Cloud Gateway Technical Guide International - Telstra · 2016-09-22 · TELSTRA RESTRICTED | CLOUD GATEWAY TECHICAL GUIDEDRAFT TELSTRA CONFIDENTIAL | | CLOUD GATEWAY TECHNICAL GUIDE

DRAFT| [SECURITY CLASSIFICATION] | CLOUD GATEWAY TECHNICAL GUIDE INTERNATIONAL

CLOUD GATEWAY

TECHNICAL GUIDE

TELSTRA RESTRICTED | CLOUD GATEWAY TECHICAL GUIDEDRAFT TELSTRA CONFIDENTIAL | | CLOUD GATEWAY TECHNICAL GUIDE INTERNATIONAL

PAGE 2/20

WELCOME TO CLOUD GATEWAY

For sales, account set-up enquiries and technical support, contact your Telstra representative or choose from

our other support options.

You can access Cloud Gateway directly here or via Telstra’s Cloud Services Portal (either way, you’ll need

your login details).

CONVENTIONS USED IN THIS GUIDE The following typographical conventions are used in this guide for simplicity and readability:

Web addresses, email addresses and hyperlinks are shown in this colour in body text.

Button names and titles/features on your computer screen are shown in italics.

User input is shown in typewriter font.

Cloud Gateway Technical Guide – for customers outside Australia, Version 1.0

© Telstra Corporation Limited (ABN 33 051 775 556) 2016. All rights reserved.

This work is confidential to Telstra and copyright. Apart from any use as permitted under the Copyright Act 1968,

information contained within this guide cannot be used for any other purpose other than the purpose for which it was

released. No part of this guide may be reproduced, stored in a retrieval system, or transmitted in any form or by any

means, electronic, mechanical, photocopying, recording or otherwise, without the written permission of Telstra

Corporation Limited.

Words mentioned in this guide that are known to be trademarks, whether registered or unregistered, have been

capitalised or use initial capitals.

http://insight.telstra.com.au/t5/Knowledge-Articles/Cloud-Gateway-Support/ta-p/3391

https://gateway.telstra.com/gateway.html

https://mycloud.telstra.com/


PAGE 3/20

TABLE OF CONTENTS

INTRODUCTION ............................................................................................................................................... 4

WHY TELSTRA? ........................................................................................................................................... 4

WHY CLOUD GATEWAY? ........................................................................................................................... 4

NETWORK CONNECTIVITY AND BANDWIDTH TIERS ............................................................................. 5

CLOUD SERVICE PROVIDERS AND LOCATIONS .................................................................................... 6

CLOUD GATEWAY CONNECTIONS ................................................................................................................ 7

AWS CLOUD GATEWAY CONNECTION .................................................................................................... 7

IBM SOFTLAYER CLOUD GATEWAY CONNECTION .............................................................................. 13

TECHNICAL SPECIFICATIONS ..................................................................................................................... 15

END-TO-END NETWORK ARCHITECTURE ............................................................................................. 15

BANDWIDTH MANAGEMENT .................................................................................................................... 16

SERVICE MODIFICATIONS ....................................................................................................................... 16

SECURITY .................................................................................................................................................. 17

IP ROUTING PROTOCOLS ........................................................................................................................ 17

SOURCE NETWORK ADDRESS TRANSLATION (SNAT) ........................................................................ 18

DESTINATION NETWORK ADDRESS TRANSLATION (DNAT) ............................................................... 18

SERVICE AVAILABILITY TARGET ............................................................................................................ 18

TECHNICAL SUPPORT .................................................................................................................................. 19

CUSTOMER REPORTING ......................................................................................................................... 19

CUSTOMER PORTALS .............................................................................................................................. 19

GLOSSARY ..................................................................................................................................................... 20


PAGE 4/20

INTRODUCTION

WHY TELSTRA?

Telstra is your partner of choice for delivering secure and reliable access to the cloud. We provide:

National public cloud access for your locations/branches

Our Global IP VPN enables you to globally connect your locations and branches to compatible

public clouds.

Low latency and secure access to public clouds

Private connectivity between your Telstra IP network service (IP VPN) and public clouds – enabling

low latency, and secure access.

Access to a range of clouds through one connection

Flexibility of connecting to multiple cloud providers and sharing resources across them – enabling

smooth transition towards many cloud adoption strategies.

WHY CLOUD GATEWAY?

We’ll provide you with a simple one-stop solution for private, secure and reliable connectivity from your

Telstra IP network service into a range of cloud providers. You’ll be able to enjoy a seamless experience –

with a scalable and flexible approach.

Need to connect to multiple clouds, or adopt a hybrid cloud strategy? With this solution, it couldn’t be easier.

Simply choose your bandwidth allocation to individual cloud connections and then adjust them according to

your workloads – with plenty of room for future business growth.


PAGE 5/20

A seamless end-to-end solution that includes:

Online portal for connection and management

For one or multiple cloud connections from your wide area network (using your Telstra IP network service).

Single point of contact for your Cloud Gateway service

For:

o Service provisioning and assurance

o Data carriage from your Telstra IP network service

o Cross connects in respective data centres

o Activation of direct connectivity

o Configuration and support

Connect to a range clouds

You can currently connect to Amazon Web Services® (AWS) and SoftLayer®.

Wide range of available bandwidth options

You can easily change allocation of bandwidth for individual cloud connections, as required.

Monthly (PAYG) or fixed term pricing options

Ask our team about discounts for once-off installs and monthly recurring charges.

Upfront deterministic charges

With unlimited usage of data volume options providing ease of budgeting and control of cloud spend.

Superior SLAs

High availability and geographical redundancy options (where supported by the cloud provider).

Consulting services available as an option

Our experts can help you establish and manage your cloud account. We can also design and implement customised routing. Contact your Telstra representative for more information.

NETWORK CONNECTIVITY AND BANDWIDTH TIERS

Cloud Gateway provides Layer 3 (IP VPN) connectivity from your wide area network. You’ll be able to

connect to cloud data centres available around the world for the same Cloud Gateway connection. Our

Global IP VPN is an international service – it offers high availability and excellent geo-redundancy.

You can choose from a range of bandwidth tiers from 10Mbps to 10Gbps to suit your requirements. This will

be your selected bandwidth tier for all clouds connected through your Cloud Gateway service.

BANDWIDTH TIERS*

LAYER 3 CLOUD

GATEWAY 10M 50M 100M 200M 300M 400M 500M 700M 1G 2G 3G 5G 7G 10G

*Aggregate bandwidth for all clouds connected through your Cloud Gateway service.

Your bandwidth tier and charges for Cloud Gateway are independent of location. Once you specify the

bandwidth tier for the gateway, you can then allocate that bandwidth across supported cloud providers in

either global locations.

Your bandwidth tier is specific to your provider for each cloud. You can group all your clouds purchased from

us into one tier – but you’ll need another separate tier for clouds purchased from other providers.


PAGE 6/20

For example, if your chosen clouds are:

CLOUD BANDWIDTH PURCHASED FROM

AWS 100M AWS

You’ll need to purchase:

CLOUD GATEWAY BANDWIDTH TIER FOR

Telstra cloud bandwidth tier 200M Clouds purchased from Telstra

BYO cloud bandwidth tier 100M Clouds purchased from other compatible providers

CLOUD SERVICE PROVIDERS AND LOCATIONS

Cloud Gateway supports connectivity to the following cloud providers. You can buy these cloud provider

services through us or directly from the providers.

Your choice of bandwidth options for interconnection to individual cloud providers will depend on your

services or applications being used within that cloud environment. You’re responsible for determining the

right bandwidth option for your individual cloud services.

AWS

US East (N. Virginia)

US West (N. California)

EU (Ireland)

Asia Pacific (Singapore)

Note: once your network is connected via the AWS Direct Connect service, you’ll have access to services in all availability within the geographical region.

SoftLayer

Singapore

UK

Hong Kong

New York

More to come…

Over time, we’ll add more data centres for existing cloud service providers – along with new cloud service

providers.


PAGE 7/20

CLOUD GATEWAY CONNECTIONS

AWS CLOUD GATEWAY CONNECTION

Your Cloud Gateway connection for AWS, provides you with direct connections to AWS using your Telstra IP

network service. In addition, Cloud Gateway routers will also peer with AWS devices on your behalf – using

the AWS Direct Connect Network Service Provider model.

How a direct AWS connection works

Your services hosted in AWS will be available to your users as follows:

You can configure public, private (or both) peering options depending on the AWS services you use.

Note: public and private peering services are discrete services from AWS and connections from Cloud

Gateway need to be established separately.

AWS connection via private peering

An example of a private AWS service is Elastic Cloud Computing (EC2) – also known as virtual private

interface. In this service, you’ll provide two lots of /28 subnet blocks. Each /28 block is then used to provide

addresses for the peering interfaces.

This diagram shows the private connection model:

AWS Private Services (e.g.

EC2)

Telstra IP

network

service (IP

VPN)

Cloud Gateway AWS Direct

Connect Sydney Equinix

AWS availability zone

PRIVATE

PRIVATE

802.1Q Trunk

802.1Q Trunk

AWS

AWS

Your site

AWS Direct Connect Devices Cloud Gateway

Edge Routers

Telstra’s Cloud

Gateway service AWS

High availability

connections

Telstra IP

network service

(IP VPN)


PAGE 8/20

For this service, you’ll need:

A Telstra IP network service must be in place with an allocated and known Master Service ID.

Any sites you wish to use with Cloud Gateway must be connected to your Telstra IP network

service.

An AWS Direct Connect purchased and established by you.

One /28 network for interconnect addressing. This is subnetted into five blocks of IPv4 addresses

and must be unique across your sites; IP VPN and AWS service for AWS Private Service. Public or

private IP addressing can be used to establish private peering, but typically you should provide

private IP addressing for a Virtual Private Interface (VPI).

No Border Gateway Protocol (BGP) Autonomous System Number (ASN) is required from you for

peering with AWS as we’re providing a Cloud Gateway connection and will use public ASN 135599.

Once provisioned, any sites must have routing configuration enabled to receive routing information

about AWS IP subnets.

Key steps and responsibilities:

# STAGE ACTIVITY RESPONSIBILITY

1 Prerequisite Established AWS tenancy with Cloud Gateway connection Customer

2 Prerequisite Provide /28 IP subnet block for interconnect subnets Customer

3 Prerequisite Provide Global IP MSID and account ID Customer

4 Prerequisite Choose route summarisation mechanism Customer

5 Prerequisite Design Virtual Private Cloud (VPC) addressing scheme Customer

6 Prerequisite Complete the online Cloud Gateway order form Customer

7 Set-up Provision of Cloud Gateway connection Telstra

8 Set-up Send email with instructions to complete connection at AWS portal

Telstra

9 Post set-up Configure Virtual Private Gateway (VPG) Customer

10 Post set-up Configure VPC Customer

11 Post set-up Link the VPG to the VPC Customer

12 Post set-up Test end-to-end connectivity from a Telstra IP network service to AWS

Customer

Example:

PRIVATE

PRIVATE

PRIVATE

PRIVATE

192.168.1.1 / 32 192.168.1.2 / 32

192.168.1.3 / 32 192.168.1.4 / 32

VLAN-22

VLAN-22

Telstra Cloud

Gateway Amazon AWS

Direct Connect


PAGE 9/20

Rules and limitations:

Private peering may use either private or public IPv4 addresses, which you’re to provide.

Each BGP peer has a limit of 100 routing entries (e.g.100 entries for the private peering). Do you

have more than 100 different routes in your network? The ‘types of route summarisation’ table below

provides route summarisation options.

Identical routes will be advertised to AWS on both the primary and standby paths.

As BGP is utilised between the cloud edge and AWS, BGP outputs will show prefixes with the follow

ASNs in the AS path: 4637, 135599 and AWS’ ASNs. If existing networks running BGP are using

these ASNs, routes may not be accepted without additional configuration.

Route summarisation:

AWS routing tables have a 100 route limit per VPC, as documented by AWS at

http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

To give you the ability to limit the number of routes advertised into your VPC on your virtual private

interface, we give you the following options when provisioning your Cloud Gateway service:

TYPES OF ROUTE SUMMARISATION

RFC1918

(WITH PUBLIC IP ADDRESSES)

Telstra’s Global IP VPN RFC1918 route summarisation: summarises all private routes into three summary routes as follows: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

Routes that don’t fall into these ranges are not summarised and will be advertised into your VPC without change. If you have more than 97 non-RFC 1918 VPN routes, then BGP peering will not establish to your AWS VPC. This limit is imposed by AWS.

You’re free to use RFC 1918 address space inside your Amazon VPC. RFC 1918. Route summarisation is only performed in the outbound direction (from your Telstra IP network service in the direction of your AWS cloud services). Subsets of these RFC1918 ranges can still be configured in AWS and advertised into your Telstra IP network service.

This is the default configuration we recommend for establishing BGP peering to your AWS VPC (if you primarily use RFC1918 addressing within your Telstra IP network service).

Choosing this option will also suppress the default route (0.0.0.0/0) from being advertised from your Telstra IP network service to your AWS cloud services. This will allow you to use the AWS internet gateway for internet bound traffic from your AWS cloud services while also routing traffic destined for your Telstra IP network service via your AWS VPI.

If you wish to advertise a default route (0.0.0.0/0) from your Telstra IP network service into your AWS cloud services, then it’s best to choose ‘default route summarisation’

http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html


PAGE 10/20

TYPES OF ROUTE SUMMARISATION

RFC1918

(NO PUBLIC IP ADDRESSES)

Similar to above option except that public IP routes are not advertised through the peering. This is applicable for customers who have large numbers of both public and private routes in their BGP routing table.

Summarises all 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 routes into three summary routes.

DEFAULT ROUTE SUMMARISATION

Default route summarisation: only advertises a default route from your Telstra IP network service to your AWS VPC, so all traffic from your VPC will be routed back into your VPN.

Please refer to documentation on AWS’ route tables if you intend on using the AWS internet gateway in conjunction with this option.

NO ROUTE SUMMARISATION

No route summarisation is performed and all routes from your VPN will be advertised into your VPC. Only choose this if you’re sure that there are less than 100 routes in your VPN.

AWS connection via public peering

The public and private services are discrete connections that need to be configured separately. An example

of a public AWS service is Simple Storage Service (S3) (also known as a VPI). In this service, you’ll provide

a single /28 IP subnet block. This block is then divided to provide addresses for the interconnect subnets.

This diagram shows the public connection model:

AWS Public Services (e.g. S3) Telstra IP

network

service (IP

VPN)

Telstra Cloud Gateway AWS Direct

Connect Sydney Equinix

AWS Availability Zone

PUBLIC

PUBLIC

802.1Q Trunk

802.1Q Trunk

AWS

AWS


PAGE 11/20


A Telstra IP network service (IP VPN) must be in place with an allocated and known Master Service

ID.

Any sites you wish to use with Cloud Gateway must be connected to the Telstra IP network service.


and must be unique across your sites; IP VPN and AWS service for AWS Private Service. Public

addressing must be used to establish a public peering.

One /30 network for transit traffic. Smaller masks will be accepted if you have larger public address

ranges that you want to advertise to AWS. This prefix (or prefixes) is advertised through the BGP

session to AWS. All customer traffic must be sourced from this range. You cannot send traffic

sourced from private IP addresses to your AWS VPI. In practice this means that traffic to an AWS

VPmust either originate from a device with a public IP address, or be SNAT to a public IP address

by you within your Telstra IP network service.

No BGP ASN is required from you for peering with AWS, as we’re providing a Cloud Gateway

connection and will use public ASN 135599.

Once provisioned, any sites must have routing configuration enabled to receive routing information

about AWS IP subnets.



1 Prerequisite Established AWS tenancy with Cloud Gateway connection Customer


3 Prerequisite Provide Global IP MSID and account ID Customer

5 Prerequisite Network design for SNAT of AWS traffic Customer

6 Prerequisite Design VPC addressing scheme Customer

7 Prerequisite Complete the online Cloud Gateway order form Customer

8 Set-up Provision of AWS peering Telstra

9 Set-up Email to the customer containing SNAT IPs configuration instructions for AWS portal

Telstra

10 Post set-up Perform customer side SNAT configuration Customer

11 Post set-up Configure connection at AWS portal Customer

12 Post set-up Test end-to-end connectivity from IP VPN to AWS Customer


PAGE 12/20

Example:


Public peering requires public IPv4 addresses, which must be provided by you.

Each BGP peer has a limit of 100 routing entries (e.g. 100 entries for the public peering).

For public peering, only the specific public prefixes provided in the cloud portal are advertised to

AWS.

For the public peering, the minimum acceptable subnet mask is /30 for advertised networks (in other

words, a /31 or higher mask will not be accepted by AWS).

In order to minimise the number of entries advertised, you can summarise contiguous block of

addresses – thus, two contiguous blocks of /28 could be super-netted to become one /27 and so on

within your Telstra IP network service, to reduce the number of prefixes in the table.

Identical routes will be advertised to AWS on both the primary and standby paths.

As BGP is utilised between the cloud edge and AWS, BGP outputs will show prefixes with the follow

ASNs in the AS path: 4637, 135599 and AWS’ ASNs. If existing networks running BGP are using

these ASNs, routes may not be accepted without additional configuration.

PUBLIC

PUBLIC

PUBLIC

PUBLIC

203.1.1.1 / 32 203.1.1.2 / 32

203.1.1.3 / 32 203.1.1.4 / 32

VLAN-11

VLAN-11

Telstra Cloud

Gateway Amazon AWS

Direct Connect


PAGE 13/20

IBM SOFTLAYER CLOUD GATEWAY CONNECTION

Your Cloud Gateway service will provide you with direct connections to SoftLayer data centres using the

network service provider connection model. The connection method in use is via the SoftLayer cloud

exchange service. This allows connection into the SoftLayer services and your Telstra IP network service at

any of their global data centres.


Telstra IP network service must be in place with an allocated and known Master Service ID.

Any sites you wish to use with Cloud Gateway must be connected to our Global IP VPN.

A SoftLayer account.


and must be unique across your sites; IP VPN and Softlayer service. Public or private IP addressing

can be used, but typically you should provide private IP addressing.

No BGP ASN is required from you for peering with SoftLayer, as we’re providing a cloud exchange

service connection and will use public ASN 135599.



1 Prerequisite Established SoftLayer tenancy with Direct Connect Customer

2 Prerequisite Provide Global IP VPN Master Service ID Customer

3 Prerequisite Network design and analysis regarding SoftLayer restricted private IP ranges

Customer


5 Prerequisite Configure SoftLayer tenancy Customer

6 Prerequisite Complete online Cloud Gateway order form Customer

7 Set-up Provision of Cloud Gateway connection – Telstra Edge Telstra

8 Set-up Send an email with next steps to the customer Telstra

9 Set-up Order a Direct Link from SoftLayer portal Customer

10 Set-up Provision of direct link connection SoftLayer

11 Set-up Send ‘connection ready’ email SoftLayer

12 Post set-up Test end-to-end connectivity from our Global IP VPN to SoftLayer

Customer


PAGE 14/20


Once provisioned, depending on the network subnets added at either side of the connection, routes

may need to be added to individual servers and VMs in SoftLayer.

SoftLayer reserve several IP ranges for their own use – therefore if your Telstra IP network service

ranges overlap with these restricted ranges, it will not be possible to route these across the

SoftLayer Cloud Exchange connection. These ranges are:

o 10.0.0.0/14

o 10.200.0.0/14

o 10.198.0.0/15

o 169.254.0.0/16

o 224.0.0.0/4

Any IP ranges assigned to your VLAN’s on the SoftLayer platform

SoftLayer prescribes the IP addressing of your private networks within your environment. These

private subnets will be somewhere in the 10.0.0.0/8 range but not in the above-mentioned restricted

range. Therefore, if a prescribed IBM SoftLayer private network overlaps with a Telstra IP network

service that needs to be accessed – this will not be routed across the SoftLayer Cloud Exchange

connection either. It’s possible to request a different subnet for a private network from SoftLayer via

an ad-hoc ticket request to try and alleviate the conflict. Currently, there are two possible work-

arounds for this restriction:

o Re-addressing – either in your Telstra IP network service or requesting SoftLayer for new

address ranges for any prescribed private network allocated.

o Network Address Translation (NAT) / tunnel – a solution offered by SoftLayer is to use

the network appliance, Vyatta – available in the SoftLayer product catalogue, to create

network tunnels and/or NAT to overcome conflicts. This is treated as your designed and

owned solution – and not part of the Telstra’s Cloud Gateway service.

Bandwidth controls are not currently implemented from IBM or IBM SoftLayer. The policing of the

connection is only performed on the Telstra’s Cloud Gateway routers.

SoftLayer shared services such as DNS, update servers, iSCSI/NAS/object storage, backup servers,

anti-virus services (etc) are not available to be accessed from the SoftLayer cloud exchange service

in your Cloud Gateway service.


PAGE 15/20

TECHNICAL SPECIFICATIONS

END-TO-END NETWORK ARCHITECTURE

Telstra IP network service customers with Cloud Gateway will have their IP VPN extended to a Telstra cloud edge router and connected to one or more cloud service providers. Connected cloud service providers will appear as another site/node on their IP VPN.

This diagram shows connections to currently available cloud providers through Cloud Gateway:

Cloud connections are built and configured as fully redundant from a Telstra IP network service to supported

cloud provider network edges. Multiple high capacity (Nx10G) links are configured as active/backup – so any

router or link failure along the path triggers failover without impacting cloud connectivity.

As part of the service, tails are provided to redundant POPs and both paths are routed through separate

hardware/physical links within Cloud Gateway infrastructure. Geographical separation is maintained from

Telstra IP network service PoPs all the way up to cross-links at respective cloud data centres. The service

will withstand failure of any single router or single link in the path.

In the case of complete failure of a cloud data centre, redundancy can only be provided if you have tenancy

and links to both data centres for the same cloud provider.

High availability for end-to-end service will be determined by connectivity of your sites to a Telstra IP network

service (protected or unprotected) and networking infrastructure within respective cloud providers. Load

balancing across active/backup links isn’t available.


PAGE 16/20

BANDWIDTH MANAGEMENT

We manage the capacity of links between Cloud Gateway and cloud edge routers to help ensure available

bandwidth is sufficient for peak utilisation of all the configured connections. A bandwidth policer is applied

corresponding to the subscribed rate. All traffic is treated equally and any traffic exceeding the subscribed

bandwidth is dropped.

SERVICE MODIFICATIONS

Cloud Gateway supports multiple changes (what we calle ‘moves, adds and changes’, or ‘MACs’) for Cloud

Gateway attributes as well as individual cloud connections.

Please bear in mind that there’ll be a lead-time to process these requests and some changes may cause an

outage to your existing cloud connection as outlined in the table below. You’ll need to ensure you complete

cloud provider portal configuration in a timely manner so we can complete this modification within the target

time.

To manage such outages, please speak with your Telstra representative before requesting these changes.

CHANGE TYPE DESCRIPTION

AVAILABILITY AND OUTAGE IMPACT

AWS SoftLayer

BANDWIDTH UPGRADE

You’re able to upgrade your bandwidth within the available bandwidth tiers. Upgrading bandwidth will not incur modification or early termination fees.

If you exceed the Cloud Gateway bandwidth, due to an increase in individual cloud connection, we’ll ask you to upgrade to the next Cloud Gateway tier.

If you have a fixed-term contract, you’ll have your contract term restarted at the new (higher) bandwidth.

1 hour (customer

dependent)

No outage

BANDWIDTH DOWNGRADE

You’re able downgrade your bandwidth within the available bandwidth tiers. This change will incur a one-off modification charge. If you have a fixed-term contract, early termination charges will also apply.

1 hour (customer

dependent)

No outage

ROUTE SUMMARISATI

ON / FILTERING

Only applicable for AWS 1 hour (customer

dependent)

NA

DEFAULT ROUTE

SUPPRESSION

Only available for SoftLayer.

NA

NA


PAGE 17/20

SECURITY

Connectivity through Cloud Gateway is more secure than many other options, because it provides end-to-

end separation for each customer’s traffic.

Each Cloud Gateway service is mapped to your unique VPN Routing and Forwarding (VRF) instance –

thereby ensuring Layer 3 separation, while connectivity to cloud edge is carried inside a customer-specific

802.1Q VLAN set up ensuring Layer 2 separation for your traffic.

IP ROUTING PROTOCOLS

We use BGP routing to interconnect with cloud edge routers.

CLOUD PROVIDER SUPPORTED IP ROUTING

AWS

eBGP

SoftLayer

eBGP

Cloud Gateway edge routers peer with the cloud provider edge devices on behalf of the customers using

BGP. As a result, the following BGP ASNs cannot be used by you, in your Telstra IP network service.

Furthermore, these ASNs will also be visible within your Telstra IP network service routing table.

The eBGP between the two autonomous systems is configured as active-active. The eBGP protocol will then

pick the primary and secondary paths between the two peers.

NETWORK PEERING POINT ASN

Cloud Gateway Global 135599

Telstra’s Global IP VPN Global 4637

AWS Private / public peering Dublin (EU-West-1): 9059

Tokyo (AP-NorthEast-1): 10124

Singapore (AP-SouthEast-1): 17493

Other regions: 7224

SoftLayer Global 12076

Note: you must not use any of the above AS numbers in your own Telstra IP network service.


PAGE 18/20

SOURCE NETWORK ADDRESS TRANSLATION (SNAT)

If you’re using private IP addressing (RFC1918) and wish to establish AWS public peering, network address

translation has to be applied for source address(es). Such SNAT can be implemented at your sites before

using our global IP VPN.

SNAT at customer site.

You’re responsible for carrying out your own SNAT for public peering traffic. You can configure NAT feature

at your Customer Edge routers. The diagram below shows the location of NAT function within end-to-end

cloud connection.

DESTINATION NETWORK ADDRESS TRANSLATION (DNAT)

DNAT may be needed if you use private RFC1918 addresses in your network and servers in the public cloud

networks need to access these private-addressed devices.

If you require DNAT, it has to be implemented it on your own CE routers and advertise this pool of prefixes to

our Global IP VPN and Cloud Gateway. These prefixes are then advertised to the cloud provider by Cloud

Gateway.

SERVICE AVAILABILITY TARGET

Cloud connections are built and configured as fully redundant from the our Global IP VPN to supported cloud

provider network edges. Multiple high capacity (Nx10G) links are configured as active/backup, any router or

link failure along the path triggers failover without impact to cloud connectivity. Your sites can be protected or

unprotected, determining high availability for end-to-end service.

CLOUD CONNECTION TYPE SERVICE AVAILABILITY

TARGET

Cloud Gateway (Layer 3 / Global IP VPN connectivity)

Available for AWS and SoftLayer 99.99%

Telstra access

network Telstra IP

network service

Cloud Gateway

Fibre-optics Cloud service provider

public peering

Your site

Network address Translation

Private IP Addresses

Public IP Address


PAGE 19/20

TECHNICAL SUPPORT

Telstra’s Cloud Gateway service provides you with four comprehensive levels of support to resolve any

issues that may occur during ordering, provisioning or ongoing operations with your service.

In an unlikely event of service issues or an outage, you can log your fault with Cloud Service support team

with following target SLAs:

CLOUD GATEWAY CONNECTIVITY OPTION

SERVICE LEVEL

COVERAGE HOURS

RESPONSE TIME TARGET

RESTORE TIME TARGET

Cloud Gateway with Global IP VPN Business Plus

24 x 7 60 min 12 hours

CUSTOMER REPORTING

Customer reporting for Telstra’s Cloud Gateway service isn’t available for the initial release.

CUSTOMER PORTALS

Telstra’s Cloud Gateway service provides access to a range of online tools and portals for you to browse,

buy/activate, manage and access support for the product.

BROWSE/QUOTE

Telstra website www.telstraglobal.com/cloudgateway

BUY/ACTIVATE

Telstra Cloud Store buycloud.telstra.com

CONFIGURE/MANAGE

Telstra Cloud Portal mycloud.telstra.com

Faults can be logged by:

Raise a Cloud Gateway support ticket. You’ll also find the support ticket link on the support page of the Cloud Services Portal.

Calling 800 7965 5888 with the relevant international access code from your country.

We're available 24/7.

SUPPORT

All Telstra portals support IE8.0 and above, Google Chrome and Firefox.

You can also refer to respective Cloud Service provider portals (e.g. AWS, SoftLayer) to configure/manage

your networking within the cloud environment.

https://buycloud.telstra.com/

https://mycloud.telstra.com/

https://servicecentral.service-now.com/saml_redirector.do?sysparm_uri=ism/create_incident.do&idp=SNOW4CP514

http://www.telstraglobal.com/component/content/article?id=591

http://www.telstraglobal.com/component/content/article?id=591


PAGE 20/20

GLOSSARY

TERM DEFINITION

ASN Autonomous System Number

AWS Amazon Web Services

BGP Border Gateway Protocol

eBGP External Border Gateway Protocol

iBGP Internal border gateway protocol

BYO Bring your own (e.g. not purchased from Telstra)

ETC Early termination charges

HSRP Hot Standby Routing Protocol

I/C Interconnect

IP VPN IP Virtual Private Network (e.g. Telstra IP MAN and IP WAN services)

MAC Moves, adds and changes (e.g. modification to your service or product)

SNAT Source Network Address Translation

VLAN Virtual Local Area Network

VM Virtual machine (virtual server)

VRRP Virtual Router Redundancy Protocol

Documents

Cloud Gateway Technical Guide International - Telstra · 2016-09-22 · TELSTRA RESTRICTED | CLOUD GATEWAY TECHICAL GUIDEDRAFT TELSTRA CONFIDENTIAL | | CLOUD GATEWAY TECHNICAL GUIDE