VMware Cloud on AWS uses NSX-T to create and manage internal SDDC networks and AWS constructs to connect to VPC's and external sites.

SDDC Network Topology

When an SDDC is created, it includes a Management Network. The Management Network CIDR block is specified at SDDC creation and cannot be changed. The Management Network has three subnets:

Appliance Subnet

This subnet is used by the vCenter Server appliance and any additional appliance-based services.

NSX Subnet

This subnet is used by the NSX Manager and NSX Edge virtual machines.

Infrastructure Subnet

This subnet is used by the ESXi hosts.

An SDDC network has two tiers of routing:

  • Tier 0 handles north-south traffic (traffic leaving or entering the SDDC, or between the Management and Compute gateways).

  • Tier 1 handles east-west traffic (traffic between routed network segments within the SDDC).

To enable connectivity to external sites, VPC's, additional SDDC's, and the Internet, gateways are used.

AWS Direct Connect

AWS Direct Connect is a networking service that provides an alternative to using the internet to connect to AWS.

Direct Connect Gateway

Direct Connect gateway is a grouping of virtual private gateways (VGWs) and private virtual interfaces (VIFs). A Direct Connect gateway is a globally available resource.

VMware Transit Gateway(vTGW)

VMware Transit Connect provides connectivity between SDDCs in a single region on VMware Cloud on AWS. Each region has its own vTGW which can be attached to a vTGW in another region. vTGW provides high bandwidth and low latency connectivity. It also enables connectivity between the SDDC Group and multiple AWS native Virtual Private Clouds (VPCs), as well as customers’ on-premises environments connected via an AWS Direct Connect Gateway.

AWS Transit Gateway

AWS Transit Gateway connects VPCs and on-premises networks through a central hub. This simplifies the network by eliminating complex peering relationships.

Internet Gateway

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between the SDDC and the internet.

Figure 1. Network Topology