Home >Documents >Enterprise Cloud 2.0 Tutorial v2.43.3 > 5. Network / SD-Exchange > 5.1. How to use Network / SD-Exchange menu >5.1.3. VPN Connectivity

5.1.3. VPN Connectivity

Enterprise Cloud 2.0 allows connection with your Arcstar Universal One (hereafter Universal One).

The overall flow are as follows.

5.1.3.1. How to subscribe to VPN Connectivity (Multi-Cloud Connect)

• To connect Enterprise Cloud 2.0 with Universal One, application for Multi-Cloud Connect needs to be made.

• On the control panel, select and open the "VPN Connection ".

Note

• For application from the business portal, check the conditions below:

  • The time slot for acceptance through the business portal is 9:30 am to 5:30 pm on weekdays, Japan time. Applications are not accepted on weekends, national holidays, and year-end/new year holidays (12/29 to 1/3).

  • After contract information on Arcstar Universal One is shown on the portal, the portal application function is available. Approx. 10 days after the work is finished, the contract information is shown.

  • For new application of Multi-Cloud connect, it is assumed to possess a completed UNO-representative contract (V number). For application from the portal, a completed UNO L3 access line is needed.

  • When subsequently inputting an order for the same VPN number, input the next order after the previous order was accepted or an error occurred.

  • For UNO contracts, two patterns are available: Japanese-subsidiary contract (Cat-J) and overseas-affiliated-company contract (Cat-W). In the case where the contract of Japanese domestic UNO is an overseas-affiliated-company contract (Cat-W), application for MCC (ECL2.0 connections) cannot be made in the Japanese region.

  • Inquiries about API application are accepted by the portal 24 hours a day, every day of the year. The time slot for dealing with failures is 9:30 am to 5:30 pm on weekdays, Japan time.

  • For the Japanese region, check the conditions below:

    • For new setup, bandwidth change, and abolishment regarding one MCC (ECL2.0 connections), application can be made once a day.

    • As for contract change between best effort and guarantee, applications for abolishment and setup can be made on the same day because the best effort contract and guarantee contract are treated as different MCC (ECL2.0 connections) contracts.

  • For overseas regions, check the conditions below:

    • Regarding the line applied for with an application form, applications for band change and abolishment cannot be made through the business portal.

• In the Japanese region, only applications made through the business portal are accepted. For any inquiries, contact your sales representative.

The display shifts to the page below ".

Note

• The manual of Universal One portal is available on Universal One portal screen.

• Please refer to the manual on Universal One portal.

• For the usage of Universal One portal, make inquiries as follows with tickets of the business portal.

• Creation of a new ticket -> Network -> Arcstar Universal One -> Inquiry about the application

• In the application process, the consent items need to be agreed with. After checking the consent items shown on the screen, check the checkbox for "Agree with the items above ".

• Select a VPN group and application location, and then click "Next ".

• Make entries for application items regarding a request, and then click "Next ". If the stipulator information or applicant information are inappropriate, contact your sales representative.

• Regarding the "Tenant ID" item, the tenant ID of Enterprise Cloud 2.0 of the same contract can be selected from the pull-down menu.

• To connect with Enterprise Cloud 2.0 of another contract not listed in the pull-down menu, select "Others ", and then enter a tenant ID, API key, and API secret key.

Note

• When the application is made, the IP address (/29) for connecting the tenant of this service and Universal One is needed. Regarding Universal One, duplicate/included addresses cannot be specified.

• The tenant ID of the tenant to be connected with Universal One, the API key of the current user and the API secret key are needed. For the methods for checking the ID and API keys, refer to Checking various kinds of information .

• To connect Universal One under another name with Enterprise Cloud 2.0, the following needs to be performed:

  • As the contract-subjected user of Universal One to be connected with, the Universal One portal needs to be logged in again to make application. Single Sign-On linkage is possible only for the same name.

  • Tenant ID, API key, and API secret key information regarding ECL2.0 needs to be acquired and conveyed to the person in charge of application of Universal One.

  • Access authority to ECL2.0 is conveyed, and thus appropriate authority management must be performed. ECL2.0 authority management can be performed with the functions described in API authority management . For application of VPN connections, only connection authentication authority with the ECL2.0 foundation is needed. Refer to Tutorial: Authority setting example for allowing access to Keystone to make the settings.

• The IP address (/29) of a connection segment is assigned as follows:

  • The first-half /30 is applied to the ACT line, and the second-half /30 is applied to the SBY line.

  • The lower numbers of individual segment addresses are applied to the UNO side, and the higher numbers are assigned to the cloud side.

• On the request detail check screen, check that the contents of the individual items are correct. Click the "OK " button to confirm the application request.

Note

• To make another application after clicking "OK " button on the browser in use.

• Once the network address for the connection segment is determined, it cannot be changed immediately. If it is entered and confirmed by mistake, please correct it by abolishing or newly establishing the MCC (ECL2.0 connection) contract. The modified reception hours are 9: 00-17: 30 on weekdays in Japan, and you can apply once a day.

• The status of the request can be checked with "Application History ".

• Please confirm that the status of the request is "Pending" on the "Order History" screen. If the status is "Completed", the service will be opened and billing according to the menu will start.

5.1.3.2. Setting up the VPN Connectivity (Gateways)

Once the VPN Connectivity has been completely done after you subscription, the information in its subscription will display as below:

Adding a Gateway Interface

Click the name of the displayed VPN Gateways, then display **VPN Gateway Details**". "

To connect a Logical Network to the VPN Gateway, you need to set up a new Gateway Interface.

Select the **Gateway Interface**" tab, then click "Add Gateway Interface"."

Input the following items, when your adding a new Gateway Interface.

Name	You can choose any name for the Internet Gateway.
Description	This can be set to reflect the descriptions of Internet Connectivity (Gateway).
A Logical Network to be Connected to the Internet (the Connected Logical Network")"	Specify a destination Logical Network to be connected to your Universal One.
Gateway IPv4 Address	Specify the IP Address to be assigned to the Gateway. Assign this Gateway’s IP Address within the IP Address range of the existing Logical Network.
Primary Device IPv4 Address	Specify a primary IP Address for the Internet Gateway. Assign the IP Address within the range of the existing Logical Network’s IP Address.
Secondary Device IPv4 Address	Specify the Secondary IP Address of the Internet Gateway. Assign this IP Address within the IP Address range of the existing Logical Network.
VRRP Group ID	The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available Internet Protocol (IP) routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.nYou can utilize the Internet Gateway with designing a redundant configuration at a VRRP. In that case, you are required to specify the Group ID of the VRRP.

Note

The default value of Gateway Interface VRRP (Virtual Router Redundancy Protocol) Group ID is set as 2". Therefore, in case that VRRP ID overlaps upon one Logical Network, the transmission may not work properly. So, you are advised to duly modify the value, if you use VRRP Group ID "2" at other devices."

Add a Static Route

If you create a Static Route to a Logical Network, click the [ Static Route ] tab. Once the [ Add Static Route ] tab will display, click [ Add Static Route ] at the [ Static Route ] tab.

NOTE: Anything about the Routing information, set up in Add Static Route", will be advertised as a BGP Route to the Universal One side."

5.1.3.3. Bandwidth Modification of VPN Connectivity (Multi-Cloud Connect)

Move to the VPN Connectivity upon a Control Panel.

Clicking "VPN Connection Application " button.

Check the contract information, and select "Bandwidth Change ".

In the application process, the consent items need to be agreed with. After checking the consent items shown on the screen, check the checkbox for "Agree with the items above ".

Select a bandwidth value to be changed, and then click "Next ".

On the request detail check screen, check that the contents of the individual items are correct. Click the "OK" button to confirm the application request.

5.1.3.4. Terminating a VPN Connectivity (Multi-Cloud Connect) .

Move to the VPN Connectivity upon a Control Panel.

Clicking "VPN Connection Application " button.

Check the contract information, and select "Cancel ".

In the application process, the consent items need to be agreed with. After checking the consent items shown on the screen, check the checkbox for "Agree with the items above ".

On the request detail check screen, check that the contents of the individual items are correct. Click the "OK " button to confirm the application request.

5.1.3.5. Changing from best effort contract to guarantee contract in terms of VPN connections (Multi-Cloud Connect)

• The two methods below are available to change from best effort contract to guarantee contract.

• Select either one depending on the customer's environment.

Pattern 1

• This method asks to generate new VPN connections beforehand and switch.

• Communication disconnection occurs for approx. 1 hour. (Depending on the number of static routes, the duration of communication disconnection may exceed 1 hour.)

• Note that the IP address (/30×2) of the segment which connects an ECL2.0 tenant with Universal One changes.

Note

• The time slot for acceptance through the business portal is 9:30 am to 5:30 pm on weekdays, Japan time. Applications are not accepted on weekends, national holidays, and year-end/new year holidays (12/29 to 1/3).

Application for new VPN connections

• First, newly apply for VPN connections.

• Check with 3.3.1. Application for VPN connections (Multi-Cloud Connect) ; and

• 3.3.2. Setting a VPN connection gateway

  .

Note

• Specify an IP address range which differs from that of the segment which connects a tenant of an existing VPN service with Universal One.

Disconnection of a logical network having existing VPN connections made

• Click the "Gateway Interface ".

• It takes several minutes to finish the deletion of the gateway interface.

Note

• After this item is executed, communication disconnection occurs.

Static route deletion through existing VPN connections

• Click the "Static Route ".

• It takes several minutes to delete one static route.

Connection of a logical network through mew VPN connections

• Connect a logical network through mew VPN connections.

• For details, refer to 3.3.2.1. Addition of gateway interface .

Static route setting through new VPN connections

• Set a static route through new VPN connections.

• For details, refer to 3.3.2.2. Addition of a static route .

Note

• After this item is executed, communication recovery is made.

Cancel of existing VPN connections

• Cancel existing VPN connections.

• For details, refer to 3.3.4. Cancel of VPN connections (Multi-Cloud Connect) .

Pattern 2

• This method asks to cancel existing VPN connections and then apply for new VPN connections, to switch.

• Communication disconnection occurs for approx. 4 hours. (Depending on the number of static routes, the duration of communication disconnection may exceed 4 hours.)

• The segment which connects a tenant of an existing VPN service with Universal One does not need to be changed.

Note

• The time slot for acceptance through the business portal is 9:30 am to 5:30 pm on weekdays, Japan time. Applications are not accepted on weekends, national holidays, and year-end/new year holidays (12/29 to 1/3).

• Be careful with the execution timing of "Cancel Existing VPN Connections ".

Cancel of existing VPN connections

• First, cancel existing VPN connections.

• For details, refer to 3.3.4. Cancel of VPN connections (Multi-Cloud Connect) .

Note

• After this item is executed, communication disconnection occurs.

Application for new VPN connections

• Next, apply for new VPN connections.

• Check with 3.3.1. Application for VPN connections (Multi-Cloud Connect) ; and

• 3.3.2. Setting a VPN connection gateway

  .

Note

• It is also possible to specify the same IP address range as of the segment which connects a tenant of an existing VPN service with Universal One.

Connection of a logical network through mew VPN connections

• Connect a logical network through mew VPN connections.

• For details, refer to 3.3.2.1. Addition of gateway interface .

Static route setting through new VPN connections

• Set a static route through new VPN connections.

• For details, refer to 3.3.2.2. Addition of a static route .

Note

• After this item is executed, communication recovery is made.

---

5.1.2. Internet Connectivity

5.1.4. Flexible InterConnect ECL2.0 Connection