Step 3: Verify CloudLink.
  • On the CloudLinks page, verify that the State column shows Up and the Deployment Status column shows Customer Deployed.

    CloudLink Created
    Figure: GCP CloudLink Created

  • Click ... > Show Status for the CloudLink you just created.

    CloudLink Object Status
    Figure: GCP CloudLink Object Status

  • Click the UID link and verify that the interconnect name(s) is shown in the CloudLink Status section.

    CloudLink Status
    Figure: GCP CloudLink Status

  • Click on a router in the Cloud Router Name column to see the router status.

    GCP Router Status
    Figure: GCP GCP Router Status

  • The router status shown here comes from Google Cloud Platform. Scroll to the BGP Peers section at the bottom to verify that the BGP peer state is Established and the BGP status is Up.

At this point, a CloudLink has been created and verified. Next you will associate the CloudLink to one or more sites (up to 20 sites).

Step 4: Associate CloudLink with a site.
  • Navigate to Manage > Site Management > GPC VPC Sites.

  • Enter a site name in the Metadata section.

  • Click ... for your site and select Manage Configuration to open the site configuration form.

  • Click Edit Configuration in the top right corner of the form.

  • Scroll down to the Advanced Configuration section and select Enable Private Connectivity from the Private Connectivity drop-down menu. Click Configure.

    • Select the CloudLink you created previously using the Associate CloudLink drop-down menu.
    • Select Outside Network or Inside Network from the Choose Site Network drop-down menu.
      Private Connectivity
      Figure: Private Connectivity
    • Click Apply to save the private connection.
  • Click Save and Exit.


Concepts


API References