How to Create a Partner Attachment

DigitalOcean’s Partner Network Connect lets you establish high-bandwidth, low-latency network connections directly between DigitalOcean VPC networks and other public cloud providers or on-premises datacenters.

Creating a full end-to-end connection has four main steps:

1. Create a partner attachment on DigitalOcean.
2. Create a Megaport Cloud Router (MCR) on Megaport. You can use an existing MCR if it applies. For specialized setups, such as connecting to an existing on-premises Megaport port, you may not need an MCR at all.
3. Create a Virtual Cross Connection (VXC) on the Megaport Cloud Router and connect it to the partner attachment.
4. Create a connection from Megaport to another cloud provider or on-premesis network.

This document covers how to create a partner attachment on DigitalOcean and connect it to your Megaport Cloud Router. To help you complete the other side of the connection, see Connect Megaport to Other Clouds or On-premises Datacenters for links to relevant Megaport resources for common partner networks.

Create a Partner Attachment

A partner attachment is a point of connection between DigitalOcean and Megaport. Partner attachments exist in a DigitalOcean region and can connect VPCs from any datacenter within that region.

You can create partner attachments via the control panel or the DigitalOcean API.

Control Panel

Go to the Multi-cloud Integrations tab in the Networking section of the control panel, then click Create Partner Attachment.

On the creation page, configure the following options:

1. Choose a region: partner attachments serve an entire region, not a specific datacenter within the region.
2. Choose VPC networks: select up to five VPC network from any datacenter within the chosen region. The VPC network list is automatically filter based on the region selected.
3. Choose a bandwidth plan: plans are based on the maximum reserved bandwidth capacity. Transfer is unmetered.
4. Configure Border Gateway Protocol settings: useable defaults are provided for all options, but you may update the BGP authentication key, Peer ASN, and local and peer router IP addresses.
5. Finalize the partner attachment by optionally creating a unique name for it. You can change the name at any time.

Review your total cost in the summary area at the upper-right corner of the control panel, then click Create partner attachment to create the partner attachment.

Once your partner attachment is created, you’re taken to its details page:

Click Continue to view the configuration details needed to complete setup on Megaport. This includes a service key and the BGP details you provided earlier. You use the service key once during Megaport setup. The BGP details remain available and editable in the partner attachment’s Settings tab.

Proceed to the next step to complete the connection with Megaport.

API

Send a POST request to the /v2/partner_network_connect/attachments endpoint with a JSON payload like the following:

curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DO_TOKEN" \
  --data-binary @- \
  "https://api.digitalocean.com/v2/partner_network_connect/attachments" <<EOF
{
  "name": "<attachment-name>",
  "connection_bandwidth_in_mbps": 1000,
  "region": "AMS",
  "naas_provider": "MEGAPORT",
  "vpc_ids": [
    "c140286f-e6ce-4131-8b7b-df4590ce8d6a",
    "994a2735-dc84-11e8-80bc-3cfdfea9fba1"
  ]
}
EOF

Update these configuration options in your request:

• name: The name of the partner attachment. It can include uppercase or lowercase letters, numbers, and hyphens (-).
• connection_bandwidth_in_mbps: The reserved bandwidth in Mbps. It must match one of the capacities listed on the pricing page, or the API returns the error invalid connection bandwidth rate provided. Bandwidth is measured in metric units (for example, 5 Gbps is entered as 5000).
• region: Region where the partner attachment is created.
• vpc_ids: List of DigitalOcean VPC IDs to attach to the partner attachment. You can use doctl vpcs list to view your VPCs, their regions, and IDs.

The API response should look similar to the example below. It includes the ID of the new resource (1cf0aad8-292b-40f8-9d32-1fbde6e04991 in this example) and the generated BGP configuration (excluding the auth key).

{
  "partner_attachment": {
    "id": "1cf0aad8-292b-40f8-9d32-1fbde6e04991",
    "name": "example-ams",
    "urn": "do:partner_attachment:1cf0aad8-292b-40f8-9d32-1fbde6e04991",
    "state": "CREATING",
    "connection_bandwidth_in_mbps": 1000,
    "region": "AMS",
    "naas_provider": "MEGAPORT",
    "vpc_ids": [
      "c140286f-e6ce-4131-8b7b-df4590ce8d6a",
      "994a2735-dc84-11e8-80bc-3cfdfea9fba1"
    ],
    "bgp": {
      "local_asn": 64532,
      "local_router_ip": "169.254.0.1/29",
      "peer_asn": 133937,
      "peer_router_ip": "169.254.0.6/29"
    },
    "created_at": "2024-12-13T12:37:52.152922792Z"
  }
}

Save the BGP configuration details for use when setting up Megaport in the next section.

Next, retrieve the generated service key:

curl -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DO_TOKEN" \
  "https://api.digitalocean.com/v2/partner_network_connect/attachments/<your_attachment_id>/service_key"

Replace <your_attachment_id> with your ID from the previous API response.

The API returns a service key. This key is used to connect a Megaport VXC back to DigitalOcean. Save the key for later use.

{
  "service_key": {
    "created_at": "2024-12-13T12:37:55Z",
    "value": "6e4fa7f8-8ab2-47c4-956f-dd3be7ca1367"
  }
}

Now retrieve the BGP auth key:

curl -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DO_TOKEN" \
  "https://api.digitalocean.com/v2/partner_network_connect/attachments/<your_attachment_id>/bgp_auth_key"

Replace <your_attachment_id> with your ID.

The API responds with an auth key:

{
  "bgp_auth_key": {
    "value": "0xGb6eHCZQKiaJXtgd1HdULK22m0Rs0zWmR3akyRdOL"
  }
}

Save this key to use when configuring BGP on Megaport.

To check the status of the partner attachment, send a GET request to its URL:

curl -X GET \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DO_TOKEN" \
"https://api.digitalocean.com/v2/partner_network_connect/attachments/<your_attachment_id>"

The state of the partner attachment is ACTIVE when it is ready.

Create a Megaport Cloud Router

Next, create a Megaport Cloud Router (MCR). The MCR routes traffic between the Virtual Cross Connections (VXCs) attached to it. If you already have an MCR, you can use the existing one.

Go to the Megaport website, then in the Megaport portal, on the top of the Services page, click the link to the Create MCR page.

1. Select a location, preferably one close to the partner attachment.
2. Choose a rate limit for your MCR. This setting cannot change after creation.
3. Choose a name for the MCR.
4. Select your minimum term. The default is 12 months. If you’re testing Partner Network Connect, choose No Minimum Term.
5. Leave the MCR ASN set to the default (133937) unless you have a specific reason to change it.

When you’re done configuring the MCR, you still need to order it to complete the process. Set up your billing details and finish ordering the MCR before proceeding.

Refer to Megaport’s Creating an MCR documentation for more in-depth information on this process.

Create a Virtual Cross Connection (VXC) to DigitalOcean

To make a connection between Megaport and the partner attachment at DigitalOcean, add a Virtual Cross Connection (VXC) to your Megaport Cloud Router.

This step requires the service key, BGP auth key, and BGP configuration from your partner attachment.

First, find your MCR Services list in the Megaport portal.

Click the + Connection button to add a VXC.

1. Select Enter Service Key as the destination type.
2. Type the service key you received when creating the partner attachment. Megaport checks the key immediately and marks it as a Valid Service Key.
3. Choose a name for the connection.
4. Choose a Rate Limit. You cannot change this after the VXC is created. The maximum is based on the bandwidth selected when you created the partner attachment.
5. Select your minimum term. Check this carefully, as the default is 12 months.
6. Click Next.
7. Set Interface IP Address to the partner attachment’s Peer router IP.
8. Click Add BGP Connection. For Local IP, select the Interface IP Address you just configured. Then, type the partner attachment’s BGP details. Remember to flip Local and Peer (for example, the Local router IP from DigitalOcean is the Peer IP for Megaport). Use the BGP authentication key for the BGP Password.
9. Click Add to finish adding the BGP connection, then click Next to continue to the confirmation page.
10. Review your information, then click Add VXC to add the VXC to your MCR.

As with creating the MCR, you must order the VXC to complete the process.

Refer to Megaport’s Creating an MCR VXC documentation for more in-depth information.

Verify the Connection Between DigitalOcean and Megaport

After the MCR and VXC are configured and ordered, go to the VXC Configuration Details page. The Service Status and BGP IP Address status indicators turn green when the connection is fully established.

Back in the DigitalOcean Control Panel, return to your partner attachment’s details page. The connection status indicates Established when the connection from DigitalOcean to the Megaport Cloud Router is complete.

Connect Megaport to Other Clouds or On-premises Datacenters

To finish connecting your DigitalOcean VPC networks to other clouds or datacenters you need to configure a second connection from your Megaport Cloud Router. The type of connections available are listed on Megaport’s Creating an MCR VXC page.

The following documentation links cover some common cloud provider and on-premesis destinations:

• Creating MCR Connections to AWS
• Creating MCR Connections to Azure using ExpressRoute
• Creating MCR Connections to Google Cloud Services.
• Creating a Private VXC
• Megaport Marketplace