Describes the Virtual Edge deployment on the Google Cloud Virtual Private Cloud (VPC) with three VPC networks: Management VPC (10.0.2.x/24), Public VPC (10.0.0.x/24), and Private VPC (10.0.1.x/24), each for a subnet connected to the Edge as shown in the following topology diagram.
Basic Topology
The Virtual Edge routes between the two subnets. The Public VPC Routes will forward all offnet traffic to the Internet Gateway. The Gateway Router in the Private subnet will forward all traffic to the LAN facing interface on the Virtual Edge (GE3). In this example, a default route is used to forward “ALL” traffic from the workloads but is not necessary. RFC1918 summarization or specific branch/hub prefixes can be used to narrow what is sent to the Virtual Edge. For example, if the workload in the Private Subnet still needs to be accessible via SSH from publicly sourced IPs then the VPC Router could be configured to point the default route (0.0.0.0/0) to Internet Gateway and RFC1918 summarization to Virtual Edge.
High-Level Workflow
To deploy a VMware SD-WAN Virtual Edge on Google Cloud Platform, perform the following steps:
- Prepare the GCP environment:
- Create three Virtual Private Cloud (VPC) networks (MGMT VPC network, Public VPC network, and Private VPC network), each for a subnet connected to the Edge (n1-standard-4) as shown in the topology diagram.
- MGMT subnet for console/management access to the Edge through Management Interface GE1.
- Public subnet for Internet access from the Edge through WAN-side Interface GE2.
- Private subnet for LAN-side device access through LAN-side Interface GE3.
For steps, see Create a VPC Network.
- Create inbound firewall rules for VPC networks: Management, Private, and Public. For steps, see Create Inbound Firewall Rules.
- Add a new default route (0.0.0.0/0) entry in route table of Private VPC network pointing to the Edge, with the next hop IP address as the Edge's GE3 interface IP.
For steps, see Create Routes in a VPC Network.
- Create three Virtual Private Cloud (VPC) networks (MGMT VPC network, Public VPC network, and Private VPC network), each for a subnet connected to the Edge (n1-standard-4) as shown in the topology diagram.
- Provision a SD-WAN Edge on the VMware SD-WAN Orchestrator as follows:
- Create an edge of type Virtual Edge.
- Change GE1 interface to Routed from Switched, and deactivate WAN Overlay and NAT Direct Traffic.
- Change GE2 interface to Routed from Switched, and activate WAN Overlay and NAT Direct Traffic.
- Deactivate WAN Overlay and NAT Direct Traffic for GE3 interface, which will be the next hop for devices connected to Private Subnets (LAN devices).
For more information, see Provision an Edge on the VCO.
- Deploy the Virtual Edge. You can deploy the Virtual Edge by using one of the following methods:
- Verify if the virtual edge is up in the SD-WAN Orchestrator.
