| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2024-10-09 |
vpe for Direct Link, virtual private endpoints for Direct Link, using vpe for vpc with Direct Link, isolation for Direct Link, private network for Direct Link, network isolation in Direct Link, non-public routes for Direct Link, private connection for Direct Link, private connectivity for Direct Link |
dl |
{{site.data.keyword.attribute-definition-list}}
{: #vpe-connection}
{{site.data.keyword.cloud}} Virtual Private Endpoints (VPE) for VPC allows you to connect to {{site.data.keyword.dl_short}} from your VPC network by using the IP addresses of your choosing, which is allocated from a subnet within your VPC. {: shortdesc}
VPEs are virtual IP interfaces that are bound to an endpoint gateway created on a per-service, or service-instance basis (depending on the service operation model). The endpoint gateway is a virtualized function that scales horizontally, is redundant and highly available, and spans all availability zones of your VPC. Endpoint gateways enable communications from virtual server instances within your VPC and {{site.data.keyword.cloud}} service on the private backbone. VPE for VPC gives you the experience of controlling all the private addressing within your cloud. For more information, see About virtual private endpoint gateways.
{: #vpe-before-you-begin}
Before you target a virtual private endpoint for {{site.data.keyword.cloud}}, you must complete the following tasks.
- Make sure that a Virtual Private Cloud is created.
- Make a plan for your virtual private endpoints.
- Ensure that correct access controls are set for your virtual private endpoint.
- Understand the limitations of having a virtual private endpoint.
- Understand how to view details about a virtual private endpoint.
{: #setup-vpe-dl}
When you create a VPE gateway by using the CLI or API, you must specify the Cloud Resource Name (CRN) of the region in which you want to connect to {{site.data.keyword.dl_short}}. Review the following table for the available regions and CRNs to use to create your VPE gateway.
Direct Link supports VPEs in all the VPC regions as shown.
| Location | Region | Cloud Resource Name (CRN) |
|---|---|---|
| Dallas | us-south |
crn:v1:bluemix:public:container-registry:us-south:::endpoint:vpe.us-south.container-registry.cloud.ibm.com |
| Frankfurt | eu-de |
crn:v1:bluemix:public:container-registry:eu-de:::endpoint:vpe.eu-de.container-registry.cloud.ibm.com |
| London | eu-gb |
crn:v1:bluemix:public:container-registry:eu-gb:::endpoint:vpe.eu-gb.container-registry.cloud.ibm.com |
| Osaka | jp-osa |
crn:v1:bluemix:public:container-registry:jp-osa:::endpoint:vpe.jp-osa.container-registry.cloud.ibm.com |
| Sao Paulo | br-sao |
crn:v1:bluemix:public:container-registry:br-sao:::endpoint:vpe.br-sao.container-registry.cloud.ibm.com |
| Sydney | au-syd |
crn:v1:bluemix:public:container-registry:au-syd:::endpoint:vpe.au-syd.container-registry.cloud.ibm.com |
| Tokyo | jp-tok |
crn:v1:bluemix:public:container-registry:jp-tok:::endpoint:vpe.jp-tok.container-registry.cloud.ibm.com |
| Toronto | ca-tor |
crn:v1:bluemix:public:container-registry:ca-tor:::endpoint:vpe.ca-tor.container-registry.cloud.ibm.com |
| Washington DC | us-east |
crn:v1:bluemix:public:container-registry:us-east:::endpoint:vpe.us-east.container-registry.cloud.ibm.com |
| {: caption="Region availability and Cloud Resource Names (CRNs) for connecting {{site.data.keyword.dl_short}} over {{site.data.keyword.cloud_notm}} private networks" caption-side="bottom"} |
{: #endpoint-gateway-servicename}
To configure a virtual private endpoint gateway, follow these steps:
- List the available services, including {{site.data.keyword.cloud_notm}} infrastructure services available (by default) for all VPC users.
- Create an endpoint gateway for {{site.data.keyword.dl_short}} that you want to be privately available to the VPC.
- Bind a reserved IP address to the endpoint gateway.
- View the created VPE gateways associated with the {{site.data.keyword.dl_short}}. For more information, see Viewing details of an endpoint gateway.
Now, your virtual server instances in the VPC can access your {{site.data.keyword.dl_short}} instance privately through it.
{: #using-direct-link-vpe}
After you create an endpoint gateway for {{site.data.keyword.dl_short}}, follow these steps:
{: #vpe-cli} {: cli}
Use the following steps to update to the latest version of the CLI and the {{site.data.keyword.dl_short}} plug-in.
-
Update the {{site.data.keyword.cloud_notm}} CLI to the latest version:
ibmcloud update
{: pre}
-
Update the Direct Link CLI plug-in:
ibmcloud plugin update dl-cli
{: pre}
{: #vpe-api} {: api}
After you create an endpoint gateway for the {{site.data.keyword.dl_short}} service, use the service endpoints FQDN private.directlink.cloud.ibm.com in the URL to access the service. For example:
curl https://private.directlink.cloud.ibm.com/v1/direct_links?version='2020-03-31' -H "Authorization: Bearer $iam_token"{: pre}
{: #vpe-sdk} {: api}
After you create an endpoint gateway for {{site.data.keyword.dl_short}}, you must use the private endpoint's FQDN when you set the service's FQDN during construction of the direct link service object.
private.directlink.cloud.ibm.com{: pre}
For examples of setting the service's FQDN for the specific SDK language, see SDK API examples.
{: #vpe-terraform} {: terraform}
If you plan to access the Direct Link service by using Terraform, make sure to set the IBMCLOUD_DL_API_ENDPOINT environment variable to private.directlink.cloud.ibm.com. For example:
export IBMCLOUD_DL_API_ENDPOINT=private.directlink.cloud.ibm.com{: pre}
For more information, see Direct Link resources and data sources.