10
9

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

AWS CLIカンファレンス2016 講演2 見せます!aws directconnect ~カンペ

Last updated at Posted at 2016-07-17

#説明
以下スライドの2で行う、directconnect接続の実演に使用するカンニングペーパーです。
http://www.slideshare.net/TomoakiHira/let-us-make-clear-the-aws-directconnect

#実演
##環境確認 (DirectConnect利用者側アカウント)
###VPCの確認

コマンド
aws ec2 describe-vpcs
レスポンス
{
    "Vpcs": [
        {
            "VpcId": "vpc-9968****",
            "InstanceTenancy": "default",
            "State": "available",
            "DhcpOptionsId": "dopt-622a****",
            "CidrBlock": "172.31.0.0/16",
            "IsDefault": true
        }
    ]
}

###サブネットの確認

コマンド
aws ec2 describe-subnets
レスポンス
{
    "Subnets": [
        {
            "VpcId": "vpc-9968****",
            "CidrBlock": "172.31.0.0/20",
            "MapPublicIpOnLaunch": true,
            "DefaultForAz": true,
            "State": "available",
            "AvailabilityZone": "ap-northeast-1c",
            "SubnetId": "subnet-b509****",
            "AvailableIpAddressCount": 4091
        },
        {
            "VpcId": "vpc-9968****",
            "CidrBlock": "172.31.16.0/20",
            "MapPublicIpOnLaunch": true,
            "DefaultForAz": true,
            "State": "available",
            "AvailabilityZone": "ap-northeast-1a",
            "SubnetId": "subnet-4aeb****",
            "AvailableIpAddressCount": 4090
        }
    ]
}

###VPNゲートウェイ(仮想ゲートウェイ)の確認

コマンド
aws ec2 describe-vpn-gateways
レスポンス
{
    "VpnGateways": [
        {
            "State": "available",
            "Tags": [
                {
                    "Value": "test",
                    "Key": "Name"
                }
            ],
            "Type": "ipsec.1",
            "VpnGatewayId": "vgw-abbd****",
            "VpcAttachments": [
                {
                    "State": "attached",
                    "VpcId": "vpc-9968****"
                }
            ]
        }
    ]
}

###ルートテーブルの確認

コマンド
aws ec2 describe-route-tables
レスポンス
{
    "RouteTables": [
        {
            "Associations": [
                {
                    "RouteTableAssociationId": "rtbassoc-02bf****",
                    "Main": true,
                    "RouteTableId": "rtb-4998****"
                }
            ],
            "RouteTableId": "rtb-4998****",
            "VpcId": "vpc-9968****",
            "PropagatingVgws": [],
            "Tags": [],
            "Routes": [
                {
                    "GatewayId": "local",
                    "DestinationCidrBlock": "172.31.0.0/16",
                    "State": "active",
                    "Origin": "CreateRouteTable"
                },
                {
                    "GatewayId": "igw-aa9b****",
                    "DestinationCidrBlock": "0.0.0.0/0",
                    "State": "active",
                    "Origin": "CreateRoute"
                }
            ]
        }
    ]
}

##コネクションの確認 (DirectConnect管理者側アカウント)

コマンド
aws directconnect describe-connections
レスポンス
{
    "connections": [
        {
            "ownerAccount": "1790********",
            "connectionId": "dxcon-********",
            "connectionState": "available",
            "bandwidth": "10Gbps",
            "location": "EqTY2",
            "connectionName": "********",
            "region": "ap-northeast-1"
        },
        {
            "ownerAccount": "1790********",
            "connectionId": "dxcon-********",
            "connectionState": "available",
            "bandwidth": "10Gbps",
            "location": "EqTY2",
            "connectionName": "********",
            "region": "ap-northeast-1"
        }
    ]
}

##ユーザアカウントにVirtualInterfaceを割当(DirectConnect管理者側アカウント)

コマンド
CONNECTION='dxcon-********'
VIFNAME='NWG-HIRA-BK'
ACCOUNTID='5651********'
VLANID='511'
ROUTERIP='169.254.15.213/30'
AMAZONIP='169.254.15.214/30'
BGPASN='65000'
BGPMD5='fr3gUCLDLS6MQsVLVBw9zgdt'

cat <<ETX

    CONNECTION: $CONNECTION
    VIFNAME   : $VIFNAME
    ACCOUNTID : $ACCOUNTID
    VLANID    : $VLANID
    ROUTERIP  : $ROUTERIP
    AMAZONIP  : $AMAZONIP
    BGPASN    : $BGPASN
    BGPMD5    : $BGPMD5

ETX

aws directconnect allocate-private-virtual-interface --connection-id $CONNECTION --owner-account $ACCOUNTID --new-private-virtual-interface-allocation virtualInterfaceName=$VIFNAME,vlan=$VLANID,asn=$BGPASN,authKey=$BGPMD5,amazonAddress=$AMAZONIP,customerAddress=$ROUTERIP
レスポンス
{
    "virtualInterfaceState": "confirming",
    "asn": 65000,
    "vlan": 511,
    "customerAddress": "169.254.15.213/30",
    "ownerAccount": "5651********",
    "connectionId": "dxcon-********",
    "virtualInterfaceId": "dxvif-********",
    "authKey": "fr3gUCLDLS6MQsVLVBw9zgdt",
    "routeFilterPrefixes": [],
    "location": "EqTY2",
    "customerRouterConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<logical_connection id=\"dxvif-********\">\n  <vlan>511</vlan>\n  <customer_address>169.254.15.213/30</customer_address>\n  <amazon_address>169.254.15.214/30</amazon_address>\n  <bgp_asn>65000</bgp_asn>\n  <bgp_auth_key>fr3gUCLDLS6MQsVLVBw9zgdt</bgp_auth_key>\n  <amazon_bgp_asn>10124</amazon_bgp_asn>\n  <connection_type>private</connection_type>\n</logical_connection>\n",
    "amazonAddress": "169.254.15.214/30",
    "virtualInterfaceType": "private",
    "virtualInterfaceName": "NWG-HIRA-BK"
}

##VirtualInterfaceのConfirm (DirectConnectユーザ側アカウント)

コマンド
VGWID=`aws ec2 describe-vpn-gateways | jq .VpnGateways[0].VpnGatewayId | tr -d '\"'`
VIFID=`aws directconnect describe-virtual-interfaces | jq .virtualInterfaces[0].virtualInterfaceId | tr -d '\"'`

cat <<ETX

    VGWID: $VGWID
    VIFID: $VIFID

ETX

aws directconnect confirm-private-virtual-interface --virtual-interface-id $VIFID --virtual-gateway-id $VGWID
レスポンス
{
    "virtualInterfaceState": "pending"
}
追加確認コマンド
watch -n 10 "aws directconnect describe-virtual-interfaces"
レスポンス
{
    "virtualInterfaces": [
        {
            "virtualInterfaceState": "available",
            "asn": 65000,
            "vlan": 511,
            "customerAddress": "169.254.15.213/30",
            "ownerAccount": "5651********",
            "connectionId": "dxcon-********",
            "virtualGatewayId": "vgw-abbd****",
            "virtualInterfaceId": "dxvif-********",
            "routeFilterPrefixes": [],
            "location": "EqTY2",
            "amazonAddress": "169.254.15.214/30",
            "virtualInterfaceType": "private",
            "virtualInterfaceName": "NWG-HIRA-BK"
        }
    ]
}

##その他の設定/確認 (DirectConnectユーザ側アカウント)
###セキュリティグループにてDataCenterNetworkからの着信接続が許可されているか確認

コマンド
aws ec2 describe-security-groups | jq .SecurityGroups[2].IpPermissions[1]
レスポンス
{
  "IpProtocol": "-1",
  "IpRanges": [
    {
      "CidrIp": "172.30.100.0/24"
    }
  ],
  "UserIdGroupPairs": [],
  "PrefixListIds": []
}

###ルートテーブルにてRoutePropagateを有効化

コマンド
RTID=`aws ec2 describe-route-tables | jq .RouteTables[0].RouteTableId | tr -d '\"'`
VGWID=`aws ec2 describe-vpn-gateways | jq .VpnGateways[0].VpnGatewayId | tr -d '\"'`

cat <<ETX

    RTID : $RTID
    VGWID: $VGWID

ETX

aws ec2 enable-vgw-route-propagation --route-table-id $RTID --gateway-id $VGWID
レスポンス
なし
追加確認コマンド
aws ec2 describe-route-tables
レスポンス
{
    "RouteTables": [
        {
            "Associations": [
                {
                    "RouteTableAssociationId": "rtbassoc-02bf****",
                    "Main": true,
                    "RouteTableId": "rtb-4998****"
                }
            ],
            "RouteTableId": "rtb-4998****",
            "VpcId": "vpc-9968****",
            "PropagatingVgws": [
                {
                    "GatewayId": "vgw-abbd****"
                }
            ],
            "Tags": [],
            "Routes": [
                {
                    "GatewayId": "local",
                    "DestinationCidrBlock": "172.31.0.0/16",
                    "State": "active",
                    "Origin": "CreateRouteTable"
                },
                {
                    "GatewayId": "igw-aa9b****",
                    "DestinationCidrBlock": "0.0.0.0/0",
                    "State": "active",
                    "Origin": "CreateRoute"
                },
                {
                    "GatewayId": "vgw-abbd****",
                    "DestinationCidrBlock": "172.30.100.0/24",
                    "State": "active",
                    "Origin": "EnableVgwRoutePropagation"
                }
            ]
        }
    ]
}

##VirtualInterfaceの削除 (DirectConnectユーザ側アカウント)

コマンド
VIFID=`aws directconnect describe-virtual-interfaces | jq .virtualInterfaces[0].virtualInterfaceId | tr -d '\"'`

cat <<ETX

    VIFID: $VIFID

ETX

aws directconnect delete-virtual-interface --virtual-interface-id $VIFID
レスポンス
{
    "virtualInterfaceState": "deleting"
}
追加確認コマンド
aws directconnect describe-virtual-interfaces
レスポンス
{
    "virtualInterfaces": [
        {
            "virtualInterfaceState": "deleted",
            "asn": 65000,
            "vlan": 511,
            "customerAddress": "169.254.15.213/30",
            "ownerAccount": "5651********",
            "connectionId": "dxcon-********",
            "virtualGatewayId": "vgw-abbd****",
            "virtualInterfaceId": "dxvif-********",
            "routeFilterPrefixes": [],
            "location": "EqTY2",
            "amazonAddress": "169.254.15.214/30",
            "virtualInterfaceType": "private",
            "virtualInterfaceName": "NWG-HIRA-BK"
        }
    ]
}
10
9
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
10
9

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?