AWS connection options

[更新: 2019年7月3日]

Information about the [Bridge Connection] service

1. Overview

Via a closed network isolated from the Internet, this service enables mutual connection between the VPC created by the customer in the Amazon Web Services environment (hereinafter, “AWS”) and the Local router connected inside our services of SAKURA Cloud, SAKURA VPS and SAKURA dedicated server.

The closed network that connects SAKURA Cloud and AWS is connected to the Equinix TY2 Direct Connect location. Connection to a single VPC in the Asia Pacific (Tokyo) region (region code: ap-northeast-1) is possible by creating a Virtual Gateway.

In regions other than Asia Pacific (Tokyo), or when connecting to two or more VPCs in the Asia Pacific (Tokyo) region, it is possible to connect with VPCs in each region by creating Direct Connect Gateway in the customer AWS account.

Compared to connection using VPN via the Internet, using [AWS Connection] enables safer and more stable quality for private connection between mutual environments. This is optimal for cases such as when there is a need for high-speed and high-capacity communication between servers installed in environments in which connection with the external Internet is undesirable; for example, database servers that are installed at the back end of each cloud service.

Specifications

The service specifications for each connection base is as follows:

Item Specifications
Sevices supported by SAKURA internet `SAKURA Cloud <https://cloud.sakura.ad.jp/>`_
`SAKURA VPS <https://vps.sakura.ad.jp/>`_
`SAKURA dedicated server <https://server.sakura.ad.jp/>`_
AWS connection destination Asia Pacific (Tokyo) region: Virtual Gateway
Regions other than Asia Pacific (Tokyo): Direct Connect Gateway
AWS virtual interface connection method Private method only
*When connecting to S3, Glacier, and other services which require connection via a public method, please create an appropriate VPC endpoint.
AWS endpoint connection bandwidth 10Gbps (帯域は利用ユーザで共用)
障害対策 弊社内物理システム、閉域網回線の2重化
Number of days from application until connection Minimum of about 5 business days
*This is a service usage request method from the control panel. Immediate connection is not supported.
*There are processes in which it is necessary for customers to perform work procedures and for customers to contact our company.
Fees Usage-based fee via basic fees + transfer volume
*Usage-based fee is incurred mutually for SAKURA Cloud and AWS in both the inflow and outflow directions.

Fees

The fee structure is listed below. In addition to the basic fees charged when AWS connection is enabled, pay-per-use fees are incurred in the direction of traffic for SAKURA internet and AWS.

Basic fees Monthly fees JPY 32,400 (tax included)
*There are no daily fees or hourly rates.
SAKURA internet → AWS
Traffic fees
JPY 5 (tax included)/GB
AWS → SAKURA internet
Traffic fees
Data transfer fees to Equinix TY2 Direct Connection location
*This is billing and payment for AWS.
*The fee format differs when using Direct Connect Gateway to connect to regions other than Asia Pacific (Tokyo).
*Customers are not billed for AWS Direct Connect port fees.

2. Usage procedures

The following is the flow from application for use until specifying settings.

Preliminary checks

Check that the following conditions are satisfied before applying for this service. If the conditions are not fulfilled, the service may not function correctly.

  • Check that the connection target at AWS supports connection using the specifications listed above.
  • Check that the local router and local switch have been installed in the service targeted for connection in SAKURA internet.
  • An AWS account must exist. The user must have authority to approve creation of a virtual private gateway, attachment to the target VPC, and connection requests for the virtual interface.
  • In order to enable mutual communication between SAKURA internet and AWS, it must be possible to specify routing settings for the hosts in each network.

Flow from application to the start of provision

This service requires a link with another vendor (AWS). Therefore, fast on-demand service similar to other functions is not available. The following diagram lists the time required for each step and the timing for the start of billing.

The following is an explanation for the flow until opening of communication, with a focus on the flow for customer application.

1. Application

When selecting [AWS Connection] from the menu on the left of the SAKURA Cloud control panel, the currently contracted [AWS Connection Option] is displayed. When adding a new connection, click the [Add] button at the top right of the screen.

Enter the following items on the entry form.

AWS account ID (*required item) Input the AWS account ID with a connection destination VPC.
Name, explanation, tag, icon You can assign information such as easy-to-understanding names, explanations, etc. for each connection

*You can confirm the AWS account ID at the screen displayed after selecting [Account] from the list for the account name of the AWS management console.

After entering the information, finish the opening work request by clicking the [Create] button.

The enabled status immediately after creation is [Preparing to Open Communication].

When application has been finished, our company starts the first part of procedures for opening connection. After the procedures are complete, we will contact the customer via e-mail (this will take a maximum of three business days).

2. Peer setting

After creating a new AWS connection, our company starts the first part of procedures for opening connection. Also, it is now possible for the customer to specify peer configuration for the created AWS connection and the local router installed in each service of our company. At the list screen, double-click the connection created at the time of application and then click the [Peer Configuration] tab at the top.

Since the AWS connection behaves similar to the local routers of each service, the peer configuration procedures are similar to other local routers. For details, please refer to the peer configuration procedures on the Local router page.

*You can specify and make changes to peer configuration any time after creating an AWS connection. (The first part of procedures by our company for opening connection starts after AWS connection resources have been created; the timing is not related to peer configuration specified by the customer.

3. Creation of the VPC virtual gateway at the AWS side and approval of virtual interface connection

Once our company has finished preparation for connection, the customer is notified via e-mail. The AWS account specified at the time of creating the AWS connection is now awaiting connection approval. Use the following procedures to log in to the AWS console and perform approval work.

*This assumes that a VPC has already been created in the AWS environment, that a subnet has already been created, and that a host has already been created in the VPC. For details, please refer to the AWS document.

Creation of Direct Connect Gateway

It is necessary to create a Direct Connect Gateway when a region other than Asia Pacific (Tokyo) is included in the connection destination region for AWS. (When the only connection destination is Asia Pacific (Tokyo) and connecting directly to the virtual private gateway, it is not necessary to create a Direct Connect Gateway. In that case, the procedures in this step can be omitted.

*When adding another connection destination region to the Asia Pacific (Tokyo) region already connected to the virtual private gateway, it is necessary to change connection for the Asia Pacific (Tokyo) region to Direct Connect Gateway or to add [AWS Connection Option] for Direct Connect Gateway connection.

From the AWS management console, display the mangement window for Direct Connect. Since Direct Connect Gateway is a facility that does not depend on the region, the selected region can be in any location.

When [Direct Connect Gateway] is selected from the menu on the left, Direct Connect Gateways which have already been created are displayed. In this case, it is necessary to create a new Direct Connect Gateway for the [AWS Connection] service of SAKURA Cloud. Click the [Create Direct Connect Gateway] button at the top of the screen.

The screen for creating a Direct Connect Gateway is displayed.

Enter information in the entry form as shown below.

  • Name: Enter an easy-to-understand name.
  • Amazon ASN: Assign a private AS number (only 2-byte AS due to our company specifications; range from 64,512 to 65,534) which is not redundant with other Direct Connect Gateways.

Click the [Create] button to display a screen listing Direct Connect Gateways that have been created.

Create a virtual private gateway and attach to the VPC

Display the VPC management window from the AWS management console. From the menu for selecting a region at the top right of the screen, check a region has been selected as the connection destination ([Tokyo] is displayed for the Asia Pacific (Tokyo)).

From the menu on the left of the VPC management window, select [Virtual Private Gateway].

Click the [Create Virtual Private Gateway] button in order to create a gateway for the AWS connection created here.

At the screen for creating the gateway, enter an easy-to-understand name in the [Name Tag] and click the [Create Virtual Private Gateway] button. (At the radio button for selecting an ASN, check that the default [Amazon default ASN] has been selected.)

Once a virtual private gateway has been created, the new virtual private gateway is displayed on the list screen.

Select the new private gateway and then select [Attach to VPC] from the [Action] menu.

A screen is displayed for selecting the VPC to be attached to. Select the VPC that you want to use for the AWS connection for which you applied. Click the [OK to Attach] button.

Upon returning to the screen listing virtual private gateways, the virtual private gateway which you created now has an “attaching” status (it takes several minutes for the gateway to change to “attached” status).

Enable route transmission

Enable route transmission so that the packet sent via AWS connection reaches the target VPC appropriately. Click the link, etc., to the attachment destination VPC at the screen listing the virtual private gateways. Then, select the target VPC from the screen listing VPC. At the overview screen displayed at the bottom of the list, click the [Route Table] link.

Select the applicable link table from the list and then select the [Route Transmission] tab from the screen displayed at the bottom. The route transmission setting status of the virtual private gateway is displayed. However, since the default for VPC route transmission is [No], you must click the [Edit] button in order to make a change.

Insert a check into the checkbox of the VPC you want to delete and click [Details].

../_images/aws-directconnect-18.png

Accept the connection request

Through the first part of procedures performed by our company, a Direct Connect connection request is issued to the customer’s AWS account. In order to accept this request, open the management window for Direct Connect.

Select [Virtual Interface] from the menu on the left to display the virtual interface that is awaiting acceptance (the status is “pending acceptance”). Two names are displayed. The names consist of the resource ID for the AWS connection which was created at SAKURA Cloud. “-1” and “-2” are added to the end of the names in order to secure redundancy.

Select an unaccepted interface to display an [Accept Virtual Interface] button under the interface. Click the button. (At the time of acceptance, it is necessary to insert a check into the checkbox that is listed above the button for agreeing to transfer fee conditions.)

After clicking the button, a dialog box is displayed. Use the radio buttons for connection destination to select either [Virtual Private Gateway] (when the connection destination is the Asia Pacific (Tokyo) region) or [Direct Connect Gateway] (when a region other than Asia Pacific (Tokyo) or other AWS connection option is connected to Direct Connect Gateway) and then click the [Accept] button.

When acceptance procedures have been finished, the status of the applicable interface changes to “pending” (it will change to “available” status after a short while).

Next, use the same procedures to accept one more virtual interface.

After completing all procedures, please send an e-mail to our company in order to inform us that customer procedures have been completed. Our company will then perform the second part of opening procedures. After all opening procedures are finished, an e-mail is sent to notify the customer. Billing then starts.

Attention

After acceptance, please do not delete the virtual interface (When changes in the logical structure have occurred due to changes to the settings, etc., we do not guarantee operation including one-sided status.
If you change the Direct Connect Gateway attachment destination or virtual private gateway specified at the time of acceptance, it is necessary for our company to once again perform procedures for issuing a virtual interface acceptance request. Therefore, if you want to make changes, please contact our company before deleting the virtual interface.

4. Host routing settings

When communicating with the hosts for SAKURA internet and AWS, it is necessary to communicate via networks for the created AWS connection options. Therefore, it is necessary to specify routing settings at each host for communicating with the destination network of the other parties.

The VPC network on the AWS side behaves the same as a service connected to the local router in SAKURA internet. For information on procedures for specifying routing settings, please refer to the routing settings procedures on the Local router page.

5. Check the transfer volume

In addition to basic usage fees, the AWS connection service has usage-based fee system for the data transfer volume. The transfer volume required for calculation of fees can be checked at the screen shown below.

Sakura cloud

The [Transfer Volume (Received)] (AWS to SAKURA internet) and [Transfer Volume (Sent)] (SAKURA internet to AWS) are displayed in the information section for each AWS connection.

AWS

When [Direct Connect] is expanded from the billing statement screen on the dashboard, the fees are also displayed.

3. Cautions

  • At the time of cancelling the contract, in addition to deleting the [AWS Connection], it is necessary to perform procedures for deleting the virtual interface of the connection destination AWS at the customer side.
  • The closed network line connecting SAKURA internet and AWS is managed by our company. However, the line from the virtual gateway until the AWS network is outside the scope of management by our company. Please contact AWS regarding problems with applicable parts and receiving support.
  • IPv6 is not supported. Therefore, mutual communication is not possible.