Using an advanced router

Advanced routers can connect your local network with VK Cloud virtual networks without using a dedicated virtual machine as a router. This simplifies data transfer by using dynamic routing capabilities over the BGP protocol.

To show the configuration of an advanced router, two independent networks will be connected using the BGP protocol:

• Client network — the customer’s internal network, which may not have access to the Internet.
• Virtual network — located in VK Cloud and connected to the platform router.

1. Make sure the OpenStack client is installed and authenticate in the project.

2. Select a client network in your local infrastructure:

   • The network must be connected to a router that:
     • supports connection via the BGP protocol;
     • (optional) can support the BFD protocol: this will reduce the convergence time of routing protocols;
     • can be a device or virtual machine on the client network.
   • The network may not have access to the Internet.

   If there is no appropriate network, create one.

   Note the following:

   • the name and the IP address of the subnet;
   • the name of the network in which the subnet is located;
   • the IP address of the machine in the subnet that will be used to test connection between networks;
   • the name of the BGP router.

3. Select or create a virtual network with Internet access in VK Cloud. Use an existing router with an external network connection or create a new one.

   Note the following:

   • the name and the IP address of the subnet;
   • the name of the network in which the subnet is located;
   • the router name.

4. Create a virtual machine on the vkcloud-net network. Add SSH access and disable backup.

   Note the VM's IP address.

5. Contact the technical support to add a network to your VK Cloud project to organize a direct connection.

   When the network is provided, note its name, subnet name, and IP address.

6. Make sure you have collected all the data you need.

In this case the following data is used:

The scheme for preparation of networks looks like this:

1. In your personal account, go to Virtual networks → Routers.
2. Click Add router.
3. Select the Advanced router type. If there is no advanced type in your project, contact the technical support.
4. Enter the name. In this case — advanced-router.
5. Click Add.

To organize data transfer between independent networks, you need to add interfaces to the advanced router:

• To the vkcloud-net network where the router is located. These interfaces are used to connect to VMs within the network. The number of such interfaces depends on the network structure.
• To the direct connection network x-net. This interface will help to organize connection between VK Cloud and the local network.

To add the interfaces:

1. Go to the router's Interfaces tab.
2. Add an interface directed to the virtual network:

   1. Click Add interface.

   2. Configure parameters:

      • Name: vkcloud-net-iface;
      • Subnet: vkcloud-subnet;
      • Interface IP address: 172.17.0.100.

   3. Click Create.

3. Add an interface directed to the direct connection network:

   1. Click Add interface.

   2. Configure parameters:

      • Name: x-net-iface;
      • Subnet: x-subnet;
      • Interface IP address: 172.20.2.215.

   3. Click Create.

1. Add network interfaces directed to:

   • To the direct connection network x-net. This interface will help to organize connection between VK Cloud and the local network.
   • To the customer-net network where the BGP router is located. These interfaces are used to connect to machines within the network. The number of such interfaces depends on the network structure.

2. Configure interfaces using DHCP.

3. Configure system ID.

4. Add networks for BGP announcement.

5. (Optional) If the router supports BFD, configure the BFD protocol.

To configure the connection using the BGP protocol, you need to add dynamic routes and specify BGP neighbors. Dynamic routing requires Autonomous System Numbers (ASNs). If your network is assigned an ASN, use it. If no ASN is assigned, use a number from the range 64512–65534 — these numbers can be assigned for private autonomous networks. In the case the following numbers will be used:

• 65512 for customer-net;
• 64512 for vkcloud-net.

To configure dynamic routes for advanced-router:

1. In your personal account, go to Virtual networks → Routers.

2. Click the added advanced router and go to the Dynamic routing tab.

3. Click Create a BGP router.

4. Fill in parameters:

   • Name: to-MikroTik;
   • Router ID: 172.20.2.215;
   • ASN: 64512.

5. Click Create.

6. Click the added BGP router and go to the BGP neighbors tab.

7. Add a BGP neighbor. Fill in parameters:

   • Name: MikroTik;
   • Remote neighbor: 172.20.2.204;
   • Remote ASN: 65512.

8. Click Create.

Make sure the router has established a connection with its neighbor: the marker next to the name is green and BFD is enabled.

The advanced router will start broadcasting BGP announcements to its neighbor. Go to the BGP Announcements tab and make sure that the router broadcasts announcements for all networks to which its interfaces are directed:

• 172.17.0.0/24;
• 172.20.2.0/24.

Both announcements must have green markers.

1. Connect to a router on your local network.

2. Specify parameters for connecting via the BGP protocol:

   • The client network ASN: 65512;
   • Router ID: 172.20.2.204;
   • The virtual network ASN: 64512;
   • BGP router ID: 172.20.2.215;
   • Use BFD.

3. (Optional) Check that BFD connection is established.

4. Check that a connection with the BGP neighbor is established. If the BGP connection is established, the response must have keepalive-time and uptime values more than zero.

5. View all available BGP routes. The list of routes should include the networks 172.17.0.0/24 and 172.20.2.0/24.

1. Configure a static route from the virtual network vkcloud-net to the client network customer-net via an advanced router:

   1. In your personal account, go to Virtual networks → Networks..
   2. Select the vkcloud-net network and open its subnets's settings.
   3. Select Show static route field.
   4. Enter the route: 10.0.0.0/24 - 172.17.0.100.
   5. Click Save.

2. Configure a static route from the client network customer-net to the virtual network vkcloud-net via the BGP router of the client network. The route must be to 172.17.0.0/24 via 10.0.0.15.

3. Reboot the 172.17.0.8 and 10.0.0.5 machines so that the routes are included in their route network.

4. Check that static routes are registered on the VM 172.17.0.8, which is located in the virtual network vkcloud-net. Connect to the vkcloud-vm VM via SSH and run the command:

   Copy
   ip route

   The list of routes should include the networks 10.0.0.0/24 and 172.20.2.0/24.

5. Check the list of routes for machine 10.0.0.5, which is located on the client network customer-net. The list of routes should include the networks 172.17.0.0/24 and 172.20.2.0/24.

Ping or traceout a machine on the opposite network. If a response comes from another network, then the network connection has been configured correctly.

For instance, ping the 10.0.0.5 machine on the client network from the 172.17.0.8 machine on the virtual network:

1. Connect to the vkcloud-vm VM via SSH.

2. Ping the internal IP address of a machine on the client network:

   Copy
   ping 10.0.0.5

The IP address must respond to ping.

The structured interaction between the networks and the VMs within networks looks like this:

If you no longer need the created resources, delete them:

1. Delete the virtual machine.
2. Delete routers.
3. Delete the subnet and the network.