Configuring an InterLink

Once your InterLink has been created and the provisioning process is complete, you must complete a number of configuration steps to enable traffic to flow across the InterLink.

This document explains the process in full, and gives tips for troubleshooting any potential issues.

Configuration overview

The diagram above shows the four configuration steps necessary for an InterLink. Only when all steps have been completed can traffic flow across the InterLink, connecting the Scaleway VPC to the external (on-premises) infrastructure.

Read more about each step, and possible errors at each stage, in the following sections.

1. Create the InterLink

Creating an InterLink is itself a multi-step process, that requires action on both the Scaleway side, and on the partner side. This process is explained in full in Provisioning an InterLink.

You must wait until the InterLink has reached Active status before you can continue with the following configuration steps.

2. Attach VPC

Attaching an InterLink to a VPC allows you to complete the connection from your external infrastructure, across the InterLink, to the Scaleway resources in the selected VPC.

The VPC must be in the same region as the InterLink. An InterLink can only be attached to one VPC at a time, but you are free to detach the VPC and attach a different one whenever you like.

You can use the Attach a VPC endpoint to attach a VPC to a given InterLink.

3. Attach allowed routes list (routing policy)

InterLink uses Border Gateway Protocol to exchange routing information between the customer’s infrastructure and the Scaleway VPC. Each side advertises IP prefixes for its own internal subnets and resources, to allow the other side to dynamically learn and update its internal routes, facilitating efficient traffic flow. However, by default, all routes across an InterLink are blocked . You must create and attach an allowed routes list aka routing policy, to set IP prefix filters for the route advertisements you want to whitelist. This facilitates traffic flow across the InterLink.

You can create and attach allowed routes lists via the API.

When setting the route ranges to whitelist, you must separately define the IP prefixes to accept from the external infrastructure (incoming ranges of route announcements to accept), and the IP prefix filters to advertise from the Scaleway VPC to the peer (outgoing ranges of routes to advertise). For example, adding 172.16.4.0/22 whitelists all 1,024 IPs in this block, from 172.16.4.0 to 172.16.7.255.

Only one allowed routes list (routing policy) can be attached to an InterLink at a given time. However, you can reuse the same list by attaching it to multiple InterLinks, for example if you have a second InterLink attached to the same VPC/external infrastructure for redundance purposes. You can update, delete or reattach a list at any time.

4. Activate route propagation.

Once you have attached a VPC and defined the routing policy/allowed routes, you must activate route propagation to allow traffic to flow over the InterLink. This enables all prefixes whitelisted in your allowed routes list / routing policy to be announced in the BGP session, so that traffic can flow along these routes.

You can deactivate route propagation via the dedicated endpoint at any time. When you do this, all routes are blocked and removed from the VPC’s route table. No traffic can flow across the InterLink until route propagation is reactivated.