Prerequisites

The following are required before you begin to deploy the Virtual Edge with CloudFormation templates:

Basic Topology

In a basic topology example, the AWS VPC (10.0.0.0/16) is divided into a Public subnet (10.0.0.0/24) and a Private subnet (10.0.1.0/24). The Virtual Edge routes between the two subnets. The Public VPC Routes will forward all offnet traffic to the Internet Gateway. The VPC Router in the Private subnet will forward all traffic to the LAN facing interface on the Virtual Edge (ENI of GE3). In this example, a default route is used to forward all traffic from the workloads, but is not necessary. RFC1918 summarization or specific branch/hub prefixes can be used to narrow what is sent to the Virtual Edge. For example, if the workloads in the Private Subnet need to be accessible via the SSH from publicly sourced IPs, then the VPC Router could be configured to point the default route (0.0.0.0/0) to the Internet Gateway and RFC1918 summarization to the Virtual Edge.

Procedures:

Step 1: Add the Virtual Edge to the Enterprise via the SASE Orchestrator

1. Login to the VMware SASE Orchestrator.
2. Go to Configure > Edges from the navigation panel, and in the Edges screen, click Add Edge. The Provision an Edge screen appears with the SD-WAN Edge mode selected by default.

   

3. In the Provision New Edge dialog box:
   1. In the Name text box, enter a unique name for the Edge.
   2. From the Model drop-down menu, choose Virtual Edge.
   3. From the Profile drop-down menu, choose a profile for the Virtual Edge.
   4. From the Edge License drop-down menu, select an Edge license. The list displays the licenses assigned to the Enterprise, by the Operator.
   5. Enter all the required details and click Next to configure the additional paramters like Serial number, Location, and so on.
   6. Click Add Edge.
4. The Virtual Edge will be provisioned with an activation key. Make a note of the activation key, as it will be used when you deploy the CloudFormation template.

   

For more information, see the "Provision a New Edge" section in the Administration Guide.

Step 2: Add VLAN IP

The VLAN configuration must have an IP address assigned to it in order to save the Device Settings, but the IP address will not be used. For example, use IP address 169.254.0.1. Follow the steps below to add the VLAN IP address.

1. For the Virtual Edge that was just created, click the Device tab on the SASE Orchestrator.
2. Scroll down to the Configure VLAN section, and click the Add VLAN button.

   The Add VLAN dialog box displays.

   

3. In the Add VLAN dialog box complete the following:
   1. From the Segment drop-down menu, select a segment.
   2. In the VLAN Name text box, enter a unique name for the VLAN.
   3. In the VLAN ID text box, enter a VLAN ID.
   4. To configure IPv4 settings, under IPv4 Settings select the Active check box.
      1. In the Edge LAN IP Address text box, enter an IP address (for example:169.254.0.1).
      2. In the Cidr Prefix text box, enter 24.
      3. The Network value will be configured based on the Cidr Prefix.
      4. Deselect the Advertise check box.
      5. Under IPv4 DHCP Server, select Deactivated as the DHCP Type.
   5. After configuring the required parameters, click Done.

   For more information, see the "Configure VLAN for Edges" section in the Administration Guide.

Step 3: Configure Virtual Edge Interfaces

WARNING: The Device Settings must be configured first in the SASE Orchestrator first before SD-WAN Edge activation. If you skip this step, the Virtual Edge will activate, but will go offline a few minutes later.

1. Navigate to the Virtual Edge's Device Settings (Configure > Edge > Device tab).
2. Scroll down to the Interfaces section.

   

3. Click the Edit link for the GE2 interface to change the interface settings.

   The dialog box for the GE2 interface settings displays.

4. In the GE2 Interface Settings dialog box, click the Override Interface check box and complete the following steps:
   1. In the Capability drop-down menu, change the GE2 interface capability from Switched to Routed.
   2. Choose DHCP from the Addressing Type drop-down menu.
   3. Activate the WAN Overlay by checking the Enable WAN Link check box.
5. Click the Edit link for the GE3 interface to change the interface settings.

   The dialog box for the GE3 interface settings displays.

6. In the GE3 interface settings dialog box, click the Override Interface check box and complete the following steps:
   1. Deactivate the WAN Overlay by unchecking the Enable WAN Link check box, as this interface will be used for the LAN-side gateway.
   2. Uncheck the NAT Direct Traffic check box to deactivate NAT direct traffic.

Step 4: Launch Virtual Edge via CloudFormation

1. Log into the AWS console.
2. Create or Import a Key Pair.

   

   NOTE: For additional information regarding AWS EC2 Instance Keys see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

3. Navigate to CloudFormation.

   

4. Create a CloudFormation stack.

   

5. Upload the CloudFormation template.

   

6. Specify the stack details as indicated in the image below.

   

   For the few remaining screens, you can leave those parameters, fields, or text boxes as default settings unless you have a specific need to change them. The final step is to create the stack.

7. Review and create the stack.
8. Monitor your deployment progress.

   

Available Regions

The Velocloud Edge AMI is available in all AWS commercial regions with EC2 service, with China being the exception.