We assume that the reader is already a VMware SD-WAN customer with access to our VMware SD-WAN Orchestrator and familiar with the environment and notions such as segmentation, profiles, interface settings, Cloud VPN as well as AWS networking concepts.
Before using this guide, a customer first needs to:
- Have an administrator account created on a VMware Orchestrator.
- Have a Hub Profile already created and to be assigned to the Hub Cluster,
- Have segments already defined on the VMware Orchestrator.
- Have a policy file already defined for the AWS Cloud WAN. See example here.
- Have an AWS S3 bucket to host the *.json files which must be in the same region as the Core Network Edge to be deployed).
- Ensure that the account quotas for Amazon VPC and Site-to-Site VPN are sufficient for the desired deployment configuration.
- Ensure that the VMware SD-WAN Edges are running software Release 4.3.1 or newer.
Note: In this document, we expect:
- For every VPC attachment there is only one subnet part of that VPC.
- There is no other “Non SD-WAN Destination via Edge” configuration. The presence of an additional NSD via Edge configuration may cause the Site-to-Site VPN to fail.
- Upload the *.json files to the S3 bucket. The following 4 *.json files are necessary to successfully launch the Quick Start:
- Create your CloudFormation stack. Copy the URL of the *-start.json file and click Next .
- Enter a stack name.
- Fill out the required parameters.
Note: “SecondSegmentName” should match what has been defined on the VMware SD-WAN Orchestrator.
Note: The segment(s) defined in the "PolicyJson" file should match the segments defined earlier.
Note: The “Greenfield” and “Brownfield” templates as well as the “Lambda package” file should have been uploaded to the S3 bucket.
Note: As covered in the
Prerequisites section, “SubnetToAttachToSegment1” and “SubnetToAttachToSegment2” must NOT belong to the same VPC.
Having confirmed all of the above, click Next .
- Check the box "I acknowledge that AWS CloudFormation might create IAM resources" and click Create stack .
- The deployment process should take approximately 10-12 minutes to complete. Once completed, you will have an environment with:
- Two (2) SD-WAN Virtual Edges in two (2) separate Availability Zones
- One (1) AWS Cloud WAN Core Network Edge (CNE)
- Eight (8) Route-based VPNs to the CNE for two (2) segments
Note: You can follow the progress of the deployment and review logs in AWS CloudWatch.
- Add the necessary static routes and choose the Core Network Edge as the Target for traffic destined to the branches/on-premises to your workload VPC route tables.
The target should be the Core Network Edge that was just create in the previous step.
- Assign the Hub Cluster to the Branch Profile.
- The final step is to verify end-to-end connectivity.