Configuration

Requirements

To configure Canal with an AWS Peering Connection, you will need the following information:

The CIDR block of your VPC must be within one of the following IP address ranges:

  • 10.0.0.0/8 (excluding 10.21.0.0/16; see Limitations below)
  • 172.16.0.0/12
  • 192.168.0.0/16

If you don't have a VPC yet, follow the instructions in the Creating a VPC section in this document.

In addition, you will need to create a Type-C or Type-F Virtual Private Gateway.

Limitations

When you create a Virtual Private Gateway (VPG), Soracom will automatically allocate resources for the VPG within the 10.21.0.0/16 IP address range. As a result, your VPC cannot include this IP address range. If your AWS VPC uses a CIDR block that includes this range, you will need to create a new VPC with a CIDR block which does not include this range.


Configuration

Creating a VPG

Follow the instructions from the Virtual Private Gateway Configuration documentation to create a new VPG with the following options:

For more information on each option, refer to the VPG Configuration documentation.


Add a Peering Connection

With a VPG created, we can now add an AWS Peering Connection in order to connect it to our AWS VPC.

  1. Login to the User Console. From the Menu, open the VPG screen.

  2. From the list of VPGs, click the name of the VPG you want to configure to open its settings page.

    https://console.soracom.io

    Select VPG

  3. From the Basic settings tab, VPC Peering Connections panel, click the Add button.

    Add VPC peering connection

  4. Enter your AWS Account ID, the AWS VPC ID, the AWS Region, and the VPC CIDR Block:

    Enter peering connection details

    Then click the Save button.

This will initiate a Peering Connection request with your AWS account. Next, we'll accept the connection request to complete the Peering Connection setup.


Accept the Peering Connection Request

  1. Login to the AWS Management Console . From the Services menu, open the VPC dashboard.

  2. Click the Peering Connections section.

    https://console.aws.amazon.com

    Missing

  3. Select the Peering Connection request in the list. Its Status should appear as pending-acceptance.

  4. Click the Actions menu, then select Accept Request.

    https://console.aws.amazon.com

    Missing

A dialog will appear asking if you want to update your VPC's routing table. In order to route traffic correctly between the Soracom VPG and your AWS VPC, we need to add a new routing rule.

  1. Click the Modify my route tables now link.

    https://console.aws.amazon.com

    Missing

  2. From the list of route tables, select the route table that is attached to your VPC. The Explicitly Associated column should indicate that it is associated with 1 Subnet.

  3. Click the Routes tab. Then add a new destination with the following values:

    https://console.aws.amazon.com

    Missing

    • Destination - 100.64.0.0/10
    • Target - pcx-xxxxxxxx

    The Destination value corresponds to the IP address range of the VPG. The Target option tells the VPC that traffic returning to the VPG should be routed using the selected Peering Connection. As you type pcx, the approved Peering Connection should appear automatically.

    Then click the Save button.

Canal is now configured, and Air SIM devices that are attached to the VPG will be able to connect to network resources within your VPC.


Testing Canal

To test the Canal connection, simply create a network resource within your VPC.

For example, you can create a basic EC2 instance, making sure that it belongs to your VPC, and is assigned a static IP address within your VPC's CIDR block range.

Then connect to the EC2 instance to install and start an Apache webserver with its default welcome page.

Configure your EC2 instance's Security Group to allow inbound HTTP traffic on port 80 from 0.0.0.0/0 any source.

Finally, test that your Air SIM device is able to view or curl the default Apache webpage using the EC2 instance's private IP address.


Reference

Creating a VPC

  1. Login to the AWS Management Console . From the Services menu, open the VPC dashboard. Then click the Launch VPC Wizard button.

    https://console.aws.amazon.com

    Missing

  2. In the Select a VPC Configuration screen, choose VPC with a Single Public Subnet and click the Select button.

    https://console.aws.amazon.com

    Missing

  3. Enter a VPC name for this VPC. You can leave the other settings with their default values, or configure a different IPv4 CIDR block and other settings if desired.

    https://console.aws.amazon.com

    Missing

    Note: When creating a VPC which you intend to use with Soracom Canal, ensure that the IPv4 CIDR block does not include the 10.21.0.0/16 IP address range. Soracom will allocate resources within this IP address range. If you specify a CIDR block which includes this IP address range, you will have to create a new VPC.

    Then click the Create VPC button.

  4. Once the VPC has been created, it will appear in the list of VPCs:

    https://console.aws.amazon.com

    Missing

  5. To enable the Internet gateway for the VPC, select the VPC from the list. Then click the Overview tab, and click the item listed next to Route table:

    https://console.aws.amazon.com

    Missing

  6. Set the Internet gateway igw-xxxxxxxx for the 0.0.0.0/0 target.

    https://console.aws.amazon.com

    Missing

    Then click the Save button.


Finding the Requirements

You can find your AWS account number by logging into the AWS Management Console . On the upper right corner of the console, click the Support menu, then select Support Center. Your AWS account number will be displayed at the top right corner:

https://console.aws.amazon.com

Missing

https://console.aws.amazon.com

Missing

To find the ID and CIDR block of a VPC, click the Services menu and open the VPC dashboard. Then click the Your VPCs section. The VPC ID and CIDR block is listed:

https://console.aws.amazon.com

Missing