Updated: Jul 6, 2019
The cloud presents new challenges when combining traditional connectivity technologies with the latest cloud based technologies. This is often termed "Hybrid Networking". Combining these technologies can be challenging from a cost, complexity and also management perspective. The following solution provides an example of a hybrid network solution.
Your organisation is moving to cloud service provider platforms and you require secure connectivity between your WAN, co-location data centre, Internet and the cloud platforms. Your organisation has a global presence and scalability is a factor of the solution.
You have a WAN provided by your MPLS provider connecting your offices and co-location data centre facilities. Control between cloud platforms, WAN and Internet requires security controls and segmentation. The solution requires the ability to scale and flexibility to integrate with potential future implementation of additional global co-location facilities.
Cloud platforms AWS, Azure and Google
Direct Cloud Gateway
Azure Express Route
Megaport virtual cross connects (VXC)
Megaport cloud router (MCR)
AT&T TAO Platform
AT&T NFV firewall
AT&T NFV vRouter
End to end dynamic routing for route propagation and fail over
Your co-location equipment already has a physical connection to Megaport.
Using Megaport provides a flexible and agile approach to connecting to cloud service providers such as AWS, Azure and Google. However, when you require physical connectivity from a WAN and Internet service provider there is a need to provide a "secure cloud hub" to connect and integrate these services.
AT&T provide an award winning integrated cloud platform that allows connectivity from 3rd party providers and network function virtualisation (NFV) components that can be dynamically launched to meet connectivity requirements. These services are provided from co-location facilities such as Equinix and provide a platform of integration without the need for your organisation to obtain and self manage co-location racks, cross connects and appliances such as firewall and routers. The AT&T platform is named TAO and the solution integrates your WAN provider and Internet provider with cloud providers. The TAO platform can connect directly to cloud service provider platforms but for greater flexibility my preference is to utilse Megaport Cloud Routers (MCR). The MCR allows for scaling connectivity from each cloud provider where intra provider security controls are not required but also Megaport handle a lot of the heavy lifting when connecting to cloud platforms. Megaport provides more control in the hands of the customer and allows for a co-managed type solution with Megaport providing the support of routing and connectivity platforms but allow the user to control the configurations of the components.
As an example cloud provider connectivity, AWS direct connect gateway provides a mechanism to integrate a number of AWS VPC and routing between VPC can be implemented via a MCR. Any AWS VPC that require segmentation can be connected to a separate Direct Connect Gateway or VGW and routed via the firewall NFV provided as part of the TAO platform. The same is true for each of the other cloud platforms. eBGP is used as the end to end dynamic routing for redundancy and failover.
Interfacing the co-locations data centres to the cloud platforms via the TAO platform is implemented by Megaport MCR. This could be achieve with a direct connection from a Private VXC, however, to future proof and provide connectivity from other locations and data centres my prefernece is to use the Megaport MCR. This allows routing from the MCR rather than routing via the co-location data centre. Firewall control can be implemented as active/active and active/passive control. Active/Active requires controlling BGP metrics to ensure that asymmetry does not impact the state of communications.
The TAO approach provides opportunities to integrate other technologies such as SD-WAN and this will be discussed in a future article.