Ordering IBM Cloud Transit Gateway
To order IBM Cloud Transit Gateway, you must determine the location connecting to IBM Cloud, complete the required configuration information, and then submit your order.
Creating a transit gateway in the UI
To get started using IBM Cloud Transit Gateway, follow these steps:
-
Review requirements and configuration considerations in Planning for Transit Gateway.
-
From your browser, open the IBM Cloud catalog and log in to your account.
-
Select Networking in the navigation pane, then click the Transit Gateway tile. The Transit Gateway ordering page displays.
You can also access the ordering page from the IBM Cloud console by selecting the Navigation Menu icon on the upper left of the page. Then, select Interconnectivity > Transit Gateway and click Create transit gateway.
-
Enter a name for the transit gateway and choose a resource group. You can select a resource group from the list, or keep the default selection.
-
Choose a routing option:
All of your classic resources and Direct Link connections across MZRs can be accessed regardless of whether local or global routing is enabled.
- Select Local routing to allow your transit gateway to connect to all VPC and classic resources within the transit gateway's provisioned region.
- Select Global routing to allow your transit gateway to connect to VPC resources in all IBM Multi-Zone Regions (MZRs).
You can upgrade routing options at a later point if your needs change. Pricing is changed accordingly.
-
Choose the location where you want to provision your transit gateway.
If you are using local routing, the specified location limits you to connect VPCs located in that region only. If you are using global routing, the specified location affects network latency, so choose the region closest to the resources that you need connected.
-
Add connections to your transit gateway now, or after it has been provisioned.
-
Select the network connection to be attached to the transit gateway. To add connections later, see Adding a connection.
You can add a new connection on the same account as the connection type, or request to connect to a network in another account.
Select from the following connection types:
-
VPC networks can contain compute resources, allowing you to connect to your account's VPC resources, or, with approval, another account's VPC resources.
-
Classic infrastructure networks allow you to connect to IBM Cloud classic resources. Only one classic infrastructure connection is allowed per account.
-
Redundant GRE tunnel allows unbound GRE tunnels to connect to endpoints in either VPC or classic infrastructure networks, thus allowing you to build in redundancy for GRE tunnels. For more information, see Creating a redundant GRE tunnel.
-
Direct Link creates a network connection to and from Direct Link gateways so that there is a secure connection to on-premises networks and other resources connected to the transit gateway.
If you select Direct Link, you must also log in to the Direct Link console and specify Transit Gateway as the type of network connection for your direct link.
-
Power Virtual Server - Creates a network connection to a Power Virtual Server workspace to access the resources in a Power Virtual Server colo.
If you select Power Virtual Server, a Power Virtual Server workspace must be created in a PER-enabled data center. For a list of PER-enabled data centers, see Getting started with the Power Edge Router.
-
Unbound GRE tunnel allows a transit gateway to connect to overlay networks hosted on classic infrastructure resources. For more information, see Creating an unbound GRE tunnel.
-
-
After you select a network connection, choose a connection reach option:
-
Add new connection in this account - Enter a connection name and any other required information for your connection.
For Power Virtual Server, select a location for the Power Virtual Server workspace. Then, select from the list of Power Virtual Server workspaces that are enabled for Transit Gateway. Keep in mind that not all Power Virtual Server workspaces show in this menu.
-
Request connection to a network in another account - Enter either the IBM Cloud ID or Cloud Resource Name (CRN) of the account that manages the network where you want to connect. Then, complete any remaining information. All resources connected to that transit gateway will be accessible from the other network. For more information, including how to obtain the Cloud ID or CRN, see Adding a cross-account connection.
- IBM Cloud ID - Required by Classic infrastructure and unbound GRE tunnels.
- CRN - Required by VPC, Direct Link, and Power Systems Virtual Server connections.
To find out if your Power Systems Virtual Server workspace is set up correctly, go to the Power Systems Virtual Server UI and check the navigation for a Cloud connections page. If there isn't a Cloud connections page, the workspace leverages Transit Gateway. Otherwise, you must configure virtual connections with Cloud connections on the Power Systems Virtual Server.
-
-
-
Optionally, you can create prefix filters to permit or deny specific routes on specific connections. For prefix filtering considerations and step-by-step instructions, see Adding and deleting prefix filters.
To begin, expand the drop-down arrow in the upper right of the Prefix filtering section, and complete the following information:
-
Select the default filter that you want to use. You can either permit (default) or deny all prefixes.
The default filter is applied only if you don't create prefix filters that bypass this default setting.
-
Click Create prefix filter to open the side panel and start creating prefix filters. In turn, your prefix filters are added to an ordered list that is processed sequentially.
-
Click Save to save your changes.
-
-
View Terms on the right of the page.
-
Click Create to complete your order.
Creating a transit gateway from the CLI
Before you begin, complete these prerequisites to use the Transit Gateway CLI, which is implemented as an IBM Cloud CLI plug-in.
-
Install the IBM Cloud CLI.
-
Install the
tg-cli/tg
CLI plug-in to the IBM Cloud CLI.To install:
ibmcloud plugin install tg
If you are going to use the CLI with a Virtual Private Endpoint (VPE), you must set the following variable:
export IBMCLOUD_TG_API_ENDPOINT=private.transit.cloud.ibm.com
To create a transit gateway from the CLI, enter the following command:
ibmcloud tg gateway-create|gwc --name NAME --location LOCATION [--routing ROUTING] [--resource-group-id RES_GROUP_ID] [--output json] [-h, --help]
Where:
- --name - Name for the new gateway.
- --location - Location of the gateway (see possible values by using :
ibmcloud tg locations
) - --routing - Gateway routing of resources (
global
|local
). Useglobal
to connect resources across regions. The default value islocal
. - --resource-group-id - Optional: Gateway resource group ID. Uses the default resource group, if not specified.
- --output json - Optional: Specify to display the output in JSON format.
- --help | -h - Optional: Get help on this command.
Example
The following example illustrates creating a gateway named myGateway
in us-south with local routing and using the default resource group:
ibmcloud tg gwc --name myGateway --location us-south
Creating a transit gateway using the API
Follow these steps to create a transit gateway with the API:
-
Set up your API environment.
-
Store any additional variables to be used in the API commands.
-
When all variables are initiated, create the transit gateway:
curl -X POST --location --header "Authorization: Bearer {iam_token}" \ --header "Accept: application/json" \ --header "Content-Type: application/json" \ --data '{ "location": "us-south", "name": "Transit_Service_BWTN_SJ_DL" }' \ "{base_url}/transit_gateways?version={version}"
For more information, see Creates a Transit Gateway in the Transit Gateway API reference.
Creating a transit gateway using Terraform
Review the following argument references that you can specify for your resource when creating a transit gateway using Terraform:
Argument | Details |
---|---|
location Optional Forces new resource integer |
The location of the transit gateway. Example: us-south |
name Required string |
The unique user-defined name for the gateway. Example: myGateway |
global Required boolean |
The gateways with global routing (true) are able to connect to networks outside their associated region. |
resource_group Optional Forces new resource string |
The resource group ID where the transit gateway is to be created. |
Example
This example illustrates creating a transit gateway in Terraform:
resource "ibm_tg_gateway" "new_tg_gw"{
name="transit-gateway-1"
location="us-south"
global=true
resource_group="30951d2dff914dafb26455a88c0c0092"
}