This post is to deploy AWS transit Gateway and connect with VMware Cloud on AWS.
AWS Transit Gateway
AWS Transit Gateway is a service that helps customers to connect their AWS VPC and their on-premises networks to a single gateway. As customers grow the number of workloads running on Native AWS or VMware Cloud on AWS , Customer need to be able to scale your networks across multiple accounts and Amazon VPCs/VMC to keep up with the growth.
With AWS TGW, you only have to create and manage a single connection from the central gateway in to each Amazon VPC , VMware Cloud on AWS , on-premises data center or even remote office across your network. Transit Gateway acts as a hub that controls how traffic is routed among all the connected networks which act like spokes
Now to setup Transit Gateway let’s go to VPC Dashboard inside your region where you want to deploy Transit Gateway and Click on create Transit Gateway:
Enter Required details like:
- Name & Description
- Amazon side ASN ( in between 64512 to 65535)
- leave other as default or select/unselect based on your requirement.
This is will create a TGW, once TGW is created, wait for few minutes , it will show “available” in AWS console.
Connect TGW to VMware Cloud on AWS
Pervious step we created TGW and to attach to VMware Cloud on AWS or any other VPC , you need to go to “Transit Gateway Attachment” and Click on “Create Transit Gateway Attachment”
On the new Transit Gateway Attachment page , input parameters as below:
- Transit Gateway ID – Choose TGW which you have created in previous step
- Attachment Type – VPN
- IP Address – get Public IP address from your VMC SDDC
- ASN – get ASN from your VM SDDC
- you can leave other things “Default” or enter based on specific requirement
Once created attachment , it will look like this:
Once attachment is created , you can see it under “Site-to-Site VPN Connections” , from there follow below steps to download VPN config file:
- Go to Site-to-Site VPN Connections
- Select VPN Attachment which we created in previous step
- Click on “Download Configuration”
- Select “Generic”
- Click Download
Open downloaded config file and go to VMware Cloud on AWS SDDC and create a route based tunnel by input information from config file which we have downloaded in previous step.
- IKE Version – match in SDDC as per config file
- Copy the “Pre-shared Key” and paste in to SDDC “Preshared Key”
- Enter “Virtual Private Gateway” IP as “Remote Public IP” in side SDDC VPN config.
- Enter “Customer Gateway” as “BGP Local IP/Prefix Length” inside SDDC VPN config.
- Enter “Neighbor IP address” as “BGP Remote IP” inside SDDC VPN config.
- Enter “Virtual Private Gateway ASN” inside “BGP Remote ASN” inside SDDC VPN.
If every thing entered correctly , you will see , Tunnel and BGP is up and if tunnel is not up ensure Compute gateway firewall is configured appropriate as default Firewall rule for VPN in VMware cloud on AWS SDDC is “Drop”.
So tunnel and BGP is up. you can check connectivity between a VPC attached to TGW and SDDC, this should be up if you have populated proper routes in AWS route table.