AWS Virtual Edge Deployment Overview

This overview of the AWS Virtual Edge Deployment Guide provides a general overview, a CloudFormation Template Overview, and CloudFormation Downloads (Green Field VPC Template and Brown Field Template).

General Overview

Multi-cloud or hybrid cloud deployments have become increasingly popular over the past few years, and as Enterprise customers move their workload to the Public Cloud infrastructure, they expect to extend SD-WAN from remote branches to the Public Cloud to guarantee SLA. There are two main options offered by VMware depending on the following use cases: leveraging distributed VCGs to establish IPSec towards Public Cloud or deploying the Virtual Edges directly in public cloud virtual private network. This document describes how to deploy Virtual Edges in AWS.

For a small branch deployment that demands a throughput less than 1G, a single Virtual Edge can be deployed in the private network (AWS VPC). For larger data center deployments that demand multi-gig throughput, hub clustering can be deployed.

CloudFormation Template Overview

There are two CloudFormation default templates, "New - Green Field VPC" and "Existing - Brown Field VPC;" both represent a common deployment within AWS, as indicated in the topology illustration in the section titled, Deploying Virtual Edge with CloudFormation. These two CloudFormation default templates create necessary resources, collect the SD-WAN Orchestrator target, and collect the activation key to push via the CLOUD-INIT.

CAUTION: No matter which template you choose, make sure that you review and understand the template before deploying. Both CloudFormation templates are intended to be used as a reference, and they might need altering to accommodate your specific environment.

CloudFormation Template Values

Listed below are the values included in the CloudFormation templates:

Attach Interfaces to VMware Instance (GE1 – eth0 / GE2 – eth1 / GE3 – eth2)
Allocate Elastic IP and attach to GE2
Create LAN-side and WAN-side Security Groups – Allowed Ports:
- WAN: GE1 & GE2: UDP 2426 – VMware Multipath Protocol
- WAN: GE1 & GE2: TCP 22 – SSH Access (for Support Access)
- WAN: GE1 & GE2: UDP 161 – SNMP
- LAN: GE3 – ICMP Only (add additional protocols after deployment or modify the template as needed)

Public Route Table (VPC Router): 0.0.0.0/0 to the Internet Gateway
Private Route Table (VPC Router): 0.0.0.0/0 to ENI (VMware SD-WAN Edge GE3)
Deactivate Source/Destination Check on all interfaces

CloudFormation Template Downloads

There are two available templates for you to choose from to deploy a Virtual Edge, either New - Green Field VPC or Existing - Brown Field VPC. While these template will activate a Virtual Edge, the simplicity of the topology will not accommodate all environments. Therefore, you must edit your environment accordingly. For a better understanding of the CloudFormation template structure and syntax see: https://aws.amazon.com/cloudformation/aws-cloudformation-templates/ See sections below for more information about these templates.

NEW – Green Field VPC Template

Use the Green Field template if you want to create a new VPC. Download the New - Green Field template here: NEW – Green Field Template

Note: When you click the Green Field Template link, scroll down the page and click the link under the Attachment section to download the template.

EXISTING – Brown Field Template

If you use the EXISTING – Brown Field template, the VPC, subnets, and route tables will not be not created. The EXISTING – Brown Field template will display drop-down menus that are populated with existing VPC and subnets available for that region. Download the “EXISTING – Brown Field” template here: EXISTING – Brown Field Template.

Note: When you click the Brown Field Template link, scroll down the page and click the link under the Attachment section to download the template.