You can configure AWS Direct Connect for private connections between VMware Live Cyber Recovery and your protected sites.

Prerequisites

Before configuring Direct Connect with VMware Live Cyber Recovery, do the following:
  • Select a /26 CIDR block within your company's private IP network scheme. This CIDR block must not overlap with other allocated CIDR blocks within your routed on-premises and cloud networking sites. The VMware Live Cyber Recovery internal networking uses 172.30.0.0/26, which cannot be used. The allocated CIDR block is part of VMware Live Cyber Recovery's Transit VPCs, which host the xENIs for the Orchestrator and cloud file system that are exported over Direct Connect.
  • After the VIF is attached, the original /26 CIDR block is split into two equal /27 CIDR blocks that are advertised by the interface. In some cases, you might need to make your protected site's networking configuration match advertised prefixes.
  • Select an appropriate and valid autonomous system number (ASN) number. VMware Live Cyber Recovery uses ASN number 64512, and cannot be used for your side of the Border Gateway Protocol (BGP) connection.
  • Obtain your VMware Live Cyber Recovery AWS shadow account ID. You can find this account ID and number by navigating to Settings > Direct Connect. Your network administrator needs this account number to export your private VIFs to VMware Live Cyber Recovery.
  • Have your network administrator create a private VIF that uses the allocated CIDR block, VMware Live Cyber Recovery shadow account ID, and the allocated BGP ASN number.
  • Export your private VIFs to the VMware Live Cyber Recovery shadow account ID. Your network administrator performs this task from your AWS account.
Using a private VIF with a VMware Live Cyber Recovery protected site is restricted by the following caveats:
  • Only a single CIDR block is supported and is shared among all VIFs.
  • Do not use the 172.30.0.0/26 CIDR block because it overlaps with CIDR blocks 172.30.16.0/24 and 172.16.0.0/16, which are reserved for use by VMware Live Cyber Recovery.
  • Multiple protected sites are supported for use with private VIFs, if all protected sites share the same CIDR block and are connecting to the end point of their Private VIF.
  • If you have multiple private VIFs configured (for redundancy purposes), VMware Live Cyber Recovery is not able to identify which VIF is being used for a specific protected site.

Procedure

  1. From the left navigation in the VMware Live Cyber Recovery UI, select Settings and then click Private Network Connection.
    The Private network connection dialog box shows the VMware Live Cyber Recovery AWS shadow account ID. Your IT administrator needs this information to create and export private VIFs to VMware Live Cyber Recovery. You cannot configure Direct Connect if you have not exported private VIFs to VMware Live Cyber Recovery.
  2. Click Set up private connection.
  3. In the Set up private connection dialog box, enter the CIDR block to use with Direct Connect.
    Select an IP address range that does not conflict with any on-premises network on the protected site that uses Direct Connect
    Snapshot replication routes through a private IP network using IP addresses in the AWS transit VPC CIDR. Do not use the 172.30.0.0/26 CIDR block because it overlaps with CIDR blocks 172.30.16.0/24 and 172.16.0.0/16, which are reserved for use by VMware Live Cyber Recovery.
    Note: Once you set the CIDR, you cannot change it.
  4. Click Set up.
  5. If the connection is successful, the Private network connection dialog box shows all private VIFs exported to your account under the Direct Connect section.
    For each VIF, you can see the interface name and ID, Direct Connect ID, state (available, unavailable, attaching, or attached), and BGP status (up, down, or unknown).
  6. To enable a VIF, select the small menu to the right of the VIF row and select Attach.
  7. In the Attach virtual interface confirmation dialog box, select the check box to confirm, and then click OK.

What to do next

After you have established a Direct Connect connection, you can select this connection type when you set up a protected site.