Service Activation Overview - AT&T Cloud Solutions · NetBond Service Activation Overview for SoftLayer 10 Summary Steps 1. Obtain SoftLayer service 2. Work with the AT&T account

© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo and other marks are trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies.

SoftLayer marks are the trademarks and service marks of SoftLayer, an IBM company. All other marks contained herein are the property of their respective owners. The information

contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change.

AT&T NetBond® for SoftLayer

Service Activation Overview

NetBond Service Activation Overview for SoftLayer

2

AT&T NetBond allows AT&T customers to extend their MPLS virtual private network to cloud services such as IBM SoftLayer. With NetBond enabled, the SoftLayer private network will appear as another site on the VPN. Customers can then reach their SoftLayer servers with reduced latency, improved security, and greater availability.

Using the AT&T Cloud Services Portal, the NetBond service can be quickly provisioned. The next few slides provide an overview to plan and enable the service.

Prior to enablement, the customer should have or procure service with SoftLayer, and work with the AT&T account team to sign up for NetBond cloud services. Upon contract signing, the customer will receive a welcome email for credentials to www.synaptic.att.com.

http://www.synaptic.att.com/


3

Example Scenario – Customer with existing AT&T VPN & SoftLayer Service

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter

Customer Edge RouterASN 65200


ASN 13979 10.88.118.0/24

SoftLayerBare Metal or Virtual

Servers

The next few slides will provide an overview of a typical service activation. In this example, our customer has their network configured through AT&T AVPN using BGP Autonomous Systems 65100 and 65200. They have existing service in a SoftLayer data center with hosts allocated from the 10.88.118.0/24 subnet.


4

Order Direct Link from SoftLayer

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter



SoftLayer RouterASN 13979

SoftLayerDirect Link VRF

ASN 13884 10.88.118.0/24


Servers

Prior to service activation with AT&T, our customer orders Direct Link Cloud Exchange at the appropriate location. 1 Gbps and 10 Gbps port speeds are available. Global Routing can be added to facilitate connectivity between SoftLayer data centers. It is recommended that all Direct Link connections with AT&T also use the Direct Link VRF option to minimize IP address overlap problems.


5

Ordering SoftLayer Direct Link

To start the process to order SoftLayer Direct Link, log into the customer portal at https://control.softlayer.com and navigate to the “Network” tab. Select the “Direct Link Cloud Exchange” option. After answering questions about the requested connection, your SoftLayer sales team will assist in completing the order.

https://control.softlayer.com/


6

Step 1 – Create VNC

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter



AT&T Routers SoftLayer RouterASN 13979


ASN 13884 10.88.118.0/24


Servers

Using the AT&T Cloud Services Portal, our customer creates a new virtual network connection, (VNC). At the designated region, NetBond orchestration enables our customer’s private network on the AT&T routers collocated with the SoftLayer router. In addition, our customer chooses a minimum bandwidth commitment for the virtual network connection.


7

Step 2 – Create VLAN

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter



AT&T Routers SoftLayer Router

ASN 13979


ASN 13884 10.88.118.0/24


Servers

Next, using a /29 address block from their enterprise IP space, our customer creates a VLAN within the VNC. NetBond orchestration provisions initial BGP peering on a pair of connections from AT&T routers to the SoftLayer router. The /29 address block is automatically provisioned as two /30 subnets.

Upon completion, the AT&T Cloud Services Portal provides a service key that identifies the newly provisioned VLAN. Our customer provides the service key to SoftLayer via the customer portal.

10.20.10.0/30

10.20.10.1

10.20.10.5 10.20.10.4/30

SoftLayer_VLAN_SanJose10.20.10.0/29


8

Create VLAN (cont.)

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter


172.16.1.0/24


172.16.0.0/24


ASN 13979


ASN 13884 10.88.118.0/24


Servers

Immediately after the VLAN provisioning, the two /30 subnets will appear in the customer’s network routing tables.

10.20.10.1

10.20.10.5

Route ASPath10.20.10.0/30 13979 I10.20.10.4/30 13979 I172.16.0.0/24 I172.16.1.0/24 13979 65200 I

Route ASPath10.20.10.0/30 13979 I10.20.10.4/30 13979 I172.16.0.0/24 13979 65100 I172.16.1.0/24 I

10.20.10.0/30

10.20.10.4/30



9

Create VLAN (cont.)

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter


172.16.1.0/24


172.16.0.0/24


ASN 13979


ASN 13884 10.88.118.0/24


Servers

Upon receiving the service key generated on the AT&T Cloud Services Portal, SoftLayer will finish provisioning the Direct Link VRF environment. Typical turn-around is two business days. Upon completion, routes will automatically propagate to the customer’s enterprise routing domain.

10.20.10.1

10.20.10.5

Route ASPath10.20.10.0/30 13979 I10.20.10.4/30 13979 I10.88.118.0/24 13979 13884 I172.16.0.0/24 I172.16.1.0/24 13979 65200 I

Route ASPath10.20.10.0/30 13979 I10.20.10.4/30 13979 I10.88.118.0/24 13979 13884 I172.16.0.0/24 13979 65100 I172.16.1.0/24 I

Route ASPath10.20.10.0/30 I10.20.10.4/30 I10.88.118.0/24 I172.16.0.0/24 13979 65100 I172.16.1.0/24 13979 65200 I

10.20.10.2

10.20.10.6

10.20.10.0/30

10.20.10.4/30



10

Summary Steps

1. Obtain SoftLayer service

2. Work with the AT&T account team to sign up for NetBond services. Welcome letter will provide credentials to AT&T Cloud Services Portal, (www.synaptic.att.com)

3. Order Direct Link Cloud Exchange with the VRF option from the SoftLayer portal.

4. Create NetBond Virtual Network Connection (Required: Name of AT&T VPN, region, free-form name for Virtual Network Connection, and bandwidth commitment)

5. Create NetBond VLAN (Required: /29 address space and free-form name)

6. Provide the service-key returned by the AT&T Cloud Services Portal to SoftLayer via a ticket in the SoftLayer customer portal.

Note: In the event you wish to delete a vlan, please coordinate these activities with SoftLayer.

http://www.synaptic.att.com/


Technical Considerations


12

Default Route

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter


172.16.1.0/24


172.16.0.0/24


ASN 13979


ASN 13884

10.20.10.1

10.20.10.5

10.20.10.2

10.20.10.6

By default, SoftLayer servers with a public and private interface will be configured with a default route using the hosts’ public interface and SoftLayer Internet gateway, and will ignore any default route announcement from the AT&T VPN.

SoftLayer hosts with only a private interface that wish to reach the Internet via the AT&T MPLS VPN should add a default route on the hosts’ private interface at the OS level. More sophisticated routing schemas can be achieved using a SoftLayer Network Gateway. (http://knowledgelayer.softlayer.com/topic/gateways)

Route ASPath0.0.0.0/0 I10.20.10.0/30 13979 I10.20.10.4/30 13979 I10.88.118.0/24 13979 13884 I172.16.0.0/24 I172.16.1.0/24 13979 65200 I

10.20.10.0/30

10.20.10.4/30

Route Target0.0.0.0/0 Direct Link

Route Target0.0.0.0/0 Internet Gateway

http://knowledgelayer.softlayer.com/topic/gateways


13

SoftLayer IP Overlap

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter


10.88.118.0/24


10.88.119.0/24


ASN 13979


ASN 13884SoftLayer

Bare Metal or VirtualServers

10.88.118.0/24

10.20.10.1

10.20.10.5

10.20.10.2

10.20.10.6

SoftLayer currently pre-allocates blocks of RFC 1918, private address space for the Bare Metal and Virtual Servers. With the VRF option, only the subnets assigned by SoftLayer to the customer are advertised to NetBond. However, the customer and SoftLayer must confirm the assigned blocks do not conflict with routes in the customer’s enterprise network. SoftLayer hosts also need to reach services subnets within the SoftLayer data center. These services subnets should not overlap any assigned IP addressing within the customer’s enterprise network.

AT&T does not support the Direct Link NAT option and discourages use of GRE tunnels or NSX gateways.Customers should work with SoftLayer to ensure there is no IP overlap between their own corporate enterprise network and the SoftLayer IP assignments.

SoftLayerServices Network10.88.119.0/24

10.20.10.0/30

10.20.10.4/30



14

Data Center Redundancy with Direct Link Global Routing

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter


172.16.1.0/24


172.16.0.0/24

ASN 13979


ASN 13884 10.88.118.0/24


ASN 13884 10.88.119.0/24

Global Routing Enabled

Additional SoftLayer data centers can be connected to the MPLS VPN using additional NetBond VNC’s. With Direct Link’s Global Routing feature, traffic between SoftLayer data centers will stay on the SoftLayer backbone.

Softlayer_VLAN_Dallas10.20.20.0/29



15

Data Center Redundancy without Direct Link Global Routing

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter


172.16.1.0/24


172.16.0.0/24

ASN 13979


ASN 13884 10.88.118.0/24


ASN 13884 10.88.119.0/24

Global Routing Disabled

If traffic between SoftLayer locations is small, for financial reasons, customers may wish to keep traffic between data centers on the AT&T backbone. Customers can use AT&T route management to originate a summary route to both SoftLayer locations. As a result, the SoftLayer network will learn the best path to the alternate data center via NetBond.

Route ASPath10.88.118.0/24 13979 13884 I10.88.119.0/24 13979 13884 I10.88.0.0/16 I

Route ASPath10.88.118.0/24 13979 13884 I10.88.0.0/16 I

Softlayer_VLAN_Dallas10.20.20.0/29



16

ASN Overlap

Customer Network

AT&TAVPN

Provider EdgeRouter

Provider EdgeRouter


172.16.1.0/24


172.16.0.0/24


ASN 13979


ASN 13884 10.88.118.0/24


Servers

SoftLayer uses private AS numbers behind autonomous system 13884. AT&T will strip the private AS number from the ASPath before propagating the route to customer edge routers to prevent BGP loop avoidance problems. However, if customers are using BGP ASN’s at a premise that overlap with SoftLayer, they must request SoftLayer to configure as-override. Possible ASNs used by SoftLayer are 65404, 65200, 65202, 65207, and 65204, and are subject to change Alternatively, using NetBond route management, our customers may chose to announce a summary route to SoftLayer. The summary route will use the AT&T AS number and propagate throughout the SoftLayer private BGP autonomous systems.

10.20.10.1

10.20.10.5

Route ASPath10.20.10.0/30 13979 I10.20.10.4/30 13979 I10.88.118.0/24 13979 13884 I172.16.0.0/24 I172.16.1.0/24 13979 65200 I

Route ASPath10.20.10.0/30 I10.20.10.4/30 I10.88.118.0/24 65404 65200 65207 I172.16.0.0/24 13979 65404 I172.16.1.0/24 13979 65200 I

10.20.10.2

10.20.10.6

10.20.10.0/30

10.20.10.4/30



Documents

Service Activation Overview - AT&T Cloud Solutions · NetBond Service Activation Overview for SoftLayer 10 Summary Steps 1. Obtain SoftLayer service 2. Work with the AT&T account