An AWS Cloud WAN global network is created to

VMware Cloud on AWS – AWS Cloud WAN Reference Architecture 1 expand across all AWS Regions where the customer’s
This architecture details how to connect VMware Cloud on AWS Software-Defined Data Centers (SDDCs) across different AWS Regions to the AWS VMware Cloud on AWS Software-Defined Data Centers
(SDDCs) are deployed. The Cloud WAN global network
Cloud WAN global network using VMware Transit Connect, AWS Transit Gateway, and Site-to-Site Virtual Private Network (VPN) connections.
consists of a core network that is logically partitioned
into multiple network segments based on environment
segregation requirements.
AWS Cloud
Within the Cloud WAN core network, a Core Network
TGW-A Production route table Cloud WAN Production Segment route table TGW-B Production route table 2 Edge (CNE) is automatically provisioned in each defined
SDDC-01 vTGW-Prod-A SDDC-01 TGW-A Prod attachment (dynamic) SDDC-03 vTGW-Prod-B Region as a connection point for Regional network
attachments.
SDDC-03 Cloud WAN core network (dynamic) SDDC-03 TGW-B Prod attachment (dynamic) SDDC-01 Cloud WAN core network (dynamic)
Deploy an AWS Transit Gateway (TGW) with multiple
3 route tables following the same segmentation strategy.
Region A AWS Cloud WAN Core Network Region B Refer to this reference architecture for detailed
examples.
TGW-A route table
SDDC Group – Prod-A 1 TGW-B route table SDDC Group – Prod-B For each environment (such as Prod, Dev), deploy a
Prod
4 7 Prod 4 SDDC into a dedicated SDDC Group. This automatically
VMware Transit Dev Segments builds a VMware Transit Connect (VMware-managed
Connect (vTGW) vTGW Transit Gateway, or vTGW) to establish high-speed,
SDDC-01 SDDC-03
Production resilient connections between SDDCs within the group
6 and other resources, including AWS networking services.
Intra-Region
5 AWS Transit Core Network
Development CNE
TGW B
peering Build an intra-Region peering attachment from each
Gateway Edge (CNE) ASN 64602
ASN 65002
5 SDDC group (vTGW) to customer-managed TGW, and
(TGW) A ASN 64601 associate each peering attachment to its corresponding
ASN 65001 Transit Gateway route table. On each vTGW, configure
SDDC Group – Dev-A
2 CNE ASN static routes for SDDCs in the remote Regions toward
3 64603 the TGW. Refer to this reference architecture for more
Region C AWS Cloud WAN Development Segment route table details.
Intra-Region 8 SDDC-02 TGW-A Dev attachment (dynamic) Configure a Transit Gateway peering connection to the
SDDC-02 peering
Site-to-Site VPN
SDDC-04 VPN-SDDC04 attachment (dynamic)
6 local CNE in the Cloud WAN core network. Cloud WAN
uses Border Gateway Protocol (BGP) over peering, so
SDDC-04 your TGW and Cloud WAN BGP autonomous system
SDDC-04 NSX Edge route table number (ASN) must be unique.
vTGW
SDDC-02 Cloud WAN core network (dynamic) To maintain end-to-end traffic segmentation for
NSX-T Edge SDDC-04 Local 7 different environments, create separate Transit
ASN 65003 Gateway route table attachments mapped to their
TGW-A Development route table respective Cloud WAN segments. Routes are
Transit Gateway to Cloud WAN peering automatically propagated bidirectionally between TGW
SDDC-02 vTGW-Dev-A route tables and Cloud WAN segments.
Transit Gateway route table to Cloud WAN segment attachments
SDDC-04 Cloud WAN core network (dynamic) Alternatively, configure an IPsec Site-to-Site VPN
Site-to-Site VPN to Cloud WAN segment attachment
8 connection (with BGP routing) from the NSX edge in a
SDDC to the local CNE, and create a VPN attachment to
Reviewed for
Reviewed for technical
technical accuracy
accuracyJanuary 19, 2023
Month Day, 2023 the corresponding Cloud WAN segment. Routes are
© 2023, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Reference Architecture dynamically exchanged using BGP over the VPN
connection.