This overview of the AWS Virtual Edge Deployment Guide provides a general overview, a CloudFormation Template Overview, and CloudFormation Downloads (Green Field VPC Template and Brown Field Template).
Multi-cloud or hybrid cloud deployments have become increasingly popular over the past few years, and as Enterprise customers move their workload to the Public Cloud infrastructure, they expect to extend SD-WAN from remote branches to the Public Cloud to guarantee SLA. There are two main options offered by VMware SD-WAN depending on the following use cases: leveraging distributed VCGs to establish IPSec towards Public Cloud or deploying the Virtual Edges directly in public cloud virtual private network. This document describes how to deploy Virtual Edges in AWS.
CloudFormation Template Overview
There are two CloudFormation default templates, "New - Green Field VPC" and "Existing - Brown Field VPC;" both represent a common deployment within AWS, as indicated in the topology illustration in the section titled, Deploying Virtual Edge with CloudFormation. These two CloudFormation default templates create necessary resources, collect the SD-WAN Orchestrator target, and collect the activation key to push via the CLOUD-INIT.
CAUTION: No matter which template you choose, make sure that you review and understand the template before deploying. Both CloudFormation templates are intended to be used as a reference, and they might need altering to accommodate your specific environment.
CloudFormation Template Values
- Attach Interfaces to VMware SD-WAN Instance (GE1 – eth0 / GE2 – eth1 / GE3 – eth2)
- Allocate Elastic IP and attach to GE2
- Create LAN-side and WAN-side Security Groups – Allowed Ports:
- WAN: GE1 & GE2: UDP 2426 – VMware SD-WAN Multipath Protocol
- WAN: GE1 & GE2: TCP 22 – SSH Access (for Support Access)
- WAN: GE1 & GE2: UDP 161 – SNMP
- LAN: GE3 – ICMP Only (add additional protocols after deployment or modify the template as needed)
- Public Route Table (VPC Router): 0.0.0.0/0 to the Internet Gateway
- Private Route Table (VPC Router): 0.0.0.0/0 to ENI (SD-WAN Edge GE3)
- Disable Source/Destination Check on all interfaces
CloudFormation Template Downloads
There are two available templates for you to choose from to deploy a Virtual Edge, either New - Green Field VPC or Existing - Brown Field VPC. While these template will activate a Virtual Edge, the simplicity of the topology will not accommodate all environments. Therefore, you must edit your environment accordingly. For a better understanding of the CloudFormation template structure and syntax see: https://aws.amazon.com/cloudformation/aws-cloudformation-templates/ See sections below for more information about these templates.
NEW – Green Field VPC Template
Use the Green Field template if you want to create a new VPC. Download the New - Green Field template here: NEW – Green Field Template
EXISTING – Brown Field Template
If you use the EXISTING – Brown Field template, the VPC, subnets, and route tables will not be not created. The EXISTING – Brown Field template will display drop-down menus that are populated with existing VPC and subnets available for that region. Download the “EXISTING – Brown Field” template here: EXISTING – Brown Field Template.