# AWS Elemental MediaConnect Gateway Using gatewaysAWS Elemental MediaConnect Gateway MediaConnect Gateway now supports Source Specific Multicast (SSM) for ingress bridges. This enables you to specify a source IP address in addition to the multicast IP when creating or updating an ingress bridge source.AWS Elemental MediaConnect Gateway A new feature has been released called MediaConnect Gateway. MediaConnect Gateway in an on-premises implementation of MediaConnect. *AWS Elemental MediaConnect Gateway* is a feature of MediaConnect that deploys on-premises resources for transporting live video to and from the AWS Cloud. MediaConnect Gateway allows you to contribute live video to the AWS Cloud from on-premises hardware, as well as distribute live video from the AWS Cloud to your local data center. The following graphic depicts a workflow where AWS Elemental MediaConnect Gateway runs on-premises and sends multicast feeds as unicast. This process transmits live video between the on-premises operations center and the AWS Cloud. From there, AWS Elemental MediaConnect Gateway distributes that same content to a different on-premises location. ![\[MediaConnect Gateway running on-premises and sending multicast feeds as unicast.\]](http://docs.aws.amazon.com/mediaconnect/latest/ug/images/gateway-basic.png) **Contents** + [Key points](#gateway-key-points) + [Gateway components](#gateway-components) + [MediaConnect Gateway terminology](#gateway-components-terminology) + [Next steps](#gateway-next-steps) + [Additional resources](#gateway-additional-resources) ## Key points ### Gateway components AWS Elemental MediaConnect Gateway is made up of four major components: *gateways*, *networks*, *instances*, and *bridges*. Each of these components are explained in greater detail in the following sections of this guide. The following describes the basic relationship of these components: + **Gateways**: A logical grouping of instances and bridges. Each gateway utilizes user-defined IP information for communication between data centers and the AWS Cloud. + **Networks**: A MediaConnect Gateway network is a collection of IP information that instances and bridges use to communicate on your local data center network. The network information must match the local data center network that you are using to communicate with gateway. Each MediaConnect Gateway may contain a maximum of two networks. All gateways must contain at least one network. + **Instances**: A compute instance running on equipment in your data center and managed by MediaConnect. This instance is an on-premises implementation of the MediaConnect service and is contained within a gateway. Instances use bridges to communicate between your data center and the AWS Cloud. You create instances by installing software on an on-premises server. + **Bridges**: A connection between your data center's instances and the AWS Cloud. A bridge can be used to send video from the AWS Cloud to your data center or from your data center to the AWS Cloud. The following graphic depicts the interactions of each component in a common workflow scenario. In this workflow, multicast from the data center is ingested into a gateway instance and contributed across a bridge to MediaConnect in the AWS Cloud. From the AWS Cloud, the multicast is distributed to a different data center's gateway instance. ![\[MediaConnect Gateway on-premises content sent to the cloud, then to another on-premises location.\]](http://docs.aws.amazon.com/mediaconnect/latest/ug/images/gateway-ingress-egress-detail-lrg.png) ### MediaConnect Gateway terminology The following section provides details about MediaConnect Gateway concepts and terminology. + **Ingress**: In MediaConnect Gateway, ingress refers to content contributed to the AWS Cloud from an on-premises location. If the content is leaving your location using an ingress bridge, this means its destination is AWS. + **Egress**: In MediaConnect Gateway, egress refers to content distributed to your on-premises location from the AWS Cloud. If the content is entering your location using an egress bridge, this means its source is AWS. + **Cloud flow**: A MediaConnect flow that exists in the AWS Cloud. Typically, this will be an existing MediaConnect flow that you might already be using and want to distribute to an on-premises gateway. + **Flow source**: A source that originates in the AWS Cloud. An egress bridge uses this type of source. + **Network source**: A source that originates at your on-premises location. An ingress bridge uses this type of source. + **Flow output**: An output that is delivered to the AWS Cloud. An ingress bridge uses this type of output. + **Network output**: An output that is delivered to your on-premises location. An egress bridge uses this type of output. ## Next steps Now that you have a basic understanding of MediaConnect Gateway, we recommend you review the [Supported operating systems and system architectures for using MediaConnect Gateway](gateway-prerequisites.md). ## Additional resources + To learn more about gateway networks, see [MediaConnect Gateway networks](gateway-components-networks.md). + To learn more about gateway instances, see [Instances managed by MediaConnect Gateway](gateway-components-instances.md). + To learn more about gateway bridges, see [MediaConnect Gateway bridges](gateway-components-bridges.md). # Supported operating systems and system architectures for using MediaConnect Gateway Supported OS and architectures Before you can use AWS Elemental MediaConnect Gateway, you need an AWS account and the appropriate permissions to access, view, and edit MediaConnect components. Additionally, you will need physical hardware that complies to the MediaConnect Gateway requirements listed in the following sections. **Contents** + [ ## General information ](#system-requirements-general) + [ ## Supported system architectures ](#system-requirements-hardware) + [ ## Supported operating systems ](#system-requirements-os) ## General information AWS Elemental MediaConnect Gateway is built on the Amazon Elastic Container Service Anywhere (ECS Anywhere) service. Amazon ECS Anywhere enables you to register an *external instance*, such as an on-premises server, to your AWS infrastructure. This architecture requires that external instances using MediaConnect Gateway comply with both Amazon ECS Anywhere requirements and additional MediaConnect Gateway requirements. For a detailed understanding of Amazon ECS Anywhere and its cluster management capabilities for on-premises hardware, refer to the following resources: + [Amazon ECS clusters for the external launch type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-anywhere.html) in the *Amazon Elastic Container Service Developer Guide* + [Amazon ECS Anywhere FAQs](https://aws.amazon.com/ecs/anywhere/faqs) The following sections of this page outline hardware and operating system (OS) requirements, as well as MediaConnect Gateway-specific requirements. The following table contains the default quotas for each MediaConnect Gateway component. | Component | Default quota | Can this quota be increased? | | --- | --- | --- | | Maximum number of gateways for each AWS Region | 3 | Yes | | Maximum number of instances for each gateway | 20 | No | | Maximum number of bridges for each gateway | 40 | No | | Maximum bitrate for each bridge | 100 Mbps | No | ## Supported system architectures The following table contains the recommended system architectures for your individual gateway instances. The system will determine the maximum number of bridges that can run on the instance. Only x86\$164 CPU architectures are supported. MediaConnect Gateway does not support ARM-based CPUs: | Number of bridges | vCPU cores (2.6 GHz) | vCPU cores (3.0 GHz) | Minimum RAM (GB) | Minimum disk space (GB) | | --- | --- | --- | --- | --- | | 10 | 2 | 2 | 4 | 25 | | 25 | 6 | 4 | 8 | 25 | | 40 | 10 | 8 | 16 | 25 | **CPU references** The CPU architectures are benchmarked using these CPUs: + 2.6 GHz - Intel E5-2660 v3 + 3.0 GHz - AMD 7302 ## Supported operating systems Updated MediaConnect Gateway operating system recommendation The recommended OS for MediaConnect Gateway has been updated from RHEL 8 to Ubuntu 20.04. The following list contains the supported operating systems (OS) and software configurations for your MediaConnect Gateway instances. **Supported operating systems** + Ubuntu 20.04 **Required software** + Docker - MediaConnect Gateway requires that you install the latest release of Docker. If you are using a Linux distribution other than RHEL, the instance registration script provided by MediaConnect will install Docker for you. Neither Docker or RHEL's open package repositories support installing Docker natively on RHEL. When using RHEL, you must ensure that Docker is installed before you run the instance registration script that's described in this document. # MediaConnect Gateway networks Networks An AWS Elemental MediaConnect Gateway *network* is a collection of IP information that will be used by the instances and bridges to communicate on your local data center network. The gateway network information must match the local data center network that you are using to communicate with the gateway. Each gateway may contain a maximum of two networks. All gateways must contain at least one network. ## Key points + Networks are automatically created during the initial setup process of a new gateway. + You can't add or edit a network after the initial creation of the gateway. + Networks are deleted as part of the gateway deletion process. ## Next steps + To learn about creating a gateway and its networks, see [Setting up a MediaConnect Gateway](gateway-create.md). + To learn about deleting a gateway and its networks, see [Removing a MediaConnect Gateway](gateway-cleanup-console.md). # Gateways managed by MediaConnect Gateway Gateways Gateways serve as the logical grouping for instances and bridges in the MediaConnect architecture, facilitating communication between on-premises networks and the AWS Cloud for media workflows. This section covers the fundamental procedures for working with gateways. **Topics** + [ # Setting up a MediaConnect Gateway ](gateway-create.md) + [ # Removing a MediaConnect Gateway ](gateway-cleanup-console.md) # Setting up a MediaConnect Gateway Setting up a gateway Setup begins with creating the gateway. This can be done in the MediaConnect console, programmatically using the MediaConnect API, or by using AWS CloudFormation. **Contents** + [ ## Prerequisites ](#gateway-create-prerequisites) + [ ## Procedure ](#gateway-create-procedure) + [ ## Next steps ](#gateway-create-next-steps) ## Prerequisites + Make sure that you’ve reviewed the [Supported operating systems and system architectures for using MediaConnect Gateway](gateway-prerequisites.md). + Before creating a gateway, you will need the name, egress CIDR IP information, and network information of the gateway you want to create. ## Procedure You can create a gateway using the console or the AWS CLI. ------ #### [ Console ] **To create a gateway using the console** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. From the navigation pane, select **Gateways**. In the **Gateways** section, choose **Create gateway**. 1. On the **Create gateway** page, enter a **Name** for your gateway. This name can't be modified later. 1. For the **Egress CIDR blocks**: Enter a CIDR block for the egress of your gateway. These IP addresses should be in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. This CIDR block represents a range of IP addresses that are allowed to contribute content or initiate output requests for flows communicating with this gateway. **Important** Don't use 0.0.0.0/0 for the **Egress CIDR blocks**. This will open the gateway to the public. 1. In the **Networks** section, enter a name for your first network. A gateway may contain a maximum of two networks. Each network name must be unique for this gateway. 1. Enter a **CIDR block** for this network. To complete the creation of the gateway, choose the **Create Gateway** button. ------ #### [ AWS CLI ] **To create a gateway using the AWS CLI** 1. Find the name, egress CIDR IP information, and network information of the gateway you want to create. Store this information in a JSON file on the computer that runs the AWS CLI. The JSON file should be named `gateway.json`. The following example shows the correct sections and formatting for the JSON file. ``` { "Name": "gateway", "EgressCidrBlocks": [ "10.20.30.0/24" ], "Networks": [ { "Name": "blue", "CidrBlock": "172.31.48.0/20", } ] } ``` 1. Enter the following command into the AWS CLI interface. Replace the `` and `` values with your desired profile and AWS Region. ``` aws --profile --region mediaconnect create-gateway --cli-input-json file://gateway.json ``` 1. The AWS CLI will return a response like the following example. ``` "Gateway": { "EgressCidrBlocks": [ "10.20.30.0/24" ], "GatewayArn": "arn:aws:mediaconnect:us-west-2:111122223333:gateway:1-23aBC45dEF67hiJ8-12AbC34DE5fG:gateway", "GatewayState": "CREATING", "Name": "gateway", "Networks": [ { "CidrBlock": "172.31.48.0/20", "Name": "blue" } ] } } ``` ------ ## Next steps After a MediaConnect Gateway and its networks are created, you can begin registering instances to that MediaConnect Gateway. For instructions, see [Registering a MediaConnect Gateway instance](gateway-components-instances-create.md). # Removing a MediaConnect Gateway Removing a gateway To remove a gateway, you must first remove all of its components, such as its networks, instances, and bridges. The following is the process for removing a gateway and its components. **Contents** + [ ## Prerequisites ](#gateway-cleanup-prerequisites) + [ ## Procedure ](#gateway-cleanup-procedure) ## Prerequisites The following procedure assumes that you have previously created at least one MediaConnect Gateway. ## Procedure You can remove a gateway using the console or the AWS CLI. ------ #### [ Console ] **To remove a gateway using the console** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. From the navigation pane, select **Gateways**. In the **Gateways** section, select the gateway you want to delete. 1. On the MediaConnect Gateway details page, select the **Bridges** tab. Complete the following steps to delete the bridges: 1. Select the bridge you want to delete. 1. If the bridge has been started, select **Stop**. 1. When the bridge is stopped, select **Delete**. 1. Confirm the deletion of the bridge by selecting **Delete bridge**. 1. Repeat these steps for any additional bridges you need to delete. 1. Return to the gateway's **Details** page, select the **Instances** tab. Complete the following steps to delete the instances: 1. Select the instance you want to delete. 1. Select **Deregister**. 1. Confirm the deregistration of the instance by selecting **Deregister instance**. 1. Repeat these steps for any additional instances you need to deregister. **Note** **OPTIONAL**: If you want to reuse the instance for Amazon ECS Anywhere or as another gateway instance, you will need to complete the following steps. If not, continue with Step 5. 1. Make sure that the **Instance state** is **Deregistered** for the instance you want to reuse. 1. From a computer with the access to do so, connect to the instance using SSH. 1. Run the following commands, in order: ``` sudo docker stop $(sudo docker ps -f "name=MediaConnectGatewayAgent" -q); \ sudo docker stop ecs-agent; \ sudo systemctl stop ecs amazon-ssm-agent; \ sudo yum remove -y amazon-ecs-init amazon-ssm-agent; `# or apt or snap as needed` \ sudo rm /var/lib/ecs /etc/ecs /var/lib/amazon/ssm /var/log/ecs /var/log/amazon/ssm -rf; \ sudo docker rm -f ecs-agent ssm-agent; \ sudo docker container rm -f $(sudo docker ps -a -f "name=MediaConnectGatewayAgent" -q); \ sudo docker volume rm -f ecsdata docker run; \ sudo pkill -f -KILL network_bootstra[p]; \ sudo pkill -KILL mcproxy; ``` 1. After successfully deleting all bridges and deregistering all instances associated with the gateway, you may delete the gateway. Deleting the gateway will delete all networks created under that gateway. 1. From the navigation pane, select **Gateways**. 1. In the **Gateways** section, select the gateway that you want to delete to view that gateway's **Details** page. 1. Choose the **Delete** button. 1. Confirm the deletion of the gateway by choosing **Delete gateway**. ------ #### [ AWS CLI ] **To remove a gateway using the AWS CLI** 1. Delete the bridges by running the following command. ``` aws --profile --region mediaconnect delete-bridge --bridge-arn ``` 1. Deregister the instances by running the following command. ``` aws --profile --region mediaconnect deregister-gateway-instance --gateway-instance-arn ``` **Note** **OPTIONAL**: If you want to reuse the instance for Amazon ECS Anywhere or as another AWS Elemental MediaConnect Gateway instance, you will need to complete the following steps. If not, continue with Step 3. 1. Make sure that the `InstanceState` is `DEREGISTERED` for the instance you want to reuse. You can verify using the `describe-gateway-instance` command shown in the following example. ``` aws --profile --region mediaconnect describe-gateway-instance --gateway-instance-arn ``` 1. From a computer with the access to do so, connect to the instance using SSH. 1. Run the following commands, in order. ``` sudo docker stop $(sudo docker ps -f "name=MediaConnectGatewayAgent" -q); \ sudo docker stop ecs-agent; \ sudo systemctl stop ecs amazon-ssm-agent; \ sudo yum remove -y amazon-ecs-init amazon-ssm-agent; `# or apt or snap as needed` \ sudo rm /var/lib/ecs /etc/ecs /var/lib/amazon/ssm /var/log/ecs /var/log/amazon/ssm -rf; \ sudo docker rm -f ecs-agent ssm-agent; \ sudo docker container rm -f $(sudo docker ps -a -f "name=MediaConnectGatewayAgent" -q); \ sudo docker volume rm -f ecsdata docker run; \ sudo pkill -f -KILL network_bootstra[p]; \ sudo pkill -KILL mcproxy; ``` 1. Delete the gateway. This will delete all networks associated with the gateway. ``` aws --profile --region mediaconnect delete-gateway --gateway-arn ``` ------ # Instances managed by MediaConnect Gateway Instances An *instance* is a compute instance running on equipment in your data center and managed by MediaConnect Gateway. This instance is an on-premises implementation of the MediaConnect service and is contained within a gateway. Instances use bridges to communicate between your data center and the AWS Cloud. Instances are created by installing software on an on-premises server. This section covers the fundamental procedures for working with gateways. **Topics** + [ # Registering a MediaConnect Gateway instance ](gateway-components-instances-create.md) + [ # Deregistering a MediaConnect Gateway instance ](gateway-components-instances-delete.md) # Registering a MediaConnect Gateway instance Registering an instance You can register an instance by running a custom Linux command on the device that will be hosting the instance. You generate the command by following the instance registration process in the AWS Management Console. Registering an instance using the AWS CLI is not currently supported. **Contents** + [ ## Prerequisites ](#gateway-components-instances-create-prerequisites) + [ ## Procedure ](#gateway-components-instances-create-procedure) + [ ## Next steps ](#gateway-components-instances-create-next-steps) + [ ## Additional resources ](#gateway-components-instances-create-additional-resources) ## Prerequisites The following procedure assumes that you have previously created a gateway. ## Procedure **To register a MediaConnect Gateway instance** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. From the navigation pane, select **Gateways**. 1. In the **Gateways** section, select the gateway you want to register the instance to. 1. On the gateway **Details** page, select the **Instances** tab. 1. On the **Instances** tab, choose **Register instance**. 1. On the **Register Gateway instances** page, complete the following steps: 1. For **Activation key duration**, enter the number of days that the activation key will remain active. After that number of days, the key will no longer work when registering a gateway instance. 1. For **Number of instances**, enter the number of instances that you want to register to your gateway with this activation key. 1. For **Instance role**, choose the IAM role to associate with your external instances. 1. Select **Generate registration command**. 1. Copy the **Linux command** that is displayed. 1. Run the command on each instance you want to register to this gateway. **Important** The bash portion of the script must be run as root. If the command isn't run as root, an error is returned. 1. After a few minutes, the instance will register to the gateway. All instances registered to this gateway will appear in the **Instances** tab. ## Next steps After you’ve registered an instance to a MediaConnect Gateway, you can create a bridge on that instance. For instructions, see [Creating a MediaConnect Gateway bridge](gateway-components-bridges-create.md). ## Additional resources + [Deregistering a MediaConnect Gateway instance](gateway-components-instances-delete.md) # Deregistering a MediaConnect Gateway instance Deregistering an instance You can deregister an instance you no longer want to use within MediaConnect Gateway. By deregistering the instance, it will no longer support bridges and will not be a part of your gateway. **Contents** + [ ## Prerequisites ](#gateway-components-instances-delete-prerequisites) + [ ## Procedure ](#gateway-components-instances-delete-procedure) + [ ## Next steps ](#gateway-components-instances-delete-next-steps) + [ ### Reusing a gateway instance ](#gateway-components-instances-reuse) + [ ## Additional resources ](#gateway-components-instances-delete-additional-resources) ## Prerequisites The following procedure assumes that you have previously registered at least one instance to your gateway. ## Procedure **To deregister a gateway instance** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. From the navigation pane, select **Gateways**. In the **Gateways** section, select the gateway that contains the instance you want to deregister. 1. On the gateway **Details** page, select the **Instances** tab. Select the **Instance ID** of the instance you want to deregister. 1. Select **Deregister**. 1. Confirm the deregistration of the instance by selecting **Deregister instance**. 1. Repeat the previous steps for any additional instances you need to deregister. ## Next steps ### Reusing a gateway instance If you want to reuse the instance for Amazon ECS Anywhere or as another gateway instance, you will need to complete the following steps. **To reuse a gateway instance (optional)** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. From the navigation pane, select **Gateways**. In the **Gateways** section, select the gateway that contains the instance you want to reuse. 1. On the gateway **Details** page, select the **Instances** tab. Locate the **Instance ID** of the instance you want to reuse. 1. Make sure that the **Instance state** is **Deregistered** for the instance you want to reuse. 1. From a computer with the access to do so, connect to the instance using SSH. 1. Run the following commands, in order. ``` sudo docker stop $(sudo docker ps -f "name=MediaConnectGatewayAgent" -q); \ sudo docker stop ecs-agent; \ sudo systemctl stop ecs amazon-ssm-agent; \ sudo yum remove -y amazon-ecs-init amazon-ssm-agent; `# or apt or snap as needed` \ sudo rm /var/lib/ecs /etc/ecs /var/lib/amazon/ssm /var/log/ecs /var/log/amazon/ssm -rf; \ sudo docker rm -f ecs-agent ssm-agent; \ sudo docker container rm -f $(sudo docker ps -a -f "name=MediaConnectGatewayAgent" -q); \ sudo docker volume rm -f ecsdata docker run; \ sudo pkill -f -KILL network_bootstra[p]; \ sudo pkill -KILL mcproxy; ``` ## Additional resources For more information about deleting a MediaConnect Gateway and its networks, see [Removing a MediaConnect Gateway](gateway-cleanup-console.md). # MediaConnect Gateway bridges Bridges A *bridge* is a connection between your data center's instances and the AWS Cloud. Depending on the selected bridge type, a bridge can be used to send content from the AWS Cloud to your data center or from your data center to the AWS Cloud. **Contents** + [Key points](#gateway-components-bridges-key-points) + [Bridge types](#gateway-components-bridges-types) + [Bridge sources](#gateway-components-bridges-sources) + [Bridge outputs](#gateway-components-bridges-outputs) + [Next steps](#gateway-components-bridges-next-steps) ## Key points ### Bridge types AWS Elemental MediaConnect Gateway supports two types of bridges. Each bridge type serves a different purpose and determines if you will be contributing content to the AWS Cloud or distributing content to a physical location. The following are the two types of bridges and their different functions: + **Ingress bridge**: A ground-to-cloud bridge. On an ingress bridge, the content originates at your premises and is delivered to the AWS Cloud + **Egress bridge**: A cloud-to-ground bridge. On an egress bridge, the content comes from an existing MediaConnect flow and is delivered to your premises. ### Bridge sources Each bridge requires you to create a minimum of one source. The source is the content that will be ingested by the MediaConnect Gateway. The origin of the source content will be different depending on the bridge type you select. If you create multiple bridge sources, you can enhance the resiliency of your bridge by activating failover during the creation process. The following are the two types of sources: + **Ingress bridge source**: For an ingress bridge, the content originates at your premises and is delivered to the cloud. When creating an ingress bridge source, you will need to select the protocol (RTP, RTP-FEC, or UDP) and enter the multicast IP address and port of the content originating in your premises. You can also use source-specific multicast (SSM) for ingress bridges, which allows you to optionally provide a source IP address in addition to the multicast IP when creating or updating an ingress bridge. This gives you more precise control over the multicast traffic. + **Egress bridge source**: For an egress bridge, the content originates as an existing MediaConnect flow and is delivered to your premises. When creating an egress bridge source, you will need to select the MediaConnect flow that you would like to send to your premises. You don't need to select the protocol. The source will use the same protocol as the existing flow. #### Bridge source failover If you create multiple bridge sources, you can enhance the resiliency of your bridge by activating failover during the creation process. The failover configuration determines how AWS Elemental MediaConnect Gateway behaves in the event of source input loss. The bridge type will determine which of the two failover modes are available. The following are the two failover modes: + **Failover**: This mode allows switching between a primary and a backup source. You can specify a source as the primary source. The second source serves as the backup. The service switches to the backup source if the primary source fails, and switches back to the primary source as soon as it is reliable. + **Merge**: This mode combines the sources into a single stream, allowing a graceful recovery from any single-source loss. In merge mode, if a source is missing a packet the service pulls the missing packet from the other source. ### Bridge outputs Each bridge requires you to create a minimum of one output. The following are the two types of outputs: + **Ingress bridge output**: For an ingress bridge, the content originates at your premises and is delivered to the cloud. You do not need to configure outputs for ingress bridge types. When you create a MediaConnect flow using the ingress bridge as a source, the output is automatically created when the flow is started. + **Egress bridge output**: For an egress bridge, the content originates as an existing MediaConnect flow and is delivered to your premises. When you create an egress bridge output, you will need to configure the IP and protocol information that will be delivered to your premises. Egress bridge outputs support RTP, RTP-FEC, and UDP protocols. ## Next steps + To create a bridge, see [Creating a MediaConnect Gateway bridge](gateway-components-bridges-create.md). # Creating a MediaConnect Gateway bridge Creating a bridge After you have registered at least one instance to your gateway, you can create a bridge. The process for creating a bridge will vary depending on the bridge type you select. **Contents** + [ ## Prerequisites ](#gateway-components-bridges-create-prerequisites) + [ ## Procedure ](#gateway-components-bridges-create-procedure) + [ ## Next steps ](#gateway-components-bridges-create-next-steps) + [ ### Starting a bridge ](#gateway-components-bridges-create-next-steps-start-bridge) + [ ### Updating a bridge ](#gateway-components-bridges-create-next-steps-update-bridge) ## Prerequisites + The following procedure assumes that you have previously created a gateway and registered an instance to it. + Before creating a bridge, you will need to collect the details of the bridge you want to create. + If you're creating an ingress bridge and you want to use source-specific multicast (SSM), verify your network capability and ensure that your network infrastructure (routers and switches) supports SSM. The multicast source IP that you use must be a valid IPv4 address. ## Procedure After you have registered at least one instance to your gateway, you can create a bridge. The process for creating a bridge will vary depending on the bridge type you select. There are two bridge types: ingress (a ground-to-cloud bridge) or egress (a cloud-to-ground bridge). ------ #### [ Console ] **To create an ingress bridge** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. From the navigation pane, select **Gateways**. 1. In the **Gateways** section, select the gateway you want to create the bridge on. 1. On the gateway **Details** page, select the **Bridges** tab. 1. Select **Create bridge**. 1. On the **Create bridge** page, complete the following steps in the **Details** section: 1. Enter a **Name** for the bridge. 1. For **Bridge type**, select **Ingress bridge**. 1. Enter the **Maximum bitrate** for the content you will transport over the bridge. 1. Enter the **Maximum outputs** for the bridge. 1. Next, complete the following steps in the **Sources** section. The source of an ingress bridge is multicast content that originates at your premises: 1. Enter a **Name** for the bridge source. 1. Select a **Network**. This is a network you created during the gateway setup process. 1. Select the **Protocol** for this source. 1. Enter the **Multicast IP** address. 1. (Optional) If you want to use source-specific multicast (SSM), enter the **Multicast Source IP** address. The multicast source IP that you enter must be a valid IPv4 address. If you don't enter a value here, the bridge source will use Any-Source Multicast (ASM) mode. 1. Enter the **Port** of the source. 1. If you add more than one source, you can set up failover using the **Failover configuration** section. 1. Select the **Failover mode**: **Failover** or **Merge**. 1. (Optional) If you select **Failover** as the mode, you can select one of the sources you previously configured to be the **Primary source**. If you don't select a **Primary source**, MediaConnect will select one at random. 1. Choose **Create bridge**. 1. After the bridge is created, you can start the bridge by selecting **Start** on the bridge's **Details** page. **To create an egress bridge** 1. Open the MediaConnect console at [https://console.aws.amazon.com/mediaconnect/](https://console.aws.amazon.com/mediaconnect/). 1. From the navigation pane, select **Gateways**. 1. In the **Gateways** section, select the gateway you want to create the bridge on. 1. On the gateway's **Details** page, select the **Bridges** tab. 1. Choose **Create bridge**. 1. On the **Create bridge** page, complete the following steps in the **Details** section: 1. Enter a **Name** for the bridge. 1. Select a **Bridge type** of **Egress bridge**. 1. Enter the **Maximum bitrate** for the content you will transport over the bridge. 1. Complete the following steps in the **Sources** section: 1. Enter a **Name** for the bridge source. For an Egress bridge, the source is the content coming from a MediaConnect flow and delivered to your premises. 1. Select a **Network**. This is a network you created during the gateway setup process. 1. Select the **Flow ARN**. This is the ARN of the MediaConnect flow that you will use as a source. 1. If this flow uses a **VPC interface**, select it. 1. If you add more than one source, you can set up failover using the **Failover configuration** section. 1. When you select an egress bridge, the only available **Failover mode** is **Failover**. **Merge** cannot be selected. 1. (Optional) Select one of the sources that you previously created to be the **Primary source**. If you don't select a **Primary source**, MediaConnect will select one at random. 1. Under **Outputs**, complete the following steps. 1. Enter a **Name** for the bridge output. 1. Select a **Network**. This is a network that you created during the MediaConnect Gateway setup process. 1. Select a transport **Protocol** for the output. 1. Enter an **IP address** for the output. This must be an IP that is compatible with your local network. 1. Enter the **Port** for the output. This must be a port that is compatible with your local network. 1. Enter a **TTL** (time-to-live) for the output. 1. Select **Create bridge**. 1. After the bridge is created, you can start the bridge by selecting **Start** on the bridge details page. ------ #### [ AWS CLI ] **To create a bridge using the AWS CLI** 1. Find the details of the bridge you want to create. These details will be stored in a JSON file on the computer running the AWS CLI. The JSON file should be named `bridge.json`. The following examples show the correct sections and formatting for the JSON file. Here is an example for creating an egress bridge: ``` { "Name": "bridge", "PlacementArn": "arn:aws:mediaconnect:us-west-2:111122223333:gateway:1-23aBC45dEF67hiJ8-12AbC34DE5fG:gateway", "EgressGatewayBridge": { "MaxBitrate": 100000000 }, "SourceFailoverConfig": { "FailoverMode": "FAILOVER", "State": "ACTIVE" }, "Sources": [ { "FlowSource": { "Name": "Source0", "FlowArn": "arn:aws:mediaconnect:us-west-2:111122223333:flow:1-UAECXlABCQJeVwMB-95ec11ac6059:gatewayFlow", "NetworkName": "blue" } }, { "FlowSource": { "Name": "Source1", "FlowArn": "arn:aws:mediaconnect:us-west-2:111122223333:flow:1-ECRZVGADYMGtPGTM-c1iPQ5FNL7Qn:gatewayFlow", "NetworkName": "blue", "FlowVpcInterfaceAttachment": { "VpcInterfaceName": "VPCIF" } } } ], "Outputs": [ { "NetworkOutput": { "Name": "Output0", "NetworkName": "blue", "IpAddress": "225.1.2.3", "Port": 5010, "Protocol": "rtp-fec", "Ttl": 8 } }, { "NetworkOutput": { "Name": "Output1", "NetworkName": "blue", "IpAddress": "225.1.2.4", "Port": 6010, "Protocol": "rtp", "Ttl": 250 } } ] } ``` Here is an example for creating an ingress bridge that supports SSM (`MulticastSourceSettings` and `MulticastSourceIp` are defined in the source): ``` { "Name": "bridge", "PlacementArn": "arn:aws:mediaconnect:us-west-2:111122223333:gateway:1-23aBC45dEF67hiJ8-12AbC34DE5fG:gateway", "IngressGatewayBridge": { "MaxBitrate": 80000000, "MaxOutputs": 1 }, "SourceFailoverConfig": { "FailoverMode": "FAILOVER", "SourcePriority": { "PrimarySource": "network-source1" }, "State": "ENABLED" }, "Sources": [ { "NetworkSource": { "MulticastIp": "224.0.0.1", "MulticastSourceSettings": { "MulticastSourceIp": "1.2.3.4" }, "Name": "network-source1", "NetworkName": "network-1", "Port": 5001, "Protocol": "rtp" } }, { "NetworkSource": { "MulticastIp": "224.0.0.2", "MulticastSourceSettings": { "MulticastSourceIp": "4.3.2.1" }, "Name": "network-source2", "NetworkName": "network-1", "Port": 5001, "Protocol": "rtp" } } ] } ``` 1. Enter the following command into the AWS CLI interface. Replace the ** and ** values with your desired profile and AWS Region. ``` aws --profile --region mediaconnect create-bridge --cli-input-json file://bridge.json ``` 1. The AWS CLI will return a response like the following example. ``` { "Bridge": { "BridgeArn": "arn:aws:mediaconnect:us-west-2:111122223333:bridge:1-GLxlBRLrHzzvpwyb-1dd82066b207:bridge", "BridgeMessages": [], "BridgeState": "STANDBY", "EgressGatewayBridge": { "MaxBitrate": 100000000 }, "Name": "bridge", "Outputs": [ { "NetworkOutput": { "IpAddress": "225.1.2.3", "Name": "Output0", "NetworkName": "blue", "Port": 5010, "Protocol": "rtp-fec", "Ttl": 8 } }, { "NetworkOutput": { "IpAddress": "225.1.2.4", "Name": "Output1", "NetworkName": "blue", "Port": 6010, "Protocol": "rtp", "Ttl": 250 } } ], "PlacementArn": "arn:aws:mediaconnect:us-west-2:111122223333:gateway:1-23aBC45dEF67hiJ8-12AbC34DE5fG:gateway", "SourceFailoverConfig": { "FailoverMode": "FAILOVER", "State": "ENABLED" }, "Sources": [ { "FlowSource": { "FlowArn": "arn:aws:mediaconnect:us-west-2:111122223333:flow:1-UAECXlABCQJeVwMB-95ec11ac6059:gatewayFlow", "Name": "Source0", "NetworkName": "blue" } }, { "FlowSource": { "FlowArn": "arn:aws:mediaconnect:us-west-2:111122223333:flow:1-ECRZVGADYMGtPGTM-c1iPQ5FNL7Qn:gatewayFlow", "Name": "Source1", "NetworkName": "blue", "FlowVpcInterfaceAttachment": { "VpcInterfaceName": "VPCIF" } } } ] } } ``` ------ ## Next steps ### Starting a bridge After the bridge is created, you can start the bridge by choosing `Start` on the bridge's details page. ### Updating a bridge When updating an existing bridge source to use SSM, keep these key points in mind: 1. **Bridge state requirements**: The bridge must be in `STANDBY` state before you make any changes. 1. **Enabling SSM**: To enable SSM, add a multicast source IP to the ingress bridge configuration. After you start the bridge, it will use the new SSM configuration and only accept multicast traffic from the specified source IP. 1. **Reverting to ASM**: To switch back to Any-Source Multicast (ASM) mode, remove the multicast source IP from the ingress bridge configuration. Remember, this can only be done when the bridge is in `STANDBY` state. 1. **Applying changes**: After you make your changes, you must start the bridge for the new configuration to take effect. 1. **Verifying bridge source information**: You can view the current state of your bridge sources (including the multicast source IP) by using the [DescribeBridge](https://docs.aws.amazon.com/mediaconnect/latest/api/v1-bridges-bridgearn.html) API or checking the bridge details in the console. By following these guidelines, you can successfully manage your bridge's multicast settings, switching between SSM and ASM modes as needed.