A connection must be established between your Amazon Web Services (AWS) network and your on-prem NSX appliances.
Note: You must have already installed and connected
NSX Manager with
CSM in your on-prem deployment.
Overview
- Connect your AWS account with on-prem NSX Manager appliances using any of the available options that best suit your requirements.
- Configure your VPC with subnets and other requirements for NSX Cloud.
Connect your AWS account with your on-prem NSX deployment
Every public cloud provides options to connect with an on-premises deployment. You can choose any of the available connectivity options that suit your requirements. Refer to AWS Reference Documentation for details.
Note: You must review and implement the applicable security considerations and best practices by AWS; refer to AWS Security Best Practices for details.
Configure your VPC
You need the following configurations:
- six subnets for supporting PCG with High Availability
- an Internet gateway (IGW)
- a private and a public route table
- subnet association with route tables
- DNS resolution and DNS hostnames enabled
Follow these guidelines to configure your VPC:
- Assuming your VPC uses a /16 network, for each gateway that needs to be deployed, set up three subnets.
Important: If using High Availability, set up three additional subnets in a different Availability Zone.
- Management subnet: This subnet is used for management traffic between on-prem NSX and PCG. The recommended range is /28.
- Uplink subnet: This subnet is used for north-south internet traffic. The recommended range is /24.
- Downlink subnet: This subnet encompasses the workload VM's IP address range, and should be sized accordingly. Bear in mind that you may need to incorporate additional interfaces on the workload VMs for debugging purposes.
Note: Label the subnets appropriately, for example, management-subnet, uplink-subnet, downlink-subnet,because you will need to select the subnets when deploying PCG on this VPC.See NSX Public Cloud Gateway: Architecture and Modes of Deployment for details.
- Ensure you have an Internet gateway (IGW) that is attached to this VPC.
- Ensure the routing table for the VPC has the Destination set to 0.0.0.0/0 and the Target is the IGW attached to the VPC.
- Ensure you have DNS resolution and DNS hostnames enabled for this VPC.