VMware Cloud Community
9990374530
Hot Shot
Hot Shot
Jump to solution

Fault Tolerance| Monitoring | Addressing

Hello experts,

Please help to my queries below as I didn't find specific in VMC on AWS doc:

1. What addressing is allowed inside VMware on cloud? What addressing is used for VMware on cloud hypervisor management interface networks?

Answer: I believe we can use whatever private network addressing we want on VMware Cloud on AWS to align with my internal existing on-premise networks. Is there any CIDR I have to taken care of?

 

2. Do we have Bidirectional Forwarding Detection support inside VPN? If yes, then is it under the full control of AWS? What is the switching speed between VPN in case of failure? I didn't find anything specific in VMC doc but I believe it is not less than 30 sec?

3. Do we have availability of network traffic monitoring (Netflow) for any individual virtual machine, as well as between any several virtual machines within the segment I have allocated?

 

Regards

PK

Reply
0 Kudos
1 Solution

Accepted Solutions
ebernard
Enthusiast
Enthusiast
Jump to solution

Hi PK,

Yes, you're right:
- L3 VPN means routing, so different subnets
- L2 means switching, so similar subnets on both side

Both are available with VMC:
- L3 VPN with your usual endpoint on premise (from any vendor)
- L2 based on a NSX Edge standalone client available for download from VMC console.
And don't forget that HCX, provided with VMC has also the ability to do L2 Extension by extending your distributed virtual switch (aka dVS)

hope that helped

Emmanuel

Emmanuel BERNARD
Lead Solution Engineer | VMware Cloud | EMEA

Please mark "Helpful" or "Correct Answer" if applies. Appreciate it.

View solution in original post

3 Replies
ebernard
Enthusiast
Enthusiast
Jump to solution

Hi PK,

 

Please find my answers below, I hope that will help you :

1) You can use whatever network CIDR you want, you have a full freedom to choose anyone. Of course, if you want to interconnect with your on premise environment thru a VPN you have to choose accordingly to avoid IP overlap.

To be more precise, you have 2 different parts into VMC: First is the management part that VMware is responsible for and where vCenter, ESXi hosts and NSX appliances will be deployed: you choose any RFC1918 CIDR.
And on the other side you have your Compute environment where you will deploy your workloads and you can create any private IP network/subnets as described above.

2) For BFD I don't know if we do support it on our VPN. So, in this case, let me ask you if it's about L3 or L2 VPN?
We do support resilience on our VPN: both L3 and L2. Maybe someone else can answer to your switching speed?

3) you can use Netflow or IPFIX and can do port mirroring if needed, see: https://cloud.vmware.com/community/2019/04/25/port-mirroring-vmware-cloud-aws/ 

Cheers

Emmanuel 

Emmanuel BERNARD
Lead Solution Engineer | VMware Cloud | EMEA

Please mark "Helpful" or "Correct Answer" if applies. Appreciate it.
9990374530
Hot Shot
Hot Shot
Jump to solution

Hi Emmanuel,

 

Thanks for the response. Much appreciated!

I believe in layer 3 VPN, each side of the connection is on a different subnet but in L2 VPN it has to be on same subnet?

 

Regards

PK

 

Tags (1)
Reply
0 Kudos
ebernard
Enthusiast
Enthusiast
Jump to solution

Hi PK,

Yes, you're right:
- L3 VPN means routing, so different subnets
- L2 means switching, so similar subnets on both side

Both are available with VMC:
- L3 VPN with your usual endpoint on premise (from any vendor)
- L2 based on a NSX Edge standalone client available for download from VMC console.
And don't forget that HCX, provided with VMC has also the ability to do L2 Extension by extending your distributed virtual switch (aka dVS)

hope that helped

Emmanuel

Emmanuel BERNARD
Lead Solution Engineer | VMware Cloud | EMEA

Please mark "Helpful" or "Correct Answer" if applies. Appreciate it.