Description

Provides an overview of CPNC connections and their applicability to both MCP 1.0 and MCP 2.0 data center locations. Explains What is a Cloud Private Network Connection (CPNC) and How Can I Use it?

Content / Solution:

Overview

The Cloud Private Network Connection (CPNC) service provides the ability to interconnect Cloud infrastructure to Enterprise Networks in a secure manner. CPNC provides options for establishing connections between these disparate elements:

  • Corporate Networks not associated with Cloud services
  • Cloud Network Domains (MCP 2.0) in  the same or different physical data center locations
  • Cloud Networks (MCP 1.0) and Cloud Network Domains (2.0) that are located in the same physical data center location
  • Managed Hosting and Cloud Physical Servers

Such interconnections allow these disparate environments to communicate with each other outside both the public IP connectivity and the optimized VPN network that Cloud provides between different data center locations. They effectively allow you to extend your corporate networks seamlessly into the Cloud environment.

CPNC Connectivity Options

There are several standard options in which to achieve this connectivity as part of the CPNC service. The options include:

  1. Direct Connect (Physical Port) interconnections using leased line services from a service provider via cross-connect in our data center
  2. Private Connect (Virtual Port) interconnections using MPLS circuits from Managed MPLS vendors that provide  aggregate network connections in our data center.
  3. Site to Site VPN interconnections using using fixed IPSEC or Virtual Tunnel Interfaces across the Internet
  4. CPNC Network Domain Interconnect interconnections between MCP 2.0 and MCP 1.0 locations within the same physical data center.

MCP 1.0 Architecture Considerations

In MCP 1.0 locations, the system defines the Private IPv4 address associated with each Cloud Network. Users cannot dictate these assigned IPv4 addresses. This means that in many cases, there may be an overlap between a Cloud Network's assigned private IPv4 address and private IPv4 space used by the networks on the other side of a CPNC connection. To avoid IP collisions in these cases, we establish NAT mappings between the Cloud Networks and the connected network. The downside of this approach is that all private IPv4 traffic has to flow through the NAT'd address space, which adds some complication to integration efforts.

In MCP 1.0 locations, each Cloud Network's ACL rules will manage traffic between that Cloud Network and the CPNC connection. If multiple Cloud Networks are connected, users will need to ensure each Cloud Network's ACL configuration is set up to allow the expected traffic points. MCP 1.0 locations do not allow users to establish NAT or VIP mappings between the Cloud Network and the assets on the CPNC-connected network.

MCP 2.0 Architecture Considerations

In MCP 2.0 locations, users can define the IPv4 address space of each VLAN within a Cloud Network Domain, so NAT is usually not required. However, since CloudControl is unaware of the private IPv4 address usage on the interconnected networks, clients need to be manage their private IPv4 address allocation to avoid such collisions.

In MCP 2.0 locations, the Cloud Network Domain's Firewall rules can manage traffic across all VLAN's within the Network Domain and the CPNC connection. In addition, MCP 2.0 allows users to establish NAT and VIP addresses on the Cloud Network Domain that can be routed to private IPv4 addresses located on the CPNC-connected network. The Network Domain's Firewall Rues also control this traffic.

Implementation

Implementation of Cloud Private Network Connections (CPNC) is a manual process that occurs outside CloudControl. One CPNC connection is required at each location where private connectivity is required. Note that as new Cloud Networks (MCP 1.0) and Cloud Network Domains (MCP 2.0) are added to a location, they are NOT automatically added to the CPNC connection. Users must request additions of newly deployed Cloud Networks or Network Domains and also notify us on deletion of such connected assets. 

See your Sales Associate for details, pricing, and availability on this offering.

 

 

  • No labels