Ordering IBM Cloud Transit Gateway
To order IBM Cloud Transit Gateway, you must determine the location connecting to IBM Cloud, complete the required configuration information, and then submit your order.
Creating a transit gateway in the UI
To get started using IBM Cloud Transit Gateway, follow these steps:
-
Review requirements and configuration considerations in Planning for Transit Gateway.
-
From your browser, open the IBM Cloud catalog and log in to your account.
-
Select Networking in the navigation pane, then click the Transit Gateway tile. The Transit Gateway ordering page displays.
You can also access the ordering page from the IBM Cloud console by selecting the Menu icon
on the upper left of the page. Then,
select Interconnectivity > Transit Gateway and click the Create transit gateway button. -
Enter a name for the transit gateway and choose a resource group. You can select a resource group from the list, or keep the default selection.
-
Choose a routing option:
All of your classic resources and Direct Link connections across MZRs can be accessed regardless of whether local or global routing is enabled.
- Select Local routing to allow your transit gateway to connect to all VPC and classic resources within the transit gateway's provisioned region.
- Select Global routing to allow your transit gateway to connect to VPC resources in all IBM Multi-Zone Regions (MZRs).
You can upgrade routing options at a later point if your needs change. Pricing is changed accordingly.
-
Choose the location where you want to provision your transit gateway.
If you are using local routing, the specified location limits you to connect VPCs located in that region only. If you are using global routing, the specified location affects network latency, so choose the region closest to the resources that you need connected.
-
Add connections to your transit gateway now, or after it has been provisioned.
-
Select the network connection to be attached to the transit gateway. To add connections later, see Adding a connection.
You can add a new connection on the same account as the connection type, or request to connect to a network in another account.
Select from the following connection types:
-
Classic infrastructure networks allow you to connect to IBM Cloud classic resources. Only one classic infrastructure connection is allowed per account.
-
VPC networks can contain compute resources, allowing you to connect to your account's VPC resources, or, with approval, another account's VPC resources.
-
Unbound GRE tunnel allows a transit gateway to connect to overlay networks hosted on classic infrastructure resources. For more information, see Creating an Unbound Generic Routing Encapsulation tunnel connection.
-
Direct Link creates a network connection to and from Direct Link gateways so that there is a secure connection to on-premises networks and other resources connected to the transit gateway.
If you select Direct Link, you must also log in to the Direct Link console and specify Transit Gateway as the type of network connection for your direct link.
-
Power Virtual Server - Creates a network connection to a Power Virtual Server workspace to access the resources in a Power Virtual Server colo.
If you select Power Virtual Server, a Power Virtual Server workspace must be created in a PER-enabled data center. For a list of PER-enabled data centers, see Getting started with the Power Edge Router.
-
-
After you select a network connection, choose a connection reach option:
-
Add new connection in this account - Enter an optional connection name and any other required information for your connection.
For Power Virtual Server, select a location for the Power Virtual Server workspace. Then, select from the list of Power Virtual Server workspaces that are enabled for Transit Gateway. Keep in mind that not all Power Virtual Server workspaces show in this menu.
-
Request connection to a network in another account - Enter either the IBM Cloud ID or Cloud Resource Name (CRN) of the account that manages the network where you want to connect. Then, complete any remaining information. All resources connected to that transit gateway will be accessible from the other network. For more information, including how to obtain the Cloud ID or CRN, see Adding a cross-account connection.
- IBM Cloud ID - Required by Classic infrastructure and Unbound GRE connections.
- CRN - Required by VPC, Direct Link, and Power Systems Virtual Server connections.
To find out if your Power Systems Virtual Server workspace is set up correctly, go to the Power Systems Virtual Server UI and check the navigation for a Cloud connections page. If there isn't a Cloud connections page, the workspace leverages Transit Gateway. Otherwise, you must configure virtual connections with Cloud connections on the Power Systems Virtual Server.
-
-
-
Optionally, you can create prefix filters to permit or deny specific routes on specific connections. For prefix filtering considerations and step-by-step instructions, see Adding and deleting prefix filters.
To begin, expand the drop-down arrow in the upper right of the Prefix filtering section, and complete the following information:
-
Select the default filter that you want to use. You can either permit (default) or deny all prefixes.
The default filter is applied only if you don't create prefix filters that bypass this default setting.
-
Click Create prefix filter to open the side panel and start creating prefix filters. In turn, your prefix filters are added to an ordered list that is processed sequentially.
-
Click Save to save your changes.
-
-
View Terms on the right of the page.
-
Click Create to complete your order.
Creating a transit gateway from the CLI
Before you begin
Complete these prerequisites to use the Transit Gateway CLI, which is implemented as an IBM Cloud CLI plug-in.
-
Install the IBM Cloud CLI.
-
Install the
tg-cli/tgCLI plug-in to the IBM Cloud CLI.To install:
ibmcloud plugin install tg
If you are going to use the CLI with a Virtual Private Endpoint (VPE), you must set the following variable:
export IBMCLOUD_TG_API_ENDPOINT=private.transit.cloud.ibm.com
Creating a transit gateway from the CLI
To create a transit gateway from the CLI, enter the following command:
ibmcloud tg gateway-create|gwc --name NAME --location LOCATION [--routing ROUTING] [--resource-group-id RES_GROUP_ID] [--output json] [-h, --help]
Where:
- --name - Name for the new gateway.
- --location - Location of the gateway (see possible values by using :
ibmcloud tg locations) - --routing - Gateway routing of resources (
global|local). Useglobalto connect resources across regions. The default value islocal. - --resource-group-id - Optional: Gateway resource group ID. Uses the default resource group, if not specified.
- --output json - Optional: Specify to display the output in JSON format.
- --help | -h - Optional: Get help on this command.
Example
The following example illustrates creating a gateway named myGateway in us-south with local routing and using the default resource group:
ibmcloud tg gwc --name myGateway --location us-south
Creating a transit gateway using the API
Follow these instructions to create a transit gateway with the API:
- Set up your API environment.
- Store any additional variables to be used in the API commands.
Request
To create a transit gateway, adjust the following parameters:
| Query parameters | Information |
|---|---|
| version Required string |
Requests the version of the API as of a date in the format YYYY-MM-DD. Any date up to the current date may be provided. Specify the current date to request the latest version.Possible values: Value must match regular expression ^[0-9]{4}-[0-9]{2}-[0-9]{2}$ |
| Request Body Required TGCreateTemplate |
The Transit Gateway Template |
| location Required string |
Location of Transit Gateway Services Example: us-south |
| name Required Name |
Name Transit Gateway Services Possible values: 1 ≤ length ≤ 63, Value must match regular expression `^([a-zA-Z] |
| global boolean |
Allow global routing for a transit gateway. If unspecified, the default value is false.Default: falseExample: true |
| resource_group ResourceGroupIdentity |
The resource group to use. If unspecified, the account’s default resource group is used. |
| id Required string |
The unique identifier for this resource group Possible values: Value must match regular expression ^[0-9a-f]{32}$Example: 56969d6043e9465c883cb9f7363e78e8 |
Example Request
This example illustrates creating a transit gateway with the API:
curl -X POST --location --header "Authorization: Bearer
{iam_token}" \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '{ "location": "us-south", "name": "Transit_Service_BWTN_SJ_DL" }' \
"{base_url}/transit_gateways?version={version}"
Response
The following response shows once you initiate the request:
| Response Body | Details |
|---|---|
| id Always included ID |
The unique identifier for this transit gateway Example: ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4 |
| crn Always included CRN |
The CRN for this transit gateway Example: crn:v1:bluemix:public:transit:dal03:a/57a7d05f36894e3cb9b46a43556d903e::gateway:ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4 |
| name Always included string |
A human readable name for the transit gateway Possible values: 1 ≤ length ≤ 63, Value must match regular expression `^([a-zA-Z] |
| location Always included string |
Location of the transit gateway Example: us-south |
| created_at Always included boolean |
Allow global routing for a transit gateway Example: true |
| status Always included string |
The status of the transit gateway. The list of enumerated values for this property may expand in the future. Code and processes using this field must tolerate unexpected values. Possible values: [ available,failed,pending,deleting] |
| resource_group ResourceGroupReference |
The resource group to use. If unspecified, the account's default resource group is used. |
|
The unique identifier for this resource group Possible values: Value must match regular expression ^[0-9a-f]{32}$Example: 56969d6043e9465c883cb9f7363e78e8 |
|
The URL for this resource group Possible values: Value must match regular expression ^http(s)?://([^/?#]*)([^?#]*)(?([^#]*))?(#(.*))?$Example: https://resource-manager.bluemix.net/v1/resource_groups/56969d6043e9465c883cb9f7363e78e8 |
| updated_at date-time |
The date and time that this gateway was last updated. |
| Status Code | |
|---|---|
| 201 | The transit gateway was created successfully. |
| 400 | An invalid transit gateway template was provided. |
| 404 | A transit gateway location could not be found for the identifier given in the template, a resource group could not be found for the given resource group identifier, or the default resource group could not be found for the account (if no resource group identifier was supplied). |
| 409 | The transit gateway could not be created as a transit gateway with the same name already exists. |
Example Response
This example response illustrates that the transit gateway was created successfully:
{
"created_at": "2020-03-31T12:08:05Z",
"crn": "crn:[...]",
"global": true,
"id": "ef4dcb1a-fee4-41c7-9e11-9cd99e65c1f4",
"location": "us-south",
"name": "example-gateway",
"resource_group": {
"id": "56969d6043e9465c883cb9f7363e78e8"
},
"status": "pending",
"updated_at": "2020-03-31T12:08:05Z"
}
For more information (including Java, Node, Python and Go examples), see "Creates a Transit Gateway" in the Transit Gateway API reference.
Creating a transit gateway using Terraform
Review the following argument references that you can specify for your resource when creating a transit gateway using Terraform:
| Argument | Details |
|---|---|
| location Optional Forces new resource integer |
The location of the transit gateway. Example: us-south |
| name Required string |
The unique user-defined name for the gateway. Example: myGateway |
| global Required boolean |
The gateways with global routing (true) are able to connect to networks outside their associated region. |
| resource_group Optional Forces new resource string |
The resource group ID where the transit gateway is to be created. |
Example
This example illustrates creating a transit gateway in Terraform:
resource "ibm_tg_gateway" "new_tg_gw"{
name="transit-gateway-1"
location="us-south"
global=true
resource_group="30951d2dff914dafb26455a88c0c0092"
}