This overview of the VMware SD-WAN ™ by VeloCloud® AWS Virtual Edge Deployment Guide provides a general overview, a CloudFormation Template Overview, and CloudFormation Downloads (Green Field VPC Template and Brown Field Template).

General Overview

Multi-cloud or hybrid cloud deployments have become increasingly popular over the past few years, and as Enterprise customers move their workload to the Public Cloud infrastructure, they expect to extend SD-WAN from remote branches to the Public Cloud to guarantee SLA. There are two main options offered by VMware SD-WAN depending on the following use cases: leveraging distributed VCGs to establish IPSec towards Public Cloud or deploying the virtual Edges directly in public cloud virtual private network. This document describes how to deploy Virtual Edges in AWS.

For a small branch deployment that demands a throughput less than 1G, a single Virtual Edge can be deployed in the private network (AWS VPC). For larger data center deployments that demand multi-gig throughput, hub clustering can be deployed.
Note: In the VeloCloud hub clustering design, since the AWS VPC Router does not support dynamic routing protocol, a third-party L3 virtual router is required in the AWS infrastructure to run BGP between hubs in the cluster and the Layer 3 router for route distribution in LAN. In this solution, we verified with a redundant Cisco Service Router (CSR) 1000v, but other virtual routers that support HA and BGP are expected to work as well.

CloudFormation Template Overview

There are two CloudFormation default templates, "New - Green Field VPC" and "Existing - Brown Field VPC;" both represent a common deployment within AWS, as indicated in the topology illustration in the section titled, Deploying Virtual Edge with CloudFormation. These two CloudFormation default templates create necessary resources, collect the VCO target, and collect the activation key to push via the CLOUD-INIT.

CAUTION: No matter which template you choose, make sure that you review and understand the template before deploying. Both CloudFormation templates are intended to be used as a reference, and they might need altering to accommodate your specific environment.

CloudFormation Template Values

Listed below are the values included in the CloudFormation templates:
  • Attach Interfaces to VeloCloud Instance (GE1 – eth0 / GE2 – eth1 / GE3 – eth2)
  • Allocate Elastic IP and attach to GE2
  • Create LAN-side and WAN-side Security Groups – Allowed Ports:
    • WAN: GE1 & GE2: UDP 2426 – VeloCloud Multipath Protocol
    • WAN: GE1 & GE2: TCP 22 – SSH Access (for Support Access)
    • WAN: GE1 & GE2: UDP 161 – SNMP
    • LAN: GE3 – ICMP Only (add additional protocols after deployment or modify the template as needed)
  • Public Route Table (VPC Router): 0.0.0.0/0 to the Internet Gateway
  • Private Route Table (VPC Router): 0.0.0.0/0 to ENI (VeloCloud Edge GE3)
  • Disable Source/Destination Check on all interfaces

CloudFormation Template Downloads

There are two available templates for you to choose from to deploy a Virtual Edge, either New - Green Field VPC or Existing - Brown Field VPC. While these template will activate a Virtual Edge, the simplicity of the topology will not accommodate all environments. Therefore, you must edit your environment accordingly. For a better understanding of the CloudFormation template structure and syntax see: https://aws.amazon.com/cloudformation/aws-cloudformation-templates/ See sections below for more information about these templates.

NEW – Green Field VPC Template

Use the Green Field template if you want to create a new VPC. Download the New - Green Field template here: NEW – Green Field Template

EXISTING – Brown Field Template

If you use the EXISTING – Brown Field template, the VPC, subnets, and route tables will not be not created. The EXISTING – Brown Field template will display drop-down menus that are populated with existing VPC and subnets available for that region. Download the “EXISTING – Brown Field” template here: EXISTING – Brown Field Template.