4.5. VPN Gateway

Note

  • NTT Com provides the connectivity with Arcstar Universal One (called UNO hereafter), the VPN service of NTT Com, as “Multi-Cloud Connect (Enterprise Cloud 2.0 Connectivity)” (called MCC (ECL2.0 Connectivity) hereafter), which is the optional menu of UNO.

  • Campaign discount in this service can not be applied.

  • In this section, we describe VPN Gateway, which is virtual router provided as one of the components in MCC(ECL2.0 Connectivity) .

  • Please contact to our sales representatives for details regarding MCC(ECL2.0 Connectivity)

4.5.1. About VPN Gateway

4.5.1.1. Overview

NTT Com provides Customer-dedicated private virtual router (called “VPN Gateway” hereafter) within ECL2.0 environment, as a provided device of “Multi Cloud Connect: Enterprise Cloud 2.0 Connectivity” (called “MCC (ECL2.0 Connectivity)” hereafter). MCC (ECL2.0 Connectivity) is an optional service of Arcstar Universal One, the VPN service provided by NTT Com.

VPN Gateway provides various functions to connect with “Arcstar Universal One (hereafter called ‘UNO’)” via MCC (ECL2.0 Connectivity), and is basically provisioned as a redundant configuration by default.

概要

4.5.1.2. Features

VPN Gateway is private virtual routers, provided as a component of MCC (ECL2.0 Connectivity). This enables Customers to connect between Enterprise Cloud 2.0 Tenant & “Arcstar Universal One”.


4.5.2. Available Functions

4.5.2.1. List of Functions

Following are major two functions, which have been provided in VPN Gateway.

Functions

Overviews

Gateway Function

Provides Gateway function to connect Logical Network deployed in Enterprise Cloud 2.0 to “Arcstar Universal One”

Self-Management Function

Provides GUI/API for various VPN Gateway functions to be managed by both Customers & the operators/systems of NTT Com’s Network Services.


4.5.2.2. Description of Functions

Gateway Function

Following are the functions which enables Customers to connect to “Arcstar Universal One”.

Functions

Descriptions

Network Connectivity Function

Provides interface for connecting to Logical Network and Arcstar Universal One side.

Static Routing / Route Advertisement Function

Configure static routing by Customers to communicate with Logical Network. IP Address block set by Customers as the static routing destination is advertised as BGP Routes to Arcstar Universal One side.

Bandwidth Setting Function

Sets a specific bandwidth that VPN Gateway can handles.


Network Connectivity Function

Following are two types of interfaces that VPN Gateway provides.

Functions

Descriptions

Spec/Restriction

Interface for Connecting with Arcstar Universal One

Interface to connect Arcstar Universal One’s PE called Cloud-GW with VLAN for VPN Gateway (called “VLAN for Connecting with Arcstar Universal One” hereafter)

Provides only one Interface for one VPN Gateway.
Note: Customers cannot operate (e.g. add/delete) the interface by themselves.

Gateway Interface

Interface to connect with Logical Network

Provides only one Interface for one VPN Gateway.
Note:Customers can assign destination Logical Network of this interface, and detach between/among Logical Network and this interface.
Customers can connect one “Logical Network” to one “VPN Gateway”. As such, it cannot be connected with multiple VPN Gateway.
VPN GW概要

Static Routing / Route Advertisement Function

Customers can set static routing, which is from VPN Gateway to Logical Network. IP Address block set by Customers as the static routing destination is advertised as BGP Routes to Arcstar Universal One side.
The maximum upper limit of Static Routs to be advertised is 32 and to be received is 20,000.

Bandwidth Setting Function

VPN Gateway allows Customers to set a specific bandwidth that VPN Gateway can handle. In this case, the bandwidth is based on the subscribed bandwidth of MCC (ECL2.0 Connectivity) Bandwidth Plan. Please refer to ”3.1 Plan List” below, concerning the bandwidth plan.


Self-Management Function

VPN Gateway allows Customers to the following operations via Enterprise Cloud 2.0 Portal / API.

Operations

Available Operations

Details

Configure Static Routing / Routing Advertisement

Add / remove static routing / advertised routes

Enable Customers to advertise BGP routes to Arcstar Universal One side.

Connect to Logical Network (Create Gateway Interface)

Add / remove Logical Network Connectivity

Enable Customers to add Gateway Interface, so that they can connect to any Logical Network; Enables them to remove Gateway Interface, so that they can detach Logical Network Connectivities.

Assign IP Address to Gateway Interface

Assign IP Addresses

Enables Customer to assign IP Address to interface for connecting Logical Network.

[Reference] Establishment · change of bandwidth · Abolition of MCC (ECL 2.0 connection)

Application for establishment · change of bandwidth · deletion of MCC (ECL 2.0 connection)

By applying from the business portal, it is possible to establish · change of bandwidth · abolish the MCC (ECL 2.0 connection).
In accordance with the establishment · change of bandwidth · abolition of MCC (ECL 2.0 connection), the VPN gateway is added, changed, and deleted.

Configure Static Routing / Routing Advertisement

Customers can configure static route on VPN Gateway; and the static route are advertised as a BGP route. Following are available parameters to enable Customers to configure as a static routing.

Parameters

Details

Friendly Name

Sets friendly name of static route

Description

Assigns any string to static route.

Destination

Assigns destination network (IP address block) of relevant static routing. And this IP address block is advertised to the Arcstar Universal One side.

Next Hop

Sets next hop in order to communicate with the network assigned by Customers as a destination.

Note

The maximum upper limit of Static Routs to be advertised is 32 and to be received is 20,000.

VPN GW概要

Connect to Logical Network

Customers can connect the “interface for connecting to Logical Network” to any Logical Network. Note: Following are restrictions in this operation;

  • Customers can connect one “interface for connecting to Logical Network” to one “Logical Network”. As such, it cannot be connected with multiple Logical Network.

  • Customers cannot modify the connecting Logical Network. Customers are advised to accommodate through removing and then adding the connectivity.

Furthermore, Customers can assign IP address of the “interface for connecting to Logical Network”.


Assign IP Address to Gateway Interface

Customers can assign any IP Address to the VPN Gateway interface, which is for connecting to Logical Network. This operation will be executed at the same time as connecting to Logical Network. VPN Gateway is provided with redundant configuration. Therefore, this allows Customers to assign following three types of IP Addresses respectively: Primary/Secondary IP, and virtual IP address for VRRP. Besides, they can set VRRP ID.

Parameters

Details

Gateway IP

Virtual IP Address, which is assigned for VRRP.

Primary IP

IP Address assigned to ACT interface of redundant VPN Gateway.

Secondary IP

IP Address assigned to STANDBY interface of redundant VPN Gateway.

VRRPID

VRRP ID, which is utilized in VPN Gateway Interface.

Note

  • If VRRPID overlaps on the same logical network, communication may not be performed normally, so please specify a different value.

  • Customers cannot modify the assigned IP Addresses. In case they would like to change the IP Addresses, they need to remove Gateway Interface, and then to add it to the same Logical Network.

IPアサイン VPN

[Reference] Establishment · Change of bandwidth · Abolition of MCC (ECL 2.0 connection)

Customers will be able to create new / change bandwidth / abolish on the same day by applying from the business portal.
For best effort 100 M ⇔ 1 G, changes between guarantee bands can be applied on-demand with bandwidth change SO, changes between best effort ⇔ guaranty is abolished by on-demand applications with new construction are possible.
For details about MCC (ECL 2.0 connection) service, please confirm via our sales staff.

4.5.3. Menu Plan

4.5.3.1. Plan List

Bandwidth setting is applied to VPN Gateway, depending on the specific bandwidth plan of MCC (ECL2.0 Connectivity) that Customers have subscribed. They can select a specific connectivity plan from the following plans, depending on their necessary transmission speed.

Connectivity Plan

Overview

Best Effort
NTT Com sets the designated bandwidth as the maximum transmission speed.
(Transmission speed may be changed depending on the circuit usage by other Customers)
100Mbps
1Gbps
Guaranteed Bandwidth
NTT Com provides the guaranteed transmission speed up to the designated bandwidth.
10 Mbps
20 Mbps
30 Mbps
40 Mbps
50 Mbps
100 Mbps
200 Mbps
300 Mbps
400 Mbps
500 Mbps
1 Gbps

*The plans above are provided in Data Center in Japan.


4.5.3.2. Subscription Methods & Subscription Types

It is possible to apply for MCC (ECL 2.0 connection) by business portal and application form. By applying from the business portal, it will be possible to open / change / abolish on the same day.

Subscription Types

Subscription Methods

Offered Date

JP1/JP2

Other than JP1 / JP2

Establishment of MCC (ECL 2.0 connection)

NOTE1/3: Operation by Customers via Business Portal

same day

Y *2 N
 

By submitting service order form

7 business days (JP1 / JP2), 1.5 months (other than JP1 / JP2)

Y *2 Y

Modify MCC (ECL2.0 Connectivity) Bandwidth

Application by customer’s own operation via business portal * 1

same day

Y *2 N
 

By submitting service order form

7 business days (JP1 / JP2), 1.5 months (other than JP1 / JP2)

Y *2 Y

Abolition of MCC (ECL 2.0 connection)

Application by customer’s own operation via business portal * 1

same day

Y *2 N
 

By submitting service order form

5 business days (JP1 / JP2), 1.5 months (other than JP1 / JP2)

Y *2 Y

Note

  • It is possible to apply once a day for new establishment, change of bandwidth, and abolition for one MCC (ECL 2.0 connection) contract.
    When changing contract between best effort and guarantee, best effort contract and guarantee contract will have different MCC (ECL 2.0 connection) contract, so it is possible to apply by an abolished construction on the same day.
  • NOTE1: The reception hours from the business portal will be 9: 30-17: 30 Japan time.

  • NOTE2: There are two patterns of contracts of UNO: Japanese Corporation Contract (Cat-J) and Overseas Subsidiary Company Contract (Cat-W). Applications for MCC (ECL 2.0 connection) can not be applied with JP1 / JP2 if the contract of UNO in Japan is an overseas subsidiary company contract (Cat - W).

  • NOTE3: When customers sign up MCC for the first time, UNO contract(V-Number) which is already provisioned is required. Also provisioned UNO L3 Access connection is needed in order to apply via Portal.


4.5.3.3. Important Notes of Subscription

Connection conditions between Enterprise Cloud 2.0 and VPN gateway are as follows.
  • Customers can subscribe multiple of menus for one (1) Tenant; the maximum limit of such subscriptions is 32 for every one (1) Tenant.

  • It is possible to connect to the same VPN from different tenants regardless of the same name or different name.

  • Regardless of the same name or different name, it is possible to connect to the same tenant from different VPNs.

  • It is not possible to connect multiple VPN gateways to the same logical network.

The notes on the composition and use of Universal One are as follows.
  • To use the VPN gateway, a contract of UNO and MCC (ECL 2.0 connection) is mandatory. In response to newly established · changed bandwidth · abolished MCC (ECL 2.0 connection), VPN gateway will be added · changed · deleted.

  • The UNO is divided into a national UNO and an international UNO. The national UNO is required for MCC connection in Japan (JP1 / JP2), and an international UNO contract is required for MCC connection outside Japan (other than JP1 / JP2) .

  • When connecting national and international ECL 2.0 via UNO, please be aware that national and international interconnection agreements are required in addition to national UNO / international UNO contracts.

VPN 全体構成

4.5.4. Terms and Conditions of Use

4.5.4.1. Conditions of Usage with Other Services

This function allows Customers to utilize with all the other menus of Enterprise Cloud 2.0. Customers are duly required to subscribe “MCC (ECL2.0 Connectivity)”, in case of utilizing VPN Gateway.


4.5.5. Pricing

Please ask NTT Com’s PIC of sales for the monthly fee of MCC (ECL2.0 Connectivity) service.


4.5.6. Quality of Service

4.5.6.1. Support Coverage

The functions, described in this “Service Description: VPN Gateway: 2. Function List”, are supported by NTT Com. However, whatever kinds of unknown issues & failures, which is caused by wrong parameter settings (such as routing advertisement) set by Customers after contracting this service, are not supported by NTT Com.


4.5.6.2. Operation

Please refer to the following pages for more information on quality of operation of this function, which is based on the standard one on Enterprise Cloud 2.0. Service Description v1.0: Support


4.5.6.3. SLA

The SLA of this menu is based on the SLA of MCC (ECL2.0 Connectivity). Please ask NTT Com’s PIC of sales for the details of MCC (ECL2.0 Connectivity) service.


4.5.6.4. Notes

MTU size supports up to 1500 bytes.