Help us understand the problem. What is going on with this article?

AWS CLIカンファレンス2016 講演2 見せます!aws directconnect ~カンペ

More than 3 years have passed since last update.

説明

以下スライドの2で行う、directconnect接続の実演に使用するカンニングペーパーです。
http://www.slideshare.net/TomoakiHira/let-us-make-clear-the-aws-directconnect

実演

環境確認 (DirectConnect利用者側アカウント)

VPCの確認

コマンド
aws ec2 describe-vpcs
レスポンス
{
    "Vpcs": [
        {
            "VpcId": "vpc-9968****",
            "InstanceTenancy": "default",
            "State": "available",
            "DhcpOptionsId": "dopt-622a****",
            "CidrBlock": "172.31.0.0/16",
            "IsDefault": true
        }
    ]
}

サブネットの確認

コマンド
aws ec2 describe-subnets
レスポンス
{
    "Subnets": [
        {
            "VpcId": "vpc-9968****",
            "CidrBlock": "172.31.0.0/20",
            "MapPublicIpOnLaunch": true,
            "DefaultForAz": true,
            "State": "available",
            "AvailabilityZone": "ap-northeast-1c",
            "SubnetId": "subnet-b509****",
            "AvailableIpAddressCount": 4091
        },
        {
            "VpcId": "vpc-9968****",
            "CidrBlock": "172.31.16.0/20",
            "MapPublicIpOnLaunch": true,
            "DefaultForAz": true,
            "State": "available",
            "AvailabilityZone": "ap-northeast-1a",
            "SubnetId": "subnet-4aeb****",
            "AvailableIpAddressCount": 4090
        }
    ]
}

VPNゲートウェイ(仮想ゲートウェイ)の確認

コマンド
aws ec2 describe-vpn-gateways
レスポンス
{
    "VpnGateways": [
        {
            "State": "available",
            "Tags": [
                {
                    "Value": "test",
                    "Key": "Name"
                }
            ],
            "Type": "ipsec.1",
            "VpnGatewayId": "vgw-abbd****",
            "VpcAttachments": [
                {
                    "State": "attached",
                    "VpcId": "vpc-9968****"
                }
            ]
        }
    ]
}

ルートテーブルの確認

コマンド
aws ec2 describe-route-tables
レスポンス
{
    "RouteTables": [
        {
            "Associations": [
                {
                    "RouteTableAssociationId": "rtbassoc-02bf****",
                    "Main": true,
                    "RouteTableId": "rtb-4998****"
                }
            ],
            "RouteTableId": "rtb-4998****",
            "VpcId": "vpc-9968****",
            "PropagatingVgws": [],
            "Tags": [],
            "Routes": [
                {
                    "GatewayId": "local",
                    "DestinationCidrBlock": "172.31.0.0/16",
                    "State": "active",
                    "Origin": "CreateRouteTable"
                },
                {
                    "GatewayId": "igw-aa9b****",
                    "DestinationCidrBlock": "0.0.0.0/0",
                    "State": "active",
                    "Origin": "CreateRoute"
                }
            ]
        }
    ]
}

コネクションの確認 (DirectConnect管理者側アカウント)

コマンド
aws directconnect describe-connections
レスポンス
{
    "connections": [
        {
            "ownerAccount": "1790********",
            "connectionId": "dxcon-********",
            "connectionState": "available",
            "bandwidth": "10Gbps",
            "location": "EqTY2",
            "connectionName": "********",
            "region": "ap-northeast-1"
        },
        {
            "ownerAccount": "1790********",
            "connectionId": "dxcon-********",
            "connectionState": "available",
            "bandwidth": "10Gbps",
            "location": "EqTY2",
            "connectionName": "********",
            "region": "ap-northeast-1"
        }
    ]
}

ユーザアカウントにVirtualInterfaceを割当(DirectConnect管理者側アカウント)

コマンド
CONNECTION='dxcon-********'
VIFNAME='NWG-HIRA-BK'
ACCOUNTID='5651********'
VLANID='511'
ROUTERIP='169.254.15.213/30'
AMAZONIP='169.254.15.214/30'
BGPASN='65000'
BGPMD5='fr3gUCLDLS6MQsVLVBw9zgdt'

cat <<ETX

    CONNECTION: $CONNECTION
    VIFNAME   : $VIFNAME
    ACCOUNTID : $ACCOUNTID
    VLANID    : $VLANID
    ROUTERIP  : $ROUTERIP
    AMAZONIP  : $AMAZONIP
    BGPASN    : $BGPASN
    BGPMD5    : $BGPMD5

ETX

aws directconnect allocate-private-virtual-interface --connection-id $CONNECTION --owner-account $ACCOUNTID --new-private-virtual-interface-allocation virtualInterfaceName=$VIFNAME,vlan=$VLANID,asn=$BGPASN,authKey=$BGPMD5,amazonAddress=$AMAZONIP,customerAddress=$ROUTERIP
レスポンス
{
    "virtualInterfaceState": "confirming",
    "asn": 65000,
    "vlan": 511,
    "customerAddress": "169.254.15.213/30",
    "ownerAccount": "5651********",
    "connectionId": "dxcon-********",
    "virtualInterfaceId": "dxvif-********",
    "authKey": "fr3gUCLDLS6MQsVLVBw9zgdt",
    "routeFilterPrefixes": [],
    "location": "EqTY2",
    "customerRouterConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<logical_connection id=\"dxvif-********\">\n  <vlan>511</vlan>\n  <customer_address>169.254.15.213/30</customer_address>\n  <amazon_address>169.254.15.214/30</amazon_address>\n  <bgp_asn>65000</bgp_asn>\n  <bgp_auth_key>fr3gUCLDLS6MQsVLVBw9zgdt</bgp_auth_key>\n  <amazon_bgp_asn>10124</amazon_bgp_asn>\n  <connection_type>private</connection_type>\n</logical_connection>\n",
    "amazonAddress": "169.254.15.214/30",
    "virtualInterfaceType": "private",
    "virtualInterfaceName": "NWG-HIRA-BK"
}

VirtualInterfaceのConfirm (DirectConnectユーザ側アカウント)

コマンド
VGWID=`aws ec2 describe-vpn-gateways | jq .VpnGateways[0].VpnGatewayId | tr -d '\"'`
VIFID=`aws directconnect describe-virtual-interfaces | jq .virtualInterfaces[0].virtualInterfaceId | tr -d '\"'`

cat <<ETX

    VGWID: $VGWID
    VIFID: $VIFID

ETX

aws directconnect confirm-private-virtual-interface --virtual-interface-id $VIFID --virtual-gateway-id $VGWID
レスポンス
{
    "virtualInterfaceState": "pending"
}
追加確認コマンド
watch -n 10 "aws directconnect describe-virtual-interfaces"
レスポンス
{
    "virtualInterfaces": [
        {
            "virtualInterfaceState": "available",
            "asn": 65000,
            "vlan": 511,
            "customerAddress": "169.254.15.213/30",
            "ownerAccount": "5651********",
            "connectionId": "dxcon-********",
            "virtualGatewayId": "vgw-abbd****",
            "virtualInterfaceId": "dxvif-********",
            "routeFilterPrefixes": [],
            "location": "EqTY2",
            "amazonAddress": "169.254.15.214/30",
            "virtualInterfaceType": "private",
            "virtualInterfaceName": "NWG-HIRA-BK"
        }
    ]
}

その他の設定/確認 (DirectConnectユーザ側アカウント)

セキュリティグループにてDataCenterNetworkからの着信接続が許可されているか確認

コマンド
aws ec2 describe-security-groups | jq .SecurityGroups[2].IpPermissions[1]
レスポンス
{
  "IpProtocol": "-1",
  "IpRanges": [
    {
      "CidrIp": "172.30.100.0/24"
    }
  ],
  "UserIdGroupPairs": [],
  "PrefixListIds": []
}

ルートテーブルにてRoutePropagateを有効化

コマンド
RTID=`aws ec2 describe-route-tables | jq .RouteTables[0].RouteTableId | tr -d '\"'`
VGWID=`aws ec2 describe-vpn-gateways | jq .VpnGateways[0].VpnGatewayId | tr -d '\"'`

cat <<ETX

    RTID : $RTID
    VGWID: $VGWID

ETX

aws ec2 enable-vgw-route-propagation --route-table-id $RTID --gateway-id $VGWID
レスポンス
なし
追加確認コマンド
aws ec2 describe-route-tables
レスポンス
{
    "RouteTables": [
        {
            "Associations": [
                {
                    "RouteTableAssociationId": "rtbassoc-02bf****",
                    "Main": true,
                    "RouteTableId": "rtb-4998****"
                }
            ],
            "RouteTableId": "rtb-4998****",
            "VpcId": "vpc-9968****",
            "PropagatingVgws": [
                {
                    "GatewayId": "vgw-abbd****"
                }
            ],
            "Tags": [],
            "Routes": [
                {
                    "GatewayId": "local",
                    "DestinationCidrBlock": "172.31.0.0/16",
                    "State": "active",
                    "Origin": "CreateRouteTable"
                },
                {
                    "GatewayId": "igw-aa9b****",
                    "DestinationCidrBlock": "0.0.0.0/0",
                    "State": "active",
                    "Origin": "CreateRoute"
                },
                {
                    "GatewayId": "vgw-abbd****",
                    "DestinationCidrBlock": "172.30.100.0/24",
                    "State": "active",
                    "Origin": "EnableVgwRoutePropagation"
                }
            ]
        }
    ]
}

VirtualInterfaceの削除 (DirectConnectユーザ側アカウント)

コマンド
VIFID=`aws directconnect describe-virtual-interfaces | jq .virtualInterfaces[0].virtualInterfaceId | tr -d '\"'`

cat <<ETX

    VIFID: $VIFID

ETX

aws directconnect delete-virtual-interface --virtual-interface-id $VIFID
レスポンス
{
    "virtualInterfaceState": "deleting"
}
追加確認コマンド
aws directconnect describe-virtual-interfaces
レスポンス
{
    "virtualInterfaces": [
        {
            "virtualInterfaceState": "deleted",
            "asn": 65000,
            "vlan": 511,
            "customerAddress": "169.254.15.213/30",
            "ownerAccount": "5651********",
            "connectionId": "dxcon-********",
            "virtualGatewayId": "vgw-abbd****",
            "virtualInterfaceId": "dxvif-********",
            "routeFilterPrefixes": [],
            "location": "EqTY2",
            "amazonAddress": "169.254.15.214/30",
            "virtualInterfaceType": "private",
            "virtualInterfaceName": "NWG-HIRA-BK"
        }
    ]
}
rfhira
Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
No comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
ユーザーは見つかりませんでした