Instructions on how to deploy a Virtual Edge with CloudFormation templates are described below. However, make sure to adhere to the prerequisite requirements prior to deployment.

Prerequisites

The following are required before you begin to deploy the Virtual Edge with CloudFormation templates:

Basic Topology

In a basic topology example, the AWS VPC (10.0.0.0/16) is divided into a Public subnet (10.0.0.0/24) and a Private subnet (10.0.1.0/24). The Virtual Edge routes between the two subnets. The Public VPC Routes will forward all offnet traffic to the Internet Gateway. The VPC Router in the Private subnet will forward all traffic to the LAN facing interface on the Virtual Edge (ENI of GE3). In this example, a default route is used to forward all traffic from the workloads, but is not necessary. RFC1918 summarization or specific branch/hub prefixes can be used to narrow what is sent to the Virtual Edge. For example, if the workloads in the Private Subnet need to be accessible via the SSH from publicly sourced IPs, then the VPC Router could be configured to point the default route (0.0.0.0/0) to the Internet Gateway and RFC1918 summarization to the Virtual Edge.

Procedures:

Step 1: Add the Virtual Edge to the Enterprise via the SD-WAN Orchestrator

  1. Login to the SD-WAN Orchestrator.
  2. Go to Configure > Edges from the navigation panel, and click the New Edge button.

    The Provision New Edge dialog displays.

  3. In the Provision New Edge dialog box:
    1. Type in a name for the Virtual Edge in the Name text box.
    2. In the Model drop-down menu, choose Virtual Edge.
    3. In the Profile dropw-down menu, choose a profile for the Virtual Edge.
    4. Leave the High Availablity check box unchecked because it does not apply.
    5. Leave the Serial Number text box blank.
    6. Click Save.
  4. The Virtual Edge will be provisioned with an activation key. Make a note of the activation key, as it will be used when you deploy the CloudFormation template.

Step 2: Add VLAN IP

The VLAN configuration must have an IP address assigned to it in order to save the Device Settings, but the IP address will not be used. For example, use IP address 169.254.0.1. Follow the steps below to add the VLAN IP address.

  1. For the Virtual Edge that was just created, click the Device tab on the SD-WAN Orchestrator.
  2. Scroll down to the Configure VLAN section, and click the Add VLAN button.

    The VLAN dialog box displays.

  3. In the VLAN dialog box complete the following:
    1. As necessary, activate Edge override by checking the Edge Override check box.
    2. Choose a segment from the Segment drop-down menu.
    3. The VLAN Name displays the default name and can be ignored.
    4. The VLAN ID displays the default value and can be ignored.
    5. Assign Overlapping Subnets is deactivated by default.
    6. Enter 169.254.0.1 in the Edge LAN IP Address text box.
    7. Enter 24 in the Cidr Prefix text box.
    8. The Network value will be configured based on the Cidr Prefix.
    9. Leave the Advertise check box unchecked.
    10. The remaing fields (Multicast, Fixed IPs, LAN Interfaces, and SSID) can be left at their default settings.
    11. As necessary, activate SD-WAN Edge override by checking the Edge Override check box to deactivate DHCP.
    12. For the DHCP Type, click Deactivated.
    13. The OSPF area, can be ignored.

Step 3: Configure Virtual Edge Interfaces

WARNING: The Device Settings must be configured first in the SD-WAN Orchestrator first before SD-WAN Edge activation. If you skip this step, the Virtual Edge will activate, but will go offline a few minutes later.

  1. Navigate to the Virtual Edge's Device Settings (Configure > Edge > Device tab).

  2. Scroll down to the Interface Settings section.

  3. Click the Edit link for the GE2 interface to change the interface settings.

    The dialog box for the GE2 interface settings displays.

  4. In the GE2 Interface Settings dialog box, click the Override Interface check box and complete the following steps:
    1. In the Capability drop-down menu, change the GE2 interface capability from Switched to Routed.
    2. Choose DHCP from the Addressing Type drop-down menu.
    3. Activate the WAN Overlay by checking the WAN Overlay check box.
  5. Click the Edit link for the GE3 interface to change the interface settings.

    The dialog box for the GE3 interface settings displays.

  6. In the GE3 interface settings dialog box, click the Override Interface check box and complete the following steps:
    1. Deactivate the WAN Overlay by unchecking the WAN Overlay check box, as this interface will be used for the LAN-side gateway.
    2. Uncheck the NAT Direct Traffic check box to deactivate NAT direct traffic.

Step 4: Launch Virtual Edge via CloudFormation

NOTE: If this is the first deployment of the Virtual Edge, you may need to “Subscribe” to the Edge version in the AWS Marketplace before deploying from the CloudFormation Template.
Note: For additional information on how to configure AWS specific components, please refer to the AWS documentation.
  1. Log into the AWS console.
  2. Create or Import a Key Pair.

    NOTE: For additional information regarding AWS EC2 Instance Keys see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

  3. Navigate to CloudFormation.

  4. Create a CloudFormation stack.

  5. Upload the CloudFormation template.

  6. Specify the stack details as indicated in the image below.

    For the few remaining screens, you can leave those parameters, fields, or text boxes as default settings unless you have a specific need to change them. The final step is to create the stack.

  7. Review and create the stack.
  8. Monitor your deployment progress.