Connect AWS Transit Gateway to VMware Cloud on AWS

This post is to deploy AWS transit Gateway and connect with VMware Cloud on AWS.

AWS Transit Gateway 

AWS Transit Gateway is a service that helps customers to connect their AWS VPC and their on-premises networks to a single gateway. As customers grow the number of workloads running on Native AWS or VMware Cloud on AWS , Customer need to be able to scale your networks across multiple accounts and Amazon VPCs/VMC to keep up with the growth.

With AWS TGW, you only have to create and manage a single connection from the central gateway in to each Amazon VPC , VMware Cloud on AWS , on-premises data center or even remote office across your network. Transit Gateway acts as a hub that controls how traffic is routed among all the connected networks which act like spokes

Now to setup Transit Gateway let’s go to VPC Dashboard inside your region where you want to deploy Transit Gateway and Click on create Transit Gateway:

3.png

Enter Required details like:

  • Name & Description
  • Amazon side ASN ( in between 64512 to 65535)
  • leave other as default or select/unselect based on your requirement.

1.png

This is will create a TGW, once TGW is created, wait for few minutes , it will show “available” in AWS console.

4.png

Connect TGW to VMware Cloud on AWS

Pervious step we created TGW and to attach to VMware Cloud on AWS or any other VPC , you need to go to “Transit Gateway  Attachment” and Click on “Create Transit Gateway Attachment”

6.png

On the new Transit Gateway Attachment page , input parameters as below:

  1. Transit Gateway ID – Choose TGW which you have created in previous step
  2. Attachment Type – VPN
  3. IP Address – get Public IP address from your VMC SDDC
  4. ASN – get ASN from your VM SDDC
  5. you can leave other things “Default” or enter based on specific requirement

7.png

Once created attachment , it will look like this:8.png

Once attachment is created , you can see it under “Site-to-Site VPN Connections” , from there follow below steps to download VPN config file:

  1. Go to Site-to-Site VPN Connections
  2. Select VPN Attachment which we created in previous step
  3. Click on “Download Configuration”
  4. Select “Generic”
  5. Click Download

9.png

Open downloaded config file and go to VMware Cloud on AWS SDDC and create a route based tunnel by input information from config file which we have downloaded in previous step.

  1. IKE Version – match in SDDC as per config file
  2. Copy the “Pre-shared Key” and paste in to SDDC “Preshared Key”
  3. Enter “Virtual Private Gateway” IP as “Remote Public IP” in side SDDC VPN config.
  4. Enter “Customer Gateway” as “BGP Local IP/Prefix Length” inside SDDC VPN config.
  5. Enter “Neighbor IP address” as “BGP Remote IP” inside SDDC VPN config.
  6. Enter “Virtual Private Gateway ASN” inside “BGP Remote ASN” inside SDDC VPN.

10.png

If every thing entered correctly , you will see , Tunnel and BGP is up and if tunnel is not up ensure Compute gateway firewall is configured appropriate as default Firewall rule for VPN in VMware cloud on AWS SDDC is “Drop”.

11.png

So tunnel and BGP is up. you can check connectivity between a VPC attached to TGW and SDDC, this should be up if you have populated proper routes in AWS route table.

 

 

One thought on “Connect AWS Transit Gateway to VMware Cloud on AWS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s