This post talks about the setup of AWS Direct Connect with VMware Cloud (VMC) on AWS. Direct Connect provides a high-speed, low latency connection between Amazon services and your on-premises environment. Direct Connect is useful for those who want dedicated private connectivity with a consistent network experience in comparison with internet-based VPN connections.
Direct Connect traffic travels over one or more virtual interfaces that you create in your customer AWS account. For SDDCs in which networking is supplied by NSX-T, all Direct Connect traffic, including vMotion, management traffic, and compute gateway traffic, uses a private virtual interface. This establishes a private connection between your on-premises data center and a single Amazon VPC.
You can create multiple interfaces to allow for redundancy and greater availability.”
Make sure you understand the terminology around a Virtual Interface (VIF) and the difference between a Standard VIF, Hosted VIF, and Hosted Connection: What’s the difference between a hosted virtual interface (VIF) and a hosted connection? It is important to consider that VMware Cloud on AWS requires a dedicated Virtual Interface (VIF) – or a pair of VIFs for resilience. If you have a standard 1Gbps or 10Gbps connection direct from Amazon then you can create and allocate VIFs for this purpose. If you are using a hosted connection from an Amazon Partner Network (APN) for sub-1G connectivity then you may need to procure additional VIFs, or a dedicated Direct Connect with the ability to have multiple VIFs on a single circuit. This is a discussion you should have with your APN partner.
Firstly review the pre-requisites and steps to request an AWS Direct Connection connection at Getting Started with AWS Direct Connect. The steps below will walk through configuring Direct Connect for use with VMware Cloud on AWS once the initial connection with Amazon or Amazon partner has been setup. Also review Direct Connect Pricing.
Direct Connect VMC Setup
Log into the VMware on AWS Console, from the SDDCs tab locate the appropriate SDDC and click View Details. Select the Networking & Security tab. Under System click Direct Connect. Make a note of the AWS Account ID, this is the shadow AWS account setup for VMC, you will need this account ID to associate with the Direct Connect.
Log into the AWS console and navigate to the Direct Connect service. If you have not already accepted the connection from your third party provider then review the Amazon documentation referenced above.
Select Virtual Interfaces and click Create Virtual Interface. In this instance we are creating a private VIF. Select the physical connection to use and give the virtual interface a name. Change the virtual interface owner to Another AWS Account and enter the VMC shadow AWS account ID. Fill in the VLAN and BGP ASN information provided by your connection provider. Repeat the process if you are assigning more than one VIF.
Once the VIF or VIFs are created you will see a message that they need to be accepted by the account we have set as owner.
Go back to the VMC portal and the Direct Connect page, click Refresh if necessary. Any interfaces associated with the shadow AWS account will now be listed as available.
Attach the virtual interfaces and confirm acknowledgement that you will be responsible for any data transfer charges that are incurred.
At this point it will take up to 10 minutes for the state of each interface to change from Attaching to Attached, and the BGP status to change from Down to Up. You should now see Advertised BGP Routes listing the network segments you have configured, and Learned BGP Routes listing the subnets peering from your on-premises network.
Click Overview. The Direct Connect shows green, the corresponding VIFs in the AWS Direct Connect page show green and available.
For Direct Connect deep dives review the following blog posts by Nico Vibert: AWS Direct Connect – Deep Dive and Integration with VMware Cloud on AWS, and Direct Connect with VMware Cloud on AWS with VPN as a back-up.