You can configure Direct Connect for private connections between VMware Cloud DR and on-premises protected sites.

Prerequisites

Before configuring Direct Connect with VMware Cloud DR, do the following:
  • Create a CIDR block on your protected site /26 or larger to use for connections between protected sites and VMware Cloud DR. This IP address range cannot conflict with any on-premises network on the protected site that uses Direct Connect.
  • Obtain your VMware Cloud DR AWS shadow account ID. You can find this account ID and number by navigating to Settings > Direct Connect. Your network administrator needs this account number to export your private VIFs to VMware Cloud DR.
  • Have your network administrator create a private VIF that uses the CIDR block allocated for the VIF, your shadow account ID, and the VMware Cloud DR AWS BGP ASN number: 64512.
  • Export your private VIFs to the VMware Cloud DR shadow account ID. Your network administrator performs this task from your AWS account.
Using a private VIF with a VMware Cloud DR protected site is restricted by the following caveats:
  • Only a single CIDR block is supported and is shared among all VIFs.
  • Multiple protected sites are supported for use with private VIFs, if all protected sites share the same CIDR block.
  • Post-deployment CIDR block changes are not supported.
  • You cannot convert a non-VIF protected site to use a private VIF by yourself. If you interested in converting a VMware Cloud DR protected site to use a private VIF, contact VMware Support.
  • VMware Cloud DR cannot determine if a private VIF is being used for a specific protected site.

Procedure

  1. In VMware Cloud DR, navigate to Settings > Direct Connect.
    The Direct Connect dialog box shows the VMware Cloud DR AWS shadow account ID. Your IT administrator needs this information to create and export private VIFs to VMware Cloud DR. You cannot configure Direct Connect if you have not yet exported private VIFs to VMware Cloud DR.
  2. In the Direct Connect dialog box, click the Set CIDR block button.
    Snapshot replication routes through a private IP network using IP addresses in the AWS transit VPC CIDR. The CIDR block you select for this connection must be /26 or larger.
    Note: Once you set the CIDR, you cannot change it.
  3. In the Set transit VPC CIDR block dialog box, enter the CIDR block to use with Direct Connect. Select an IP address range that does not conflict with any on-premises network on the protected site that uses Direct Connect.
  4. Select the check box to confirm that once you set the transit VPC CIDR, it canot be changed.
  5. Click OK.
  6. If the connection is successful, the Direct Connect dialog box shows all private VIFs exported to your account.
    For each VIF, the dialog box shows the interface name and ID, Direct Connect ID, state (available, unavailable, attaching, or attached), and BGP status (up, down, or unknown).
  7. To enable a VIF, select the small menu to the right of the VIF row and select Attach.
  8. In the Attach virtual interface confirmation dialog box, select the check box to confirm, and then click OK.

What to do next

After you have established a Direct Connect connection, you can select this connection type when you set up a protected site.