Describes the Virtual Edge deployment on the AliCloud Virtual Private Cloud (VPC) with three VSwitches, each for a subnet connected to the Edge as shown in the following Single-Arm topology diagram.
High-Level Workflow
To deploy a Virtual SD-WAN Edge on Alibaba Cloud ECS, perform the following steps:
- Create a Virtual Private Cloud (VPC). For steps, see Create a VPC.
- Create three VSwitches, each for a subnet connected to the Edge as shown in the topology diagram. For steps, see Create a VSwitch.
- Management Subnet/VSwitch for console/management access to the Edge through Management Interface GE1.
- Public Subnet/VSwitch for Internet access from the Edge through WAN-side Interface GE2.
- Private Subnet/VSwitch for LAN-side device access through LAN-side Interface GE3.
- Create a Security Group (velo_vVCE_SG) and add inbound rules. For steps, see Create a Security Group.
- Provision a SD-WAN Edge on the SASE Orchestrator as follows:
- Create an edge of type Virtual Edge.
- Change GE2 interface to Routed from Switched.
- Add a static route on the Edge that points to the Private Subnet/VSwitch.
- Add JH IP in firewall SSH access list.
For more information, see Provision an Edge on the VCO.
- Create and launch a virtual SD-WAN Edge (vVCE) instance with Management Interface (GE1). For steps, see Create a vVCE Instance on the ECS Console.
- Create a public Elastic Network Interface (GE2) on the WAN side. For steps, see Create an Elastic Network Interface.
- Create an Elastic IP and assign it to the Public Interface (GE2) of the Edge. For steps, see Create Elastic IP and Assign it to Public Interface of the Edge.
- Bind the Public (GE2) interface to the Edge instance (vVCE) and then restart the Edge instance to make sure the interface is connected to the Edge. For steps, see Bind an ENI to an Edge instance.
The Edge instance will be activated against the SASE Orchestrator and the Edge will be able to establish the VCMP tunnel to the Gateway.
- Login to the Edge using the EIP and verify Edge activation.
- Create a LAN instance with the Primary interface connected to the Management subnet. For steps, see Create a LAN Instance.
- In the Primary routing table, create a new route entry that points to GE2 interface of edge for default route. For steps, see Add a Custom Route Table Entry.
- Verify if the virtual Edge (vVCE) is up in the SASE Orchestrator.