When you extend SDDC Group connectivity to include native AWS objects such as VPCs, Transit Gateways (TGWs), and Direct Connect Gateways (DXGWs) that you own and manage, you must also edit VPC route tables or a VMware Cloud on AWS shared prefix list to establish and maintain connectivity between the group’s VTGW and these objects.

Route management for connections between VMware Cloud on AWS networks and native AWS objects depends on your network topology. For all topologies that include native AWS objects such as TGWs and VPCs, you must define return paths from those objects to the SDDC group, as shown in Attach a VPC to an SDDC Group and Attach an AWS Transit Gateway to an SDDC Group. Topologies that send traffic from the SDDC group to a native AWS object (such as a "security VPC" through which all traffic between the SDDC group and the Internet is routed for inspection) require you to configure those outbound routes manually, either by editing native route tables as described in the AWS Virtual Private Cloud User Guide, or by using a VMware Cloud on AWS shared prefix list.

A shared prefix list (a list of subnet CIDRs that VMware manages and shares with your AWS account) is the best option for most SDDC groups, since it updates external VPC and TGW route tables automatically during NSX Edge migration or failover, and whenever SDDC group members are added and removed. For more information see the VMware Cloud Tech Zone article Understanding Shared Prefix Lists for SDDC Groups in VMC on AWS.

Procedure

  1. On the Inventory page of the VMware Cloud Console, click SDDC Groups, then click the Name of the group that has the VPC attached.
  2. To create a shared prefix list that you can use to simplify manual maintenance of routes to and from the group members' subnets and external AWS objects, open the Routing tab for the group and click CREATE PREFIX LIST.
    You can skip this step if you want to manually update the external VPC's route tables.
    1. On the Create Prefix List card, fill in the required values, then click CREATE PREFIX LIST.
      Prefix List Name Make up a name.
      VMC on AWS Region Select a region from the list of AWS regions occupied by SDDC group members.
      AWS Region The region where you want the prefix list to be created. Initially the same as the VMC on AWS Region value, but you can change it to have the prefix list created in a different region.
      AWS Accounts to associate This list is prepopulated with the 12-digit AWS account IDs associated with the SDDC group. You can add or remove account IDs as needed.
      When you click CREATE PREFIX LIST, the Status of the prefix list changes to Creation in Progress.
    2. When the Status of the prefix list changes to Created, use an AWS identity that has permission to accept a resource share and log into the AWS console using one of the Associated AWS Accounts.
      Click Resource Access Manager > Shared with me to see a list of AWS resources shares the account can access. The resource Name has the form VMC-SHARED-PREFIX-LIST-ID and a Status of Pending. Click the resource Name to open the resource share details card, then click Accept resource share and confirm acceptance.
    3. In the AWS console, open Your VPCs, select a VPC, and add one or more prefixes to the VPC's main route table.
      Click Add route, enter the prefix list ID as a Destination and specify the SDDC group's VTGW as the Target.
      Note:

      Each prefix list counts as a single Route when added to a route table but can contain many entries, each of which counts toward the route table's quota. See AWS VPC route table quotas and be sure that the route table has sufficient capacity to accommodate all the routes in the prefix list.

      After you add a prefix list to a VPC route table, all routes from SDDC group members to target TGW or VPC objects are updated automatically.
  3. To modify or remove a shared prefix list, open the Routing tab for the group.
    • To modify a Prefix List Name or its Associated AWS Accounts click the pencil icon (the pencil icon) to open the Edit Prefix List Name or Associate AWS Accounts card.
    • To remove a prefix list, select it and click DELETE PREFIX LIST. You must remove any resources (such as route tables) associated with the list before you delete it.
  4. To view the current set of routes programmed (either manually or from a shared prefix list) for this SDDC group, open the Routing tab for the group.
    You can view routes to Members (SDDCs in the group along with the group's VTGW and any connected VPCs), or to External endpoints (SDDCs in other groups). You can filter each list by object Type (SDDC, VPC, or TGW).