Direct Connect with VMware Cloud on AWS with VPN as a back-up

Posted on by Nico

This short post will provide some information around leveraging VPN and Direct Connect together with VMware Cloud on AWS.

You might want to read the VMware Cloud on AWS Direct Connect Deep Dive post first if you haven’t already.

Ever since I joined the VMware Cloud on AWS team about 18 months ago, I have been impressed by our product team’s ability to build features based on customer demand (some of the other product teams I have seen in my career have had the tendency to build stuff customers were not necessarily asking for).

Not only that, but we also publish our roadmap publicly.

Here is an example – a few weeks ago, I had one of my customers (an enterprise architect working for a public sector organization in the North West of England) asked me the following question:

Can I use a VPN and a Direct Connect together from the same site to VMware Cloud on AWS and use VPN as a back-up?

Yes, but until our new 1.7 release (came out on 13th May 2019), it wasn’t possible the way you wanted it to be.

If you use a VPN and a Direct Connect from the same site to your VMware Cloud on AWS, what you would ideally want is traffic to go over the Direct Connect primarily and traffic to fail-over to the VPN as a back-up.

Until today, there were some restrictions in the way the service was designed whereby the VPN would take precedence over the Direct Connect, traffic would flow over the VPN and only fail back to the Direct Connect if the VPN were to fail.

Behaviour in VMC up to version 1.6

With the new VMC release 1.7, it works the way you would expect things to be:

Behaviour now with version 1.7 and later

You still need to enable the option in the VMware Cloud on AWS Networking and Security tab, in the Direct Connect section. Note that ESXi and vMotion traffic will always go over Direct Connect regardless or not you toggle this option. This option only applies to ‘data’ traffic.

It takes about a minute to enable:

Then you are good to go!

Enabling this makes Direct Connect the Active circuit and VPN the standby one.

While many customers will get two Direct Connect circuits to provide resiliency (bypassing the need for a back-up VPN), this customer (and I’m sure many more) can’t really afford to have two so having the VPN as a back-up is a good alternative.

Thanks for reading.

Advertisement
Categories: VMC

8 thoughts on “Direct Connect with VMware Cloud on AWS with VPN as a back-up

  1. Pingback: Advanced Design Considerations with Direct Connect with VMware Cloud on AWS : Filtering and Summarization – #RUNVMC

  2. Hi Nico, if customer is having multiple DX to the same VMC SDDC, Use VPN as Backup to Direct Connect option could be applied per DX or to all DX connect to that VMC SDDC?

    Like

    Reply
  3. Pingback: Watch a Failover from Direct Connect to Backup VPN for VMware Cloud on AWS | esxsi.com
  4. Pingback: How to Configure AWS Direct Connect with VMware Cloud on AWS | esxsi.com
  5. Pingback: AWS Direct Connect – Deep Dive and Integration with VMware Cloud on AWS – #RUNVMC
  6. Pingback: Introducing PyVMC: a Python-based tool for VMware Cloud on AWS – #RUNVMC
  7. Pingback: VMware Cloud on AWS: May 2019 Digest - VMware Cloud Community
  8. Pingback: VMware Cloud on AWS continues to deliver capabilities for scale, management and protection of enterprise workloads - VMware Cloud Community

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Published by Nico