Take advantage of our consulting services!
Our experts will be happy to help you.
Hotline: 24 hours a day, seven days a week
PLAS is the abbreviation of Private Link Access Service, one of the network services on Open Telekom Cloud. It allows customers to establish a dedicated and non-shared connection from their on-premise networks to the Open Telekom Cloud environment.
This option makes it possible to use the Open Telekom Cloud as a shared private cloud where only the administration interfaces (UI and API) are accessible via the internet. The virtual resources themselves (ECS, OBS, etc.) can be used via the private connection.
Private link means that Ethernet Connect or IP MPLS-based business VPNs are used to achieve SLA-based connectivity without being connected to the internet.
Using PLAS, customers benefit from the best results in speed, throughput, packet loss and security.
Direct Connect is a network service on Open Telekom Cloud providing the access interface to private networks within your VPC. Direct Connect connects your VPC to the internal PLAS interface. PLAS works like a broker between any external physical network and the virtual internal networks. You always need to deploy your virtual instances via Direct Connect and the corresponding PLAS ports using either the dialog in the portal or an API.
You will find PLAS in the Open Telekom Cloud portal under “network.” To order the service, you need to complete the template with all necessary information on your network connection. In some cases without automation, you need to add an Excel sheet with additional information for the PLAS administrator. We also offer some non-standard options, in this case please get in touch with sales or send a ticket to ourservice desk.
PLAS is operated in data centers running the Open Telekom Cloud services. Currently, these are located in Biere and Magdeburg in Germany for Region 1. If you are interested in Open Telekom Cloud Region 2, please ask our sales representatives or open a ticket.
Currently, we offer the following options:
All options are described in more detail below.
PLAS is the network access service for any kind of external private network, connecting customers to the Open Telekom Cloud. PLAS uses different connectors to connect network products. PLAS Ethernet Redundant is the connector used to obtain access via two links of a layer 2 P2P product terminating on a hub in the German Open Telekom Cloud data centers in Biere and Magdeburg.
The only product currently available is Ethernet Connect in a special variant of the base product. Deutsche Telekom has built aggregation hubs in the network rooms of the data centers that are connected to Open Telekom Cloud.
If the customer orders this product, only a new connection to their local service point has to be established, while the B-end in the data center as well as connectivity to Open Telekom Cloud is prepared. It will be initialized as soon as the customer starts the Direct Connect / PLAS service and is functional when the Ethernet Connect product is ready to use.
Ethernet Connect only establishes a layer 2 connection between the customer’s VPC and the customer’s location. This means that the layer 3 connection (IP) has to be established additionally by the customer.
For more information on Ethernet Connect, see chapter “Network products that can be used to connect to Open Telekom Cloud” or see the Network section on the Deutsche Telekom website for "Geschäftskunden".
PLAS Ethernet Light is a combination of PLAS Ethernet Redundant and Ethernet Connect.
The difference to PLAS Ethernet Redundant is that there is only one Ethernet Connect link on the network side.
Behind the termination point of the link, Open Telekom Cloud uses two uplinks to two different PLAS ports and routes them to different AZs where your VPC is hosted.
This means that you do not have any (private) backup on the line and your production might have to stop if the link is required.
For this reason, we do not recommend this option, but offer it to leave the choice to you.
For more information on Ethernet Connect, see chapter “Network products that can be used to connect to Open Telekom Cloud” or see the Network section on the Deutsche Telekom website for "Geschäftskunden".
PLAS Ethernet VPN Global connects international Ethernet VPNs running different variants of MEF Ethernet standards.
Open Telekom Cloud is connected to Telekom’s Secure Cloud Connect product, which is a global Ethernet VPN platform.
Our Open Telekom Cloud data centers in Biere and Magdeburg are redundantly connected to this platform. Using tagged VLAN protocol, Telekom provides different customers with possible traffic separation per customer as virtual links.
You can choose this option via the portal and establish Direct Connect and PLAS instances.
Please note that the initial set-up of your own data center or subsidiary to the SCC platform using local loops might take several weeks. In this case, we recommend waiting until you receive the LOA (Letter of Authorization) specifying the date of readiness.
For more information on Secure Cloud Connect, see chapter “Network products that can be used to connect to Open Telekom Cloud” or see the Network section on the Deutsche Telekom website for "Geschäftskunden".
PLAS MPLS is the connector to provide MPLS-based managed networks access to the Open Telekom Cloud. PLAS and the provider platform are connected between the provider’s MPLS-POP (CE) and the PLAS router ports. They use API procedures to connect the network.
Currently, IntraSelect, the managed MPLS network of Deutsche Telekom, is the only MPLS network connected. Using the IntraSelect Cloud Connect product, you can easily establish a connection to Open Telekom Cloud. The architecture is redundant, which means that Open Telekom Cloud and IntraSelect run redundant links and offer active/passive redundancy.
Other MPLS providers are welcome, but they need to create redundant access from their platforms to Open Telekom Cloud data centers. In addition, they need to use Open Telekom Cloud API sets to connect customers.
For more information on IntraSelect, see chapter “Network products that can be used to connect to Open Telekom Cloud” or see the Network section on the Deutsche Telekom website for "Geschäftskunden".
Many customers have existing architectures for accessing cloud environments via cloud exchange brokers or want to start using this solution. It is very flexible in case of multi-cloud strategies and enables customers to easily change connections or bandwidth. From the customers’ perspective, it represents their “cloud connectivity hub.”
Nearly all colocation providers have their own cloud connectivity broker. We decided to start with Equinix Cloud Exchange (ECX).
PLAS is connected to Equinix Cloud Exchangeon the “seller side.” Customers connect to ports on the “seller-side”, and both meet on the portal. Here, customers can see the Open Telekom Cloud as well as many other clouds, and they can book and assign virtual circuits with different bandwidths to Open Telekom Cloud. You need to choose one link to the data center in Biere and one to the data center in Magdeburg, representing two of our AZs.
ECX and Open Telekom Cloud enable layer 2 connectivity. Please note that redundancy is only ensured when using this logic, since there is no line redundancy. Redundancy only works on the IP layer.
You can access the service directly from all ECX locations in Frankfurt and from all European ECX locations via the remote option of ECX. This means that your traffic will use the backbone of Equinix. While this is a paid service, it offers a flexible way to connect other cloud areas without building your own networks.
First, you need to establish Direct Connect and PLAS in your VPC. This requires you to enter some technical information in the dialog on the ECX portal.
It will take some days to establish the link between Open Telekom Cloud and ECX. In a second step, you need to establish the IP connectivity between your VPC and your local LAN.
You can access ECX from your local colocation cage at Equinix or via a network of your choice.
For more information on Equinix Cloud Exchange, please visit the Equinix website.
We have several options for you in this case. These options are not displayed by default, but available in the project mode.
For Region 1, we typically work with Telekom and you can book the products Lambda Connect or Ethernet Connect. You need to check whether Ethernet Connect 2.0 is available in the data centers and with which option it can be built.
If you work with a third-party provider, they will need a subcontractor for the last mile to the data centers. This should be Telekom Wholesale for link and customer-switch of Lambda Connect.
We do not offer 100G ports in Region 1. If you need this capacity and cannot switch to n*10G, please contact us via our service desk.
Every PLAS option offers different bandwidths.
You will find the current options when creating Direct Connect and PLAS.
The steps are performed together with our network provider partners, which means that you usually should have the same parameters (see in the category “Architectural Details”: ““Does the external network bandwidth have to be identical to the Direct Connect and PLAS bandwidth?”).
The highest volume for all shared services is 1 Gbit/s. For 10 Gbit/s bandwidth, you need dedicated PLAS ports as described.
PLAS is the product used to access Open Telekom Cloud. We are not directly connected to other clouds. You need to use the Cloud Connectivity Broker, MPLS Network or Secure Cloud Connect to manage multi-cloud logic.
The network product is NOT part of your Open Telekom Cloud contract. You need conclude an independent contract with Deutsche Telekom, a third-party network provider or a cloud connectivity broker.
Please contact your sales manager for further information on the various options.
PLAS is not compatible with all network providers. We are currently working on some options exclusively with Deutsche Telekom. You need to get in contact with Deutsche Telekom Sales and order products with Open Telekom Cloud access options. This may require a dedicated contract. Alternatively, you can also incorporate this option in your existing contract with Deutsche Telekom. You will find a list of products in this section.
If you want to get access with another provider, you will need to book the PLAS Cloud Exchange option, which is released with Equinix Europe for their Equinix Cloud Exchange product.
For any other configurations using a third-party network provider, please get in contact with us prior to any further activities.
All information on Ethernet Connect can be found on the Deutsche Telekom website for “Geschäftskunden” or you can ask your Deutsche Telekom sales representative.
Please note the special product for Open Telekom Cloud access. You cannot order Ethernet Connect as a standard product and there is no option for you to order an Ethernet Connect 2.0 product.
However, if you need a bandwidth of 10 Gbit/s, we can realize this as a project. You need to establish two 10G links to the data centers in Biere and Magdeburg. We only accept a redundant pair of links.
In this case, you can implement Ethernet Connect as well as Ethernet Connect 2.0 or Lambda Connect (as a single endpoint in a VPN).
Lambda Connect is a transparent DWDM service based on the Telekom Global Network (TGN). TGN has a global coverage and Deutsche Telekom provides access to Open Telekom Cloud using two different POPs in Biere and Magdeburg. The typical bandwidth to Open Telekom Cloud includes dedicated 10G links. In some cases, Lambda Connect may be a potential alternative to Ethernet Connect 10G.
For more information about Lambda Connect, see the Network section on the Deutsche Telekom website for “Geschäftskunden.”
Secure Cloud Connect is a product of Deutsche Telekom and is sold to end customers and other network providers. It is based on the Telekom Global Network (TGN) and offers broad global coverage.
Secure Cloud Connect uses MEF standards on top of the platform to establish virtual connections between locations, with a focus on public cloud connectivity.
It offers a multi-cloud environment, meaning that as soon as you connect your own locations, you can access 50+ clouds in different locations around the world.
Deployment of virtual links in addition to the established local loops is very flexible and changes are implemented within a few days.
Secure Cloud Connect is directly connected to Open Telekom Cloud and offers maximum redundancy.
It offers a capacity of up to 1G via virtual link. The platform itself can be connected via 1G or 10G ports.
For more information on Secure Cloud Connect, see the Network section on the Deutsche Telekom website for "Geschäftskunden".
IntraSelect is the name of a MPLS-based managed business network provided by Deutsche Telekom. It has a global coverage and plenty of functions to provide secure, SLA-based connectivity between customer locations. Cloud Connect is a feature of IntraSelect to connect customers with public clouds.
For more information on IntraSelect, see the Network section on the Deutsche Telekom website for "Geschäftskunden".
IntraSelect Cloud Connect for Open Telekom Cloud provides bandwidths ranging between 50 Mbit/s and 1000 Mbit/s.
PLAS allows one VPN per subnet. Direct Connect creates that VPN and is based on a redundant link to one MPLS-POP. You only can choose whether the POP is in location A or location B. Please ask your network provider to learn more about the best choice.
If you need higher redundancy, you need to create another subnet with a second Direct Connect on Open Telekom Cloud and a second Cloud Connect Link on MPLS. Now you have four links, i.e. two active and two passive links.
You have to take care of the routing logic by yourself. Open Telekom Cloud sees both links as independent and cannot decide where traffic will flow.
Equinix is a company offering services including colocation, telehouse and internet exchange.
Equinix Cloud Exchange is a product to connect public clouds. Currently, it can be used to connect more than 50 clouds depending on the region.
Customers can connect to ports from their colocation space or via wide area network in order to access the ECX portal. On the portal, they can choose all clouds and locations available on the marketplace.
Customers need a contract with Equinix. In some cases, their network provider might offer this as a managed service. Open Telekom Cloud is not able to manage this for you.
More information can be found on the Equinix website under the product name Equinix Cloud Exchange.
First, you should check the option of using Equinix Cloud Exchange. In this case, your provider can establish the connection to an Equinix location with ECX as needed.
There is currently no option to connect a third-party MPLS network directly to Open Telekom Cloud. We are open to providers connecting their platforms to Open Telekom Cloud. To do so, they need to establish redundant links to our data centers in Biere and Magdeburg with 10 Gbit/s as a minimum requirement. In addition, they need to create interfaces based on our Open Telekom Cloud API set for private links.
If you need an Ethernet or Lambda line which is terminated in the Open Telekom Cloud, we only support 10 Gbit/s redundant lines to Biere/Magdeburg. In this case, the network provider is responsible for offering access to the PLAS ports we offer. Since there will be no contract between the network provider and Open Telekom Cloud, the customers themselves will have to take care of project management and are responsible for their connectivity to the Open Telekom Cloud edge routers.
We always require two links to Open Telekom Cloud (only exception: PLAS Ethernet Light, which requires only one WAN link). For all other PLAS Ethernet options and PLAS Cloud Exchange, you need to connect two independent links by yourself. With PLAS MPLS, this is done automatically between your network provider and PLAS. You order one cloud link from your network provider as part of your contract, but technically they use two redundant links to Open Telekom Cloud.
Even if you always have two physical and logical links to PLAS, you only can use one IP link on top of them. The second link is always the redundant link and passive for backup cases. This means that you cannot use both links for features such as link aggregation or load balancing.
There is a difference between the chosen bandwidth of the external network link and the Open Telekom Cloud bandwidth.
Usually, they should be the same, but for some reasons they could be different – resulting in underbooking or overbooking. While overbooking might be a waste of money, underbooking can be much more critical due to dropped packets.
As a general rule, Open Telekom Cloud does not check the “logic” between these bookings.
We currently do not have a LAG service in place. But we are able to manually aggregate up to 5 single 1G links to one VPC gateway as a non-standard option.
Please contact us should you require this option.
We generally require two redundant links, since this is necessary for the active/passive architecture. It is not recommended to use only one link or two different bandwidths. In addition, the internet connectivity should not be used for backup.
If you are aware of the consequences a non-redundant architecture might involve and you do not need an SLA, please ask us to learn more about alternative options.
You can route the two links to one location or distribute traffic over two locations. PLAS only sees two different paths controlled by the eBGP protocol. Please note that in the second case, you still have an active and a passive link. You need a backup concept on layer 3 managed by yourself via your own data center backbone.
PLAS is only used to access your VPC on Open Telekom Cloud. It is not possible to use it as a routing instance to connect two or more locations. But if you are planning to use a virtual overlay network to support such connectivity architectures, you might work with virtual routers on top of your VMs and handle the existing connectivity on private and internet access for an overlay network. Please bear in mind that neither PLAS nor Direct Connect will monitor these activities and that you are fully responsible for the overlay network.
Every part of the system is redundant and distributed over two data centers per region. There is no single point of failure. Regard the redundancy logic of your access network.
PLAS is very flexible. It uses a “QinQ” protocol to connect networks. This means that you can have many VLANs connected to the same or to different VPCs.
You can always access your VPCs via the internet. But if you wish to setup a VPN with IPSec, please note that you can only create one VPN per subnet. You need to create different subnets and separate them using a firewall to handle internet traffic vs. private traffic. PLAS or Direct Connect do NOT offer the option to start or serve an IPSec VPN when the Direct Connect link is down. You have to handle the two options in case of a failure.
PLAS supports redundant links in an active/passive mode. This means that you can only use one active link. In a more sophisticated configuration, you can use two Direct Connects with PLAS in two different VPCs and set up an address scheme for load balancing. It is better to use load balancing after the network edge in front of your servers.
You can advertise up to 100 routes per session. If you advertise more, the port will be set inactive. This will protect the cloud and you against route flooding. Try to aggregate routes. If you still need more routes, please contact the service desk.
Start with choosing a network connector on the Open Telekom Cloud portal and follow the dialog to establish the logical links for “Direct Connect” and “PLAS.” Please note that you need to prepare a second VPC for redundancy, subnets and virtual gateways with IP addresses. You need these parameters for the dialog.
After successfully establishing the link for PLAS VPN and PLAS Cloud Exchange, you will receive an ID. This ID is needed as a token for your chosen network provider or exchange platform to connect the network to your Open Telekom Cloud tenant.
Please bear in mind that at this stage, you only have a contract with Open Telekom Cloud. In any case, you need a contract for the deployment of the chosen network. You will get this from your sales channel through which you typically handle network contracts. The deployment by the network provider may take at least two weeks for contracts involving an IP MPLS VPN or more than 6 weeks in case of Ethernet links.
Costs for Open Telekom Cloud resources are only incurred after the services are established. Please consider this when planning your connection.
The setup of Direct Connect and PLAS only takes a few minutes when deployed automatically, or a few days when deployed manually.
Since all network products are different, the process will never look the same.
If you already use Equinix Cloud Exchange, this solution will be ready to use in next to no time. No matter whether you start in Frankfurt or at other European Equinix sites, all in all it will only take a few days to deploy a virtual link to Open Telekom Cloud. If you need initial access to the platform from a colocation cage or wish to establish a WAN link, this will take much longer.
IntraSelect as a managed MPLS service is your best choice if you are already using this network and only want to extend it by access to Open Telekom Cloud. This is mainly API-driven, but good preparation is required for the deployment. In summary, it will take two to four weeks to get ready.
The first setup of the Secure Cloud Connect service takes a little longer because you need to connect your location to the platform by means of local loops. This will usually take 8–15 weeks. For extensions with new virtual circuits to Open Telekom Cloud, you can expect about 3 weeks to get ready.
Any point-to-point layer 2 or DWDM link will take a few weeks to establish.
Third-party network providers use subcontractors to access Open Telekom Cloud. This will not be quicker.
In any case, if you expect that getting the external network ready for use will take a long time, you should not start with the creation of Direct Connect and PLAS. Hourly costs are incurred for the Direct Connect and PLAS services, even if you are not actually using them because there is no external network. You should only start configuring the interfaces on Open Telekom Cloud after your provider has informed you about the finalization of your network.
Connecting your company via Ethernet (layer 2 service) means that there are two connectivity layers to deploy. The first layer is layer 2 connectivity, which is set up in collaboration between the network provider and Open Telekom Cloud/PLAS.
In addition to the layer 2 connection, an eBGP protocol must be established between the PLAS router and the customer’s edge router and/or firewall (see in the category “Processes”: “Do customers have to set up eBGP themselves?”)
Finally, on top of this router-to-router connectivity, you need to establish communication between your local network with private IP addresses and your Open Telekom Cloud environment, which also runs with your private addresses under your own responsibility. In summary, you need to take care of addresses, firewalls, security groups and routing between the instances.
Work can only start once all three parts are ready and functional.
Once you created a PLAS link, you will receive a service ID as a security item. You need to give this ID to your network provider. Currently, we check this service ID in any API-automatized interface to the network provider, e.g. PLAS MPLS.
Your admin needs to know about your intention to connect your network to Open Telekom Cloud, even if it is managed by T-Systems or Deutsche Telekom. You might need their commitment and they need to check whether the existing access bandwidth of the entire network is sufficient for more traffic. In addition, security and access parameters in your LAN need to be checked by your admin.
For all Ethernet-based options and PLAS Cloud Exchange, we will send you the S-Tag VLAN IDs for connecting our PLAS routers in Biere and Magdeburg if you open a ticket in the service desk console. We will reserve IDs.
If you have a PLAS option that does not need an S-Tag VLAN ID from our side but a full port, we will provide you with a port IP address. This also requires you to open a ticket. The port address will be reserved for 3 months before the reservation is canceled.
Yes, the customer needs to set up eBGP on their routers to connect to Open Telekom Cloud. All Ethernet products are transparent for L3 layer. BGP parameters are shown in the PLAS order form or in online dialogs. Only in the case of PLAS MPLS and connected managed MPLS network, the settings are done by the network provider.
You can use C-Tags to separate your traffic. It is mandatory for most Ethernet-based options and IntraSelect.
In some PLAS options that are accessed via a network platform (like Secure Cloud Connect or similar), the S-Tag is used by the platform and the C-Tag can be set by the customer.
When using dedicated PLAS ports for 10G access, this is not mandatory, but optional.
Open Telekom Cloud-11010000001770
Specifies the port type.
Specifies the subnet segment of the local VPC connected to the direct connection.
A maximum of 25 local subnets can be configured.
The local subnet and the remote subnet cannot be in the same network segment.
Specifies the tenant subnet.
The value must be a private IP address with a subnet mask. Multiple subnets are separated with commas (,).
A maximum of 50 remote subnets can be configured.
The local subnet and remote subnet cannot be in the same network segment.
Specifies the bandwidth size.
The maximum value is 10 Gbit/s.
Specifies the direct connection name.
The value is a string of no more than 64 characters that may contain letters, digits, underscores (_), and hyphens (-).
Remember that any costs for the network part ending at the PLAS port in the Open Telekom Cloud data center will be charged by the network provider. Additional costs may be incurred for services provided by the cloud exchange provider.
For PLAS and Direct Connect, you have to pay for
It depends on the current pricing scheme whether a specific item is billed separately or included in other items, or whether it is not billed due to redundant usage etc.
The pricing calculator of Open Telekom Cloud is the easiest way to obtain an overview of costs. You can find an explanation on how to perform the calculation in the section of the price calculator.
There is no difference between pricing of the different PLAS options even when you need to choose it technically.
When comparing these prices to those of our competitors, please note that these are all flat-rate prices. No additional costs will be incurred for moving data to and from the system. This is the only model that enables you to calculate and predict the actual costs.
Billing starts as soon as you deploy the ports via the portal. Please note that we are not able to see when you start using the ports and how you use them. If you expect that your network provider will need a much longer time to prepare your connectivity to PLAS, please consult them before starting PLAS.
The billing for PLAS and Direct Connect is stopped immediately when you delete the Direct Connect and PLAS instances in the portal. Note that in this case as well, this is not synchronized with the contracts of your network provider. You need to synchronize that.
There is no end-to-end service level agreement from your cloud endpoints to your local LAN. It is the summary of all SLAs.
You typically have two products as a minimum. One is the network product and the other is Open Telekom Cloud. In this case, you have two different SLAs. If a cloud connectivity broker such as Equinix is involved, you may even have three contracts if the network provider is not able to provide this as a managed service.
There is no such thing as an end-to-end service level agreement. You are using two products with two contracts and separate SLA parameters. The SLA of the network depends on several issues. You can improve network SLAs by using a failure-resistant architecture.
The network SLA is defined by the network provider where you get the contract. Cloud connectivity brokers also have their own SLA.
For Open Telekom Cloud, you generally have an SLA to access Open Telekom Cloud via the PLAS service. The numbers represent the service, not the individual ports, meaning that it only counts when you have redundant access to two data centers and two AZs in a region.
Direct Connect is used to establish a connection from a virtual router in your VPC to a virtual gateway at the edge of Open Telekom Cloud. This gateway is connected to the PLAS (Private Link Access Service), which is responsible for the connection to an external network. In summary, Direct Connect and PLAS enable a private connection from your data center to your Open Telekom Cloud VPC. Direct Connect can access only one VPC, but you can use VPC peering or VPC Endpoint to route traffic to other VPCs.
For more detailed information, please see the Direct Connect endpoint service description.
VPC Peering is an internal Open Telekom Cloud network function and not embedded in PLAS. It is used if you need to access more than one VPC of your tenant (account). All traffic will be routed to your virtual gateway in the VPC where you create the Direct Connect. Then you can peer multiple other VPCs to route traffic to them. Routing might depend on VLAN structures used to transport data over the network. You can use security groups and/or firewalls to separate your architectures.
For more detailed information, please see the VPC Peering service description.
VPC Endpoint offers more functionalities than VPC peering.
First, Open Telekom Cloud itself creates VPC endpoint services, which work like shared public instances that can be accessed from a VPC without using public IP addresses. These services include the OBS and the DNS service.
When building your own architecture, the option to connect any IP address service inside your VPC, other VPCs or tenants is very important. You can build complex network topologies including administration and security services.
VPC Endpoint is not embedded in PLAS, but helps you handle traffic between Direct Connect, edge and other instances. For more detailed information, please see the VPC Endpoint service description.