With the introduction of NSX-T as the Software Defined Network (SDN) layer in VMware Cloud on AWS ("VMC") we gained the ability to create both traditional “Policy-Based” and the less common but arguably more powerful, “Route-Based” VPNs. Although some planning and design is necessary for either type of VPN between VMC sites, the actual configuration is quite straight forward. Fill in the fields on the SDDC console, click “Save”, repeat for the other site and you’re done. However, if the “other” site is not a VMC SDDC but instead an “on-prem” location running NSX-V, and you’re setting up a route-based VPN, things get a little more complicated. In this post we’ll look at the differences between the two VPN types, and in the second post in the series we’ll go through the steps necessary to set up a route-based VPN on an NSX-V Edge Service Gateway (“Edge”).
vCloud Director v9.5 introduced support for OrgVDC networks which could span multiple OrgVDCs in one, or more, Provider VDCs. While this is a powerful capability, it brought with it some new configuration workflows both within vCD and in the surrounding networking layers. My VMware colleagues Daniel Paluszek, Abhinav Mishra and Wissam Mahmassani wrote a series of great blog posts over on the VMware Cloud Provider Blog which explain these workflows and the different options they bring. I can’t take any credit for the posts, awesome though they are, but I do find myself regularly using them as a reference in workshops with VMware partners. I usually end up searching for the posts, and then sending links to them to the workshop attendees so they can read the content at their leisure.
To make that process easier, I decided to list them here so they’re easier to find, and, in order.