IBM Cloud Docs

Adding a connection in the UI

To add a connection to a transit gateway, follow these steps:

Open the IBM Cloud console and log in to your account.
Select the Menu icon from the upper left, then click Interconnectivity.
Click Transit Gateway from the left navigation window.
Click the name of the transit gateway where you want to add a connection.

If you are in the expanded view, click View details.
Click Add connection.
Choose and configure the specific network connections that you want to add to your transit gateway. Choices include:
- Classic infrastructure - Allows you to connect to IBM Cloud classic resources.
- VPC - Allows you to connect to your account's VPC resources, or VPC resources from other accounts as well.
- Unbound GRE tunnel - Allows a transit gateway to connect to overlay networks hosted on classic infrastructure resources. For prerequisites and detailed instructions, see Creating an Unbound Generic Routing Encapsulation tunnel connection.
- Direct Link - Creates a network connection to and from Direct Link gateways so that there is a secure connection to on-premises networks and other resources that are connected to the transit gateway.
  
  If you select Direct Link, you must also log in to the Direct Link console (that uses the same IBM Cloud account) and specify Transit Gateway as the type of network connection for your direct link.
- Power Virtual Server - Creates a network connection to and from a Power Virtual Server instance so that there is a secure connection to networks and other resources connected to the transit gateway.
  
  Location: Select a region for the Power Virtual Server workspace.
  
  If you select Power Virtual Server, you must have a Power Virtual Server workspace created in a PER-enabled data center.For a list of PER-enabled data centers, see Getting started with the Power Edge Router.
  
  To find out if your Power Virtual Server workspace is set up correctly, go to the workspace and check the navigation for a Cloud connections page. If there isn't a Cloud connections page, the workspace leverages the Power Edge Router and can be added as a connection to Transit Gateway. Otherwise, you must configure virtual connections with Cloud connections on the Power Virtual Server.
Click Add to create a connection.

Adding a connection from the CLI

Before you begin

Complete these prerequisites to use the Transit Gateway CLI, which is implemented as an IBM Cloud CLI plug-in.

Install the IBM Cloud CLI.
Install the tg-cli/tg CLI plug-in to the IBM Cloud CLI.

To install:
```
ibmcloud plugin install tg
```

If you are going to use the CLI with a Virtual Private Endpoint (VPE), you must set the following variable:

export IBMCLOUD_TG_API_ENDPOINT=private.transit.cloud.ibm.com

To add a connection on the transit gateway from the CLI, enter the following command:

ibmcloud tg connection-create|cc GATEWAY_ID --name NAME --network-type [vpc | directlink | classic] --network-id NETWORK_ID --network-account-id NETWORK-ACCOUNT-ID [--output json] [-h, --help]

Where:

GATEWAY_ID: ID of the gateway that the new connection will be on.
--name: Name for the new connection.
--network-type: Network type of the connection. Values are vpc, directlink, or classic.
--network-id: ID of the network connection. For classic, do not set a value. For vpc and directlink, use the CRN. To find the CRN of a VPC:
```
ibmcloud is vpc VPC_ID --json
```
--network-account-id: ID of the IBM Cloud account to use for creating a classic connection. Only used with 'classic' type, when the account of the connection is different than the gateway's account.
--output JSON: Optional: Specify if you want the output to display in JSON format.
--help | -h: Optional: Get help on this command.

Examples

This example illustrates creating a VPC connection named vpc-connection using vpcCRN="crn:v1:bluemix:public:is:us-south:a/3aa0a9999a1a46258064d84f7f447920::vpc:r134-f87014d5-87d2-46d1-9999-24683082f6bc":

ibmcloud tg cc $gateway --name vpc-connection --network-id $vpcCRN --network-type vpc

Create Classic connection named classic-conn.

ibmcloud tg cc $gateway --name classic-conn --network-type classic

Adding a connection with the API

To add a connection with the API, follow these steps:

Set up your API environment.
Store any additional variables to be used in the API commands.

Request

To add a connection to the transit gateway, adjust the following parameters:

Table 1. Path parameters for adding a connection
Path parameters	Details
transit_gateway_id Required string	The transit gateway identifier

Table 2. Query parameters for adding a connection
Query Parameters	Details
version Required string	Requests the version of the API as of a date in the format `YYYY-MM-DD`. Any date up to the current date may be provided. Specify the current date to request the latest version. Possible values: Value must match regular expression `^[0-9]{4}-[0-9]{2}-[0-9]{2}$`
Request Body Required TransitGatewayConnectionTemplate	The connection template
network_type Required string	Defines the type of network being connected to. For access to `gre_tunnel` connections, contact IBM support. Allowable values: [`classic`,`directlink`,`gre_tunnel`,`unbound_gre_tunnel`,`vpc`] Example: `vpc`
base_connection_id string	The ID of an active transit gateway. `network_type` `gre_tunnel` connections must be created over an existing `network_type` `classic` connection. This field is required for `gre_tunnel` connections and must specify the ID of an active transit gateway network_type `classic` connection in the same transit gateway. Omit `base_connection_id` for any connection type other than `gre_tunnel`. Example: `975f58c1-afe7-469a-9727-7f3d720f2d32`
base_network_type string	Defines the type of network the GRE tunnel is targeting. This field is required for, and only applicable to, `unbound_gre_tunnel` type connections. Allowable value: [`classic`] Example: `classic`
local_gateway_ip string	The local gateway IP address. This field is required for, and only applicable to, `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `192.168.100.1`
local_tunnel_ip string	The local tunnel IP address. This field is required for, and only applicable to, `gre_tunnel` and `unbound_gre_tunnel` type connections. The `local_tunnel_ip` and `remote_tunnel_ip` addresses must be in the same `/30` network. Neither can be the network nor the broadcast addresses. Example: `192.168.129.2`
name Name	The user-defined name for this transit gateway connection. Network type `vpc` connections are defaulted to the name of the VPC. Network type `classic` connections are named 'Classic'. Name specification is required for network `gre_tunnel` and `unbound_gre_tunnel` type connections. Possible values: 1 ≤ length ≤ 63, Value must match regular expression `^([a-zA-Z]
network_account_id AccountID	The ID of the account, which owns the network that is being connected. Generally, only used if the network is in a different account than the gateway. This field is required to be unspecified for network type `gre_tunnel`. Example: `28e4d90ac7504be694471ee66e70d0d5`
network_id string	The ID of the network, which is being connected to this connection. This field is required for some types, such as `vpc` and `directlink`. For network types `vpc` and `directlink` this is the CRN of the VPC / Direct Link gateway respectively. This field is required to be unspecified for `classic`, `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `crn:v1:bluemix:public:is:us-south:a/123456::vpc:4727d842-f94f-4a2d-824a-9bc9b02c523b`
remote_bgp_asn string	The remote network BGP ASN. This field is only applicable to `gre_tunnel` and `unbound_gre_tunnel` type connections. The following ASN values are reserved and unavailable: `0`, `13884`, `36351`, `64512`, `64513`, `65100`, `65200–‍65234`, `65402‍–‍65433`, `65500`, and `4201065000‍–‍4201065999`. If `remote_bgp_asn` is omitted on `gre_tunnel` connection create requests, IBM assigns an ASN. Example: `65010`
remote_gateway_ip string	The remote gateway IP address. This field is required for, and only applicable to, `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `10.242.63.12`
remote_tunnel_ip string	The remote tunnel IP address. This field is required for, and only applicable to, `gre_tunnel` and `unbound_gre_tunnel` type connections. The `local_tunnel_ip` and `remote_tunnel_ip` addresses must be in the same `/30` network. Neither can be the network nor the broadcast addresses. Example: `192.168.129.1`
zone ZoneIdentityByName	For `gre_tunnel` and `unbound_gre_tunnel` type connections, specify the connection's location. The specified availability zone must reside in the gateway's region. Use the IBM Cloud global catalog to list zones within the desired region. This field is required for, and only applicable to, network type `gre_tunnel` and `unbound_gre_tunnel` connections.
name string	Availability zone name. Example: `us-south-1`

Example Request

This example illustrates adding a connection to the transit gateway with the API:

curl -X POST --location --header "Authorization: Bearer {iam_token}" \
  --header "Accept: application/json" \
  --header "Content-Type: application/json" \
  --data '{ "network_type": "vpc" }'
  "
{base_url}/transit_gateways/{transit_gateway_id}/connections?version={version}"

  "base_connection_id": "975f58c1-afe7-469a-9727-7f3d720f2d32",
  "local_gateway_ip": "192.168.100.1",
  "local_tunnel_ip": "192.168.129.2",
  "name": "Transit_Service_BWTN_SJ_DL",
  "network_account_id": "28e4d90ac7504be694471ee66e70d0d5",
  "network_id": "crn:v1:bluemix:public:is:us-south:a/123456::vpc:4727d842-f94f-4a2d-824a-9bc9b02c523b",
  "network_type": "vpc",
  "prefix_filters": [
    {
      "action": "permit",
      "ge": 0,
      "le": 32,
      "prefix": "192.168.100.0/24"
    }
  ],
  "prefix_filters_default": "permit",
  "remote_bgp_asn": 65010,
  "remote_gateway_ip": "10.242.63.12",
  "remote_tunnel_ip": "192.168.129.1"

Response

The following response shows once you initiate the request:

Table 3. Initiation request
Response Body	Details
name Always included* Name	The user-defined name for this transit gateway connection. Possible values: 1 ≤ length ≤ 63, Value must match regular expression `^([a-zA-Z]
network_type Always included* string	Defines what type of network is connected via this connection. The list of enumerated values for this property may expand in the future. Code and processes using this field must tolerate unexpected values. Possible values: [`classic`,`directlink`,`gre_tunnel`,`unbound_gre_tunnel`,`vpc`] Example: `vpc`
id Always included* string	The unique identifier for this Transit Gateway Connection Example: `1a15dca5-7e33-45e1-b7c5-bc690e569531`
created_at Always included* date-time	The date and time that this connection was created
network_id string	The ID of the network being connected via this connection. This field is required for some types, such as `vpc` and `directlink` For network types `vpc` and `directlink` it should be the CRN of the target vpc / gateway respectively. Example: `crn:v1:bluemix:public:is:us-south:a/123456::vpc:4727d842-f94f-4a2d-824a-9bc9b02c523b`
base_connection_id string	network_type `gre_tunnel` connections use `base_connection_id` to specify the ID of a network_type `classic` connection the tunnel is configured over. The specified connection must reside in the same transit gateway and be in an active state. The `classic` connection cannot be deleted until any `gre_tunnel` connections that use it are deleted. This field only applies to and is required for network type `gre_tunnel` connections. Example: `975f58c1-afe7-469a-9727-7f3d720f2d32`
base_network_type string	Defines what type of network the GRE tunnel is targeting. This field is required for, and only applicable to, `unbound_gre_tunnel` type connections. Allowable value: [`classic`] Example: `classic`
local_bgp_asn integer	The local network BGP ASN. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `64490`
local_gateway_ip string	The local gateway IP address. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `192.168.100.1`
local_tunnel_ip string	The local tunnel IP address. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `192.168.129.2`
mtu integer	GRE tunnel MTU. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `9000`
network_account_id AccountID	The ID of the account, which owns the connected network. Generally only used if the network is in a different IBM Cloud account than the gateway. Example: `28e4d90ac7504be694471ee66e70d0d5`
remote_bgp_asn integer	The remote network BGP ASN. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `65010`
remote_gateway_ip string	The remote gateway IP address. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `10.242.63.12`
remote_tunnel_ip string	The remote tunnel IP address. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections. Example: `192.168.129.1`
request_status string	Represents the status of a connection request between IBM Cloud accounts, and is only visible for cross account connections. The list of enumerated values for this property might expand in the future. Code and processes that use this field must tolerate unexpected values. Possible values: [`pending`,`approved`,`rejected`,`expired`,`detached`]
status string	Connection's current configuration state. The list of enumerated values for this property might expand in the future. Code and processes that use this field must tolerate unexpected values. Possible values: [`attached`,`failed`,`pending`,`deleting`,`detaching`,`detached`]
updated_at date-time	The date and time that this connection was last updated
zone ZoneReference	The location of the GRE tunnel. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections.
name Always included* string	Availability zone name Example: `us-south-1`

Table 4. Status codes
Status Code
201	The Transit Gateway connection was created successfully.
400	An invalid connection template was provided.
404	The specified Transit Gateway cannot be found, the specified resource group cannot be found, or the default resource group cannot be found (if the resource group was not specified in the template).
409	The network that is being connected must either be in a location that is considered "local" to the specified Transit Gateway, or the specified Transit Gateway needs to be global. The network that is being connected cannot already be connected to another Transit Gateway.

Example Response

This example response illustrates that the connection was created successfully:

{
  "name": "Transit_Service_BWTN_SJ_DL",
  "network_id": "crn:v1:bluemix:public:is:us-south:a/123456::vpc:4727d842-f94f-4a2d-824a-9bc9b02c523b",
  "network_type": "vpc",
  "id": "1a15dca5-7e33-45e1-b7c5-bc690e569531",
  "base_connection_id": "975f58c1-afe7-469a-9727-7f3d720f2d32",
  "created_at": "2022-02-18T16:51:50.748Z",
  "local_bgp_asn": 64490,
  "local_gateway_ip": "192.168.100.1",
  "local_tunnel_ip": "192.168.129.2",
  "mtu": 9000,
  "network_account_id": "28e4d90ac7504be694471ee66e70d0d5",
  "prefix_filters": [
    {
      "action": "permit",
      "before": "1a15dcab-7e40-45e1-b7c5-bc690eaa9782",
      "created_at": "2022-02-18T16:51:50.748Z",
      "ge": 0,
      "id": "1a15dcab-7e30-45e1-b7c5-bc690eaa9865",
      "le": 32,
      "prefix": "192.168.100.0/24",
      "updated_at": "2022-02-18T16:51:50.748Z"
    }
  ],
  "prefix_filters_default": "permit",
  "remote_bgp_asn": 65010,
  "remote_gateway_ip": "10.242.63.12",
  "remote_tunnel_ip": "192.168.129.1",
  "request_status": "pending",
  "status": "attached",
  "updated_at": "2022-02-18T16:51:50.748Z",
  "zone": {
    "name": "us-south-1"
  }
}

For more information (including Java, Node, Python, and Go examples), see "Add Connection to a Transit Gateway" in the Transit Gateway API reference.

Adding a connection by using Terraform

Review the following argument references that you can specify for your resource when you create a connection for a transit gateway using Terraform:

Table 5. Terraform argument references for creating a connection
Argument	Details
base_connection_id Optional Forces new resource string	The ID of a network_type 'classic' connection a tunnel is configured over. This field only applies to network type `gre_tunnel` connections.
base_network_type Optional Forces new resource string	The base network type. Allowed values are `classic`. This field only applies to `unbound_gre_tunnel` type connections.
gateway Required Forces new resource string	Enter the transit gateway identifier.
local_gateway_ip Optional Forces new resource string	The local gateway IP address. This field is required for, and only applicable to, `gre_tunnel` and `unbound_gre_tunnel` type connections.
local_tunnel_ip Optional Forces new resource string	The local tunnel IP address. This field is required for, and only applicable to, `gre_tunnel` and `unbound_gre_tunnel` type connections.
name Optional string	The connection name. If the name is not given, a default name is provided based on the network type, such as `vpc` for network type VPC and `classic` for network type classic.
network_account_id Optional Forces new resource string	The ID of the network connected account. This is used if the network is in a different account than the gateway.
network_type Required Forces new resource string	The network type. Allowed values are `classic`, `directlink`, `gre_tunnel`, `unbound_gre_tunnel`, and `vpc`.
network_id Optional Forces new resource string	The ID of the network that is being connected to through this connection. This parameter is required for network type `vpc` and `directlink`, the CRN of the VPC or direct link gateway to be connected. This field is required to be unspecified for network type `classic`. Example:`crn:v1:bluemix:public:is:us-south:a/123456::vpc:4727d842-f94f-4a2d-824a-9bc9b02c523b`
remote_bgp_asn Optional Forces new resource integer	The remote network BGP ASN (will be generated for the connection if not specified). This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections.
remote_gateway_ip Optional Forces new resource string	The remote gateway IP address. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections.
remote_tunnel_ip Optional Forces new resource string	The remote tunnel IP address. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections.
zone Optional Forces new resource string	The location of the GRE tunnel. This field only applies to `gre_tunnel` and `unbound_gre_tunnel` type connections.

Example

This example illustrates creating a transit gateway connection that uses Terraform:

resource "ibm_tg_connection" "test_ibm_tg_connection" {
  gateway      = ibm_tg_gateway.test_tg_gateway.id
  network_type = "vpc"
  name         = "myconnection"
  network_id   = ibm_is_vpc.test_tg_vpc.resource_crn
}