This is the second part of the article where I introduced VMware Transit Connect which provides high bandwidth low latency connectivity between VMC on AWS SDDCs. In case you missed it here is the link to part 1: https://fluffyclouds.blog/2020/07/05/vmware-transit-connect/
Connecting your new VMC SDDCs to your Datacenters
Once you’ve built your brand-new software defined datacenters and connected them together with the VTGW, you can start to deploy new virtual machines in VMware Cloud. All good, but chances are you still have hundreds, maybe thousands of virtual machines living in your current on-premises or collocated datacenters that these new virtual machines will need to connect to. You may have a plan to evacuate these datacenters entirely to save on power, cooling and operational costs.
Whilst you can connect to your VMC SDDCs directly via the Internet, larger Enterprises want a secure and private method of accessing their VMC workloads. Taking advantage of AWS services, I’ll show you how easy it is to get network connectivity to your on-premises datacenters in place.
The diagram below shows setting up routing between SDDCs which have been added to an SDDC Group and a customer’s on premises datacenter. Let’s step through the process of getting the connectivity up and running.
Step 1: Setup your AWS Direct Connect
The AWS Direct Connect service provided by Amazon gives customers one or more dedicated network connections from their on-premises datacenters to AWS. In the example above, the customer has chosen to use a partner in the AWS Partner Network to connect their router to the Direct Connect Endpoint. In this example we’ve chosen a ‘Dedicated Connection’ with port speed of 1Gbps.
Step 2: Connect to the Direct Connect Gateway via a Transit VIF
The AWS Direct Connect gateway allows customers to access any AWS regions from their Direct Connect Connection. In this post, the Direct Connect Gateway provides connectivity between your VTGW and the Direct Connect Endpoint. A transit VIF (virtual interface) is used to connect to a Direct Connect Gateway from the customers Direct Connect Connection.
Note: For simplicity this diagram shows a single transit VIF from a single Direct Connect location. For network resilience it is recommended to attach at least two transit VIFs from different Direct Connect locations to the Direct Connect Gateway.
Step 3: Connect the VMware Transit Connect to the Direct Connect Gateway
To set up the association between the VTGW and Direct Connect Gateway, you need to get the ID of the Direct Connect Gateway set up in Step 1 and AWS Account ID. An example is shown in the screen shot below.
Back in the VMC Console, it is a simple process to add a Direct Connect Gateway Attachement (association) to your SDDC group.
In the ‘Add Account’ wizard, you specify the Direct Connect Gateway ID, Direct Connect Owner (AWS Account ID) and allowed prefixes.
Note: It is a good idea to summarize the VMC SDDC networks you want to advertise on the Direct Connect Gateway, as there is an AWS limit of 20 prefixes per association. This is where choosing a contiguous CIDR block for each SDDC will make route summarization easier.
Step 4: Accept Association Proposal
In the AWS Direct Connect Gateway you will now see a new ‘Association Proposal’ appear. It’s a simple process to accept the proposed association. You can actually edit the allowed prefixes again in this step but I’d recommend not modifying. Below we have summarized the CIDRs used in the three SDDCs that are part of the SDDC Group into a single prefix.
After a few minutes, the status if your Direct Connect Gateway account will change to ‘CONNECTED in the SDDC Groups UI.
You’re now good to go and have private connectivity between your on-premises datacenter and VMC SDDCs using VMware Transit Connect. From here you can now start using the free HCX Add-On service to migrate virtual machines into your new VMC SDDCs! Well, that’s a topic for another day.