[VMware Cloud Disaster Recovery] - Cloud DVX routing connectivity issues to vCenter in recovery SDDC on port 443 when a VPN is configured on a recovery SDDC
Article ID: 320356
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
When a policy-based or route-based VPN is configured, it is possible that the management gateway traffic within the SDDC may take the routing path of the policy-based or route-based VPN. By default, SDDC management traffic is routed via AWS DirectConnect (DX) local to the SDDC.
The known remediation steps is shared in the "Resolution" section of this knowledgebase article.
Symptoms:
The known remediation steps is shared in the "Resolution" section of this knowledgebase article.
Symptoms:
Symptoms Seen: Cloud DVX may experience connectivity issues routing to recovery SDDC vCenter on port 443 when a policy-based or route-based VPN is configured on the VMC on AWS SDDC
Cause
In common VMware Cloud Disaster Recovery deployments, a recovery SDDC is deployed. There is also a VPN feature that can be leveraged when establishing connectivity between protected on-premises site and recovery SDDC from a networking perspective, (see Configure a VPN Connection Between Your SDDC and On-Premises Data Center .)
Resolution
If a VMC on AWS SDDC Policy-Based or Route-Based VPN is configured, please try the below:
- Temporarily Disable Policy-Based VPN or Route-Based VPN to force all management traffic to be local to the SDDC
- Ensure there is no network CIDR overlap between on-premises configured policy-based or route-based VPN and the SDDC's infrastructure and appliance subnets ("Overview" tab in "Networking & Security" tab in the SDDC configuration)
- Leverage specific subnets configured for VPN to allow connectivity between on-premises protected site and Cloud DVX (/Orchestrator) subnets (not 0.0.0.0/0)
Note also VMC on AWS SDDC has known reserved network addresses.
Additional Information
Impact/Risks:
Recovery SDDC "Networking & Security" (VMC on AWS NSX) modifications via VMC Console may impact workload network connectivity between local on-premises and remote VMC on AWS SDDC after changes are committed.
Recovery SDDC "Networking & Security" (VMC on AWS NSX) modifications via VMC Console may impact workload network connectivity between local on-premises and remote VMC on AWS SDDC after changes are committed.
Feedback
Yes
No
Powered by
