Getting Started with Cloud Interconnect Sites

This article helps you get started with Cloud Interconnect sites that provide turnkey automation to natively connect with AWS, Microsoft Azure, GCP, and OCI cloud platforms.

Overview of Cloud Interconnect with Cato

A Cloud Interconnect is a site type option that can be used for cloud environment integration with Cato among other options such as an IPsec or vSocket site type. 

Cloud Interconnect is a dedicated connection between two peers, such as a cloud provider and a customer's on-premises infrastructure. This private connection type allows for lower latency and higher bandwidth than public internet use.

In cloud computing environments, Cloud Interconnect allows one network to connect directly to another network using a data center cloud exchange via a service provider partner (such as Equinix’s Cloud Exchange Fabric or Megaport SDCI). This can provide customers with more flexibility in how they use and manage their cloud resources in a multi-cloud environment and improve performance for workloads that need to communicate between them For more information about the supported service provider partners, see Cato Cloud Interconnect Availability.

With Cato, Cloud Interconnect data traverses Layer2 virtual circuits, resulting in high performance and low latency due to no encryption overhead. It is cost-efficient for sites with high throughput and relatively easy to operate.

Use the Cato Management Application as part of Cato's turnkey solution to orchestrate and integrate with the cloud service provider. When you create a new Cloud Interconnect, you are guided through the steps and settings to automate connecting the public cloud via a service provider to the Cato Cloud. For example, connect the AWS data center to the Cloud Interconnect site in your account via Equinix Cloud Exchange Fabric.


Supported Cloud Providers

These are the cloud providers that Cato supports to integrate with Cloud Interconnect sites and the relevant configuration articles:

Why Use Cloud Interconnect?

There are several reasons why a Cloud Interconnect site may be the preferred option for your site deployment:

  • Security – Cloud Interconnect is considered more secure as it does not transmit data over the public internet.

  • Cost Consideration – Cloud Interconnect may be a less expensive solution for high throughput sites. Many cloud providers provide fixed price options which allow for cost predictability.

  • Simplicity – Setting up Cloud Interconnect involves limited configuration steps and may be set up relatively quickly.

  • Performance & Reliability – Cloud Interconnect sites benefit from better performance due to lack of encryption/decryption overhead, guaranteed bandwidth and close-to-zero latency due to its Layer 2 connectivity in a data center alongside the Cato PoP. (A private connection is more reliable than internet transport)

Moreover, a Cloud Interconnect site may vary in global availability, QoS (Quality of Service) management, and site analytics. (Each cloud provider provides different monitoring interfaces in their platform)

Cloud Interconnect Site Architecture

Cloud Interconnect is a physical layer 2 connection to your cloud environment via one of Cato’s supported partner data center locations, such as Equinix.

The Cloud Interconnect provider partner data center may be in the physical location where the Cato PoP is hosted alongside a Cloud provider connector, such as AWS, as shown in the illustration below. However, in some cases, all of the resources involved might be in different locations, where the Cloud provider and Cato PoP are not in the same physical location as the Cloud Interconnect provider. For example, the PoP and Data Center might be located in New York, and the Cloud Interconnect Provider is in Washington D.C.

Cloud Interconnect can be deployed as a single link or as high availability (HA). In HA, Cato provides PoP-level resiliency for the redundant Cloud Interconnect links. The two links work in an Active/Passive manner with the Active link connected to one Cato PoP and the Passive link connected to a different Cato PoP.

Cloud Interconnect relies on BGP to mandate the primary location with preferred metrics and the secondary location with less preferred metrics by prepending the AS-PATH attribute behind the scenes.

BGP MD5 authentication is a mandatory configuration for a Cloud Interconnect site.

BGP is also used to manage connectivity to the Cato PoPs and exchange routing information between the Cato PoPs and the cloud environment to determine the active circuit for the site in case of a failover.

BGP neighbors status is the indicator for site connectivity. As long as at least one BGP peer is reporting connectivity the site is considered connected. 

The following table describes the site connectivity status based on each BGP neighbor scenario:


This is a high-level description of connecting two cloud environments:

  1. Identify the closest Cato PoP location with Cloud Interconnect service and the Cloud Interconnect Provider Partner location for Cloud Interconnect.

  2. Create the Cloud Interconnect circuits on the Cloud Provider and select the relevant Cloud Interconnect Provider partner location (such as Equinix or Megaport SDCI).

  3. Configure IP and BGP settings for each Cloud Interconnect circuit in the Cloud Provider platform.

  4. Create a Cloud Interconnect site in the Cato Management Application and configure the IP and BGP settings from the previous step. Cato now provisions the Cloud Interconnect site and will notify you upon completion.

  5. Connect your cloud environment VPC via a linked Gateway to the Cloud Interconnect circuits in the cloud environment.

  6. Verify the site connectivity.


Identifying PoP Locations for a Cloud Interconnect Site

Before you start working on your Cloud Interconnect deployment, it is important to verify which Cato PoP locations support Cloud Interconnect site types. For more information about the supported PoP locations, see Cloud Interconnect Availability.

Make sure to identify the nearest Cloud Interconnect location that can be used to connect to the Cloud Interconnect Provider. For example, to connect AWS VPC resources in US-EAST-1, the closest Cato PoPs are NY and Ashburn.

PoP Locations

For more information about the available Cloud Interconnect location for each cloud provider, see the relevant documentation for that third-party service:

Once you are ready to get started, reach out to your direct Cato representative to add a new Cloud Interconnect site with the following criteria for each circuit:

  • Cloud Provider environment (Azure, AWS, GCP or OCI)

  • Cloud Provider region (i.e., US-EAST-1)

  • Required bandwidth

  • Cato PoP location

  • Circuit ID and Account ID

Note: 500 Mbps is the minimum bandwidth for a Cloud Interconnect site. For exceptions, please contact your authorized Cato representative.

Was this article helpful?

4 out of 4 found this helpful


Add your comment