After you create an SDDC Group, you can connect an on-premises SDDC to that group's Direct Connect Gateway to give it DX connectivity to all members of the SDDC group.

VMware Transit Connect handles all compute and management network traffic among SDDC group members. Many SDDC group members will also need to make network connections to your on-premises data center. To enable these connections, associate an AWS Direct Connect Gateway with the group's VMware Managed Transit Gateway.

Attaching a Direct Connect Gateway to the SDDC group is a multi-step process that requires you to use both the VMware Cloud Console and the AWS console. You use the VMware Cloud Console to make the VTGW (an AWS resource) available for sharing. You then use the AWS console to accept the shared resource and associate it with the Direct Connect Gateway you'd like to attach to the SDDC Group. You'll also use the AWS console if you need to modify the list of allowed prefixes for an existing Direct Connect Gateway.

Prerequisites

You must create an AWS Direct Connect Gateway. See Creating a Direct Connect gateway in the AWS documentation.

Procedure

  1. On the Inventory page of the VMware Cloud Console, click SDDC Groups, then click the Name of the group to which you want to attach the Direct Connect Gateway.
  2. On the Direct Connect tab for the group, click ADD ACCOUNT and specify the AWS account that owns the Direct Connect Gateway you want to add to the group.
    On the Add Direct Connect Gateway page, fill in the following values:
    Option Description
    Direct Connect Gateway Attachment ID The ID value, displayed on the AWS console Direct Connect Gateways page for the gateway object.
    Location Specifies additional regional VTGW attachments for this gateway. A single Direct Connect gateway attachment in any region can handle traffic among all members of a multi-region group, but transitive routing is not supported. If a group has members in two different regions but only a single DXGW connection, only traffic from the SDDC in the region connected to the DXGW is routed to the on-premises data center. Use the VTGW Location control to associate the DXGW with a VTGW in another region.
    Allowed Prefixes A comma-separated list of compute network CIDR blocks of SDDC group members for the specified VTGW Location.
    Click OK to generate an association proposal in AWS for the specified gateway.
  3. In the AWS console, open the Direct Connect Gateways page for the gateway object and accept the association proposal.
    Acceptance can take up to 20 minutes. When it completes:
    • In the AWS console, the gateway will have a State of associated on the AWS Direct Connect Gateways page for the gateway object.
    • In the VMware Cloud Console, the gateway will have a State of Connected in the Direct Connect tab for the group.
  4. Attach an AWS Transit VIF between the Direct Connect Gateway and your Direct Connect Location (Direct Connect provider).
    See Transit gateway attachments to a Direct Connect gateway in the AWS VPC documentation.
  5. (Optional) Add a Direct Connect Gateway location.
    In a multi-region SDDC group, you can attach a group VTGW in any region to a Direct Connect Gateway. On the Direct Connect Gateway tab for the group, click ADD LOCATION to open the Add Direct Connect Gateway Location card, then specify an AWS region to attach to the gateway and one or more Allowed Prefixes.

What to do next

Create any firewall rules needed to allow traffic between the Direct Connect Gateway and the on-premises SDDC.