NetBond for Service Activation Overview 2016 Intellectual Property. All rights reserved., Globe logo and other marks are trademarks and service marks of Intellectual Property and/or affiliated companies. marks are the trademarks and service marks of, an IBM company. All other marks contained herein are the property of their respective owners. The information contained herein is not an offer, commitment, representation or warranty by and is subject to change.
NetBond Service Activation Overview for NetBond allows customers to extend their MPLS virtual private network to cloud services such as IBM. With NetBond enabled, the private network will appear as another site on the VPN. s can then reach their servers with reduced latency, improved security, and greater availability. Using the Cloud Services Portal, the NetBond service can be quickly provisioned. The next few slides provide an overview to plan and enable the service. Prior to enablement, the customer should have or procure service with, and work with the account team to sign up for NetBond cloud services. Upon contract signing, the customer will receive a welcome email for credentials to www.synaptic.att.com. 2
NetBond Service Activation Overview for Example Scenario with existing VPN & Service Edge Bare Metal or Virtual Servers Edge The next few slides will provide an overview of a typical service activation. In this example, our customer has their network configured through using BGP Autonomous Systems 65100 and 65200. They have existing service in a data center with hosts allocated from the subnet. 3
NetBond Service Activation Overview for Order Direct Link from Edge Bare Metal or Virtual Servers Edge Prior to service activation with, our customer orders Direct Link Cloud Exchange at the appropriate location. 1 Gbps and 10 Gbps port speeds are available. Global Routing can be added to facilitate connectivity between data centers. It is recommended that all Direct Link connections with also use the option to minimize IP address overlap problems. 4
NetBond Service Activation Overview for Ordering Direct Link To start the process to order Direct Link, log into the customer portal at https://control.softlayer.com and navigate to the tab. Select the Direct Link Cloud Exchange option. After answering questions about the requested connection, your sales team will assist in completing the order. 5
NetBond Service Activation Overview for Step 1 Create VNC Edge Bare Metal or Virtual Servers s Edge Using the Cloud Services Portal, our customer creates a new virtual network connection, (VNC). At the designated region, NetBond orchestration enables our customer s private network on the routers collocated with the router. In addition, our customer chooses a minimum bandwidth commitment for the virtual network connection. 6
NetBond Service Activation Overview for Step 2 Create VLAN Edge 10.20.10.1 _VLAN_SanJose 10.20.10.0/29 10.20.10.0/30 Bare Metal or Virtual Servers 10.20.10.5 10.20.10.4/30 s Edge Next, using a /29 address block from their enterprise IP space, our customer creates a VLAN within the VNC. NetBond orchestration provisions initial BGP peering on a pair of connections from routers to the router. The /29 address block is automatically provisioned as two /30 subnets. Upon completion, the Cloud Services Portal provides a service key that identifies the newly provisioned VLAN. Our customer provides the service key to via the customer portal. 7
NetBond Service Activation Overview for Create VLAN (cont.) Edge 172.16.0.0/24 10.20.10.0/30 13979 I 10.20.10.4/30 13979 I 172.16.0.0/24 I 172.16.1.0/24 13979 65200 I 10.20.10.1 _VLAN_SanJose 10.20.10.0/29 10.20.10.0/30 Bare Metal or Virtual Servers 10.20.10.5 s 10.20.10.4/30 Edge 172.16.1.0/24 10.20.10.0/30 13979 I 10.20.10.4/30 13979 I 172.16.0.0/24 13979 65100 I 172.16.1.0/24 I Immediately after the VLAN provisioning, the two /30 subnets will appear in the customer s network routing tables. 8
NetBond Service Activation Overview for Create VLAN (cont.) Edge 172.16.0.0/24 10.20.10.0/30 13979 I 10.20.10.4/30 13979 I 13979 13884 I 172.16.0.0/24 I 172.16.1.0/24 13979 65200 I 10.20.10.0/30 I 10.20.10.4/30 I I 172.16.0.0/24 13979 65100 I 172.16.1.0/24 13979 65200 I 10.20.10.1 _VLAN_SanJose 10.20.10.0/29 10.20.10.0/30 10.20.10.2 10.20.10.6 Bare Metal or Virtual Servers 10.20.10.5 s 10.20.10.4/30 Edge 172.16.1.0/24 10.20.10.0/30 13979 I 10.20.10.4/30 13979 I 13979 13884 I 172.16.0.0/24 13979 65100 I 172.16.1.0/24 I Upon receiving the service key generated on the Cloud Services Portal, will finish provisioning the environment. Typical turnaround is two business days. Upon completion, routes will automatically propagate to the customer s enterprise routing domain. 9
NetBond Service Activation Overview for Summary Steps 1. Obtain service 2. Work with the account team to sign up for NetBond services. Welcome letter will provide credentials to Cloud Services Portal, (www.synaptic.att.com) 3. Order Direct Link Cloud Exchange with the VRF option from the portal. 4. Create NetBond Virtual Connection (Required: Name of VPN, region, free-form name for Virtual Connection, and bandwidth commitment) 5. Create NetBond VLAN (Required: /29 address space and free-form name) 6. Provide the service-key returned by the Cloud Services Portal to via a ticket in the customer portal. Note: In the event you wish to delete a vlan, please coordinate these activities with. 10
NetBond Service Activation Overview for Technical Considerations
NetBond Service Activation Overview for Default Edge 172.16.0.0/24 0.0.0.0/0 I 10.20.10.0/30 13979 I 10.20.10.4/30 13979 I 13979 13884 I 172.16.0.0/24 I 172.16.1.0/24 13979 65200 I Target 0.0.0.0/0 Internet Gateway Target 0.0.0.0/0 Direct Link 10.20.10.1 10.20.10.0/30 10.20.10.2 10.20.10.6 10.20.10.5 s 10.20.10.4/30 Edge 172.16.1.0/24 By default, servers with a public and private interface will be configured with a default route using the hosts public interface and Internet gateway, and will ignore any default route announcement from the VPN. hosts with only a private interface that wish to reach the Internet via the MPLS VPN should add a default route on the hosts private interface at the OS level. More sophisticated routing schemas can be achieved using a Gateway. (http://knowledgelayer.softlayer.com/topic/gateways) 12
NetBond Service Activation Overview for IP Overlap Edge 10.88.119.0/24 Services 10.88.119.0/24 10.20.10.1 _VLAN_SanJose 10.20.10.0/29 10.20.10.0/30 10.20.10.2 10.20.10.6 10.20.10.5 s 10.20.10.4/30 Bare Metal or Virtual Servers Edge currently pre-allocates blocks of RFC 1918, private address space for the Bare Metal and Virtual Servers. With the VRF option, only the subnets assigned by to the customer are advertised to NetBond. However, the customer and must confirm the assigned blocks do not conflict with routes in the customer s enterprise network. hosts also need to reach services subnets within the data center. These services subnets should not overlap any assigned IP addressing within the customer s enterprise network. 13 does not support the Direct Link NAT option and discourages use of GRE tunnels or NSX gateways. s should work with to ensure there is no IP overlap between their own corporate enterprise network and the IP assignments.
NetBond Service Activation Overview for Data Center Redundancy with Direct Link Global Routing Edge 172.16.0.0/24 _VLAN_SanJose 10.20.10.0/29 Global Routing Enabled Softlayer_VLAN_Dallas 10.20.20.0/29 Edge 172.16.1.0/24 Additional data centers can be connected to the MPLS VPN using additional NetBond VNC s. With Direct Link s Global Routing feature, traffic between data centers will stay on the backbone. 10.88.119.0/24 14
NetBond Service Activation Overview for Data Center Redundancy without Direct Link Global Routing Edge 172.16.0.0/24 13979 13884 I 10.88.119.0/24 13979 13884 I 10.88.0.0/16 I 13979 13884 I 10.88.0.0/16 I _VLAN_SanJose 10.20.10.0/29 Global Routing Disabled Softlayer_VLAN_Dallas 10.20.20.0/29 Edge 172.16.1.0/24 If traffic between locations is small, for financial reasons, customers may wish to keep traffic between data centers on the backbone. s can use route management to originate a summary route to both locations. As a result, the network will learn the best path to the alternate data center via NetBond. 10.88.119.0/24 15
NetBond Service Activation Overview for ASN Overlap Edge ASN 65404 172.16.0.0/24 10.20.10.0/30 13979 I 10.20.10.4/30 13979 I 13979 13884 I 172.16.0.0/24 I 172.16.1.0/24 13979 65200 I 10.20.10.0/30 I 10.20.10.4/30 I 65404 65200 65207 I 172.16.0.0/24 13979 65404 I 172.16.1.0/24 13979 65200 I 10.20.10.1 _VLAN_SanJose 10.20.10.0/29 10.20.10.0/30 10.20.10.2 10.20.10.6 Bare Metal or Virtual Servers 10.20.10.5 s 10.20.10.4/30 Edge 172.16.1.0/24 uses private AS numbers behind autonomous system 13884. will strip the private AS number from the before propagating the route to customer edge routers to prevent BGP loop avoidance problems. However, if customers are using BGP ASN s at a premise that overlap with, they must request to configure asoverride. Possible ASNs used by are 65404, 65200, 65202, 65207, and 65204, and are subject to change Alternatively, using NetBond route management, our customers may chose to announce a summary route to. The summary route will use the AS number and propagate throughout the private BGP autonomous systems. 16
NetBond Service Activation Overview for