VMware Cloud on AWS網絡架構深入探討

VMwareCloudonAWS網絡架構深入探討技術創(chuàng)新，變革未來VMware

Cloud

on

AWS:

Jointly

Engineered

Cloud

ServiceVMwareSDDCrunning

onAWSbare

metalDelivered,operated,

supportedby

VMwareOn-demandcapacityand

flexibleconsumptionFulloperational

consistencywithon-premises

SDDCSeamlesslarge-scaleworkloadportabilityandhybrid

operationsGlobalAWSfootprint,

reach,availabilityDirectaccesstonativeAWS

servicesAWSGlobal

InfrastructureCustomer

dataCenter

vSphere

vSANNSXvSphere-basedenvironmentAWS

servicesvRealizeSuite,3rdpartyISV

ecosystemvCenter vCenterVMwareCloudTMon

AWSPoweredbyVMwareCloud

FoundationLarge-scaleapplication

migrationS3 Lambda

RedshiftELB CodeBuild

KMS…2Use-casesAligning

intended

use

to

long

term

cloud

strategyDatacenter

extensionFootprintexpansion

/On-demand

capacityTest/DevVirtualDesktops

/Published

AppsExpandMaintainDisaster

recoveryNew

DRReplaceexisting

DRComplement

existingDRPrimarySecondaryNext-generation

appsApplication

modernizationNewapplication

build-outHybrid

applicationsCloud

migrationsApplication

specificBCA|Virtual

DesktopsDatacenter

wideInfrastructure

refreshConsolidateMigrate3AvailableinAWSRegions

Worldwide*

StretchedclusternotsupportedAvailable

RegionsUSWest(Oregon)USEast(N.

Virginia)USWest(N.

California)*USEast(Ohio)GovCloudUS-WestCanada

(Central)*SouthAmerica(Sao

Paulo)Europe

(London)Europe(Frankfurt)Europe(Ireland)Europe(Paris)Europe(Stockholm)AsiaPacific

(Sydney)AsiaPacific

(Tokyo)AsiaPacific

(Singapore)AsiaPacific(Seoul)AsiaPacific

(Mumbai)Planned

RegionsEurope(Milan)GovCloud

(US-East)SOC2Type

2New!Q3

2022Hong

KongRegion4NetworkingInsidethe

SDDC6Networking

Inside

the

Software

Defined

Data

Center

(SDDC)Providenumerous

connectivityoptionsintothe

SDDCProvidesscalableandeasytoconsumenetworkinginside

theSDDCPoweredbyVMware

NSX-TSimplified

InterfaceAPIaccess

available6+yearsofSDN

experienceKeyfeaturesfrom

on-premisesbroughttothe

cloudNetworkingSecurity6NetworkingInsidethe

SDDCSDDCInternet

GatewayInternetManagementGatewayComputeGatewayEdgeVMware-managed

NetworksNetworksNetworksVMVMManagementVMManagementVMVMVMESXiESXiESXiESXiEdgeAllconnectivity

toworkloadsflowsthroughthe

EdgeActive/Stanprovide

HigAvailabilityConfigured

fordby

toh(HA)ManagementGatewayManagementtrafficforvCenter,NSX,ESXihosts,

etc.Compute

Gatewayworkloadtraffic,includingnetworkto

network79VMwareCloud

VPCCustomer

VPCENI@25GbpsAZ1AZ2CustomerData

Center

Internet vSphere

EnvironmentESXiCompute

vSphereStoragevSANNetworkNSXvCenterAWSregion

AAWSregion

BAWS

DirectConnectS3inregion

AS3Public

end-point10AWSTGW

introRegionVPCsareinthesameRegion

butcanbeindifferent

accountsTransit

Gateway

basisVPC/16VPC/16VPC/16TGWVPCAttachment

1VPCAttachment

2VPCAttachment

3Corporate

datacenter/16VPN(2

tunnels)Direct

ConnectGatewayDestinationTarget/16localothertgw-12345678CIDRAttachmentResource

type10.x.0.0/16tgw-attach-xVPC/162

attachmentsVPN/

DXVPCroute

tableLearned

routes10Regionalconstructhighlyavailable

andscalable1000’sofVPCs

from

multiple

accountsFlexibleroutingusing

ENIsinsubnets

(10000static

routes)Multipleroutingdomains(orroute

tables–max

20)TGWRouting

ConceptRegionVPCVPCVPCTGWVPCRouting

DomainRouting

DomainVPNDXGW11DirectConnect

(DX)1314DedicatednetworkconnectiontoAWS

backboneVariousspeedsof1or

10Gbps(orlessviaAWSpartners)New100Gbps

sinceFeb15th,2021inspecific

locationsConsistentperformanceatreduceddata

chargesPhysicalandlogicalconnectivityviaaDX

locationAWSDirect

ConnectDX

locationAWSrouterCustomerrouterCrossconnectLAG:LinkAggregation

GroupUpto4

InterfacesAWS

CloudCorpData

Center/0CustomerrouterService

ProviderMPLS15Private

VIFUsedtoconnecttoVPCusingprivateIP

addressesCanbedirectlyattachedtoVGW(supportedon

VMC)or

via

Direct

Connect

gateway

(not

supported

on

VMC)Default

MTU1500.Supportsjumboframes9001

bytesPublic

VIFUsed

to

connect

to

ALL

AWS

public

services

using

public

IP

addressesTransitVIF

(new)UsedtoconnecttoTGWsviaDirectConnect

gatewayDefault

MTU1500

andjumboframes8500

bytesALLVIFsareinfact820.1qVLANs

withBGPpeeringDirectConnectVirtualInterfaces(VIF)

types16A

Private

VIF

link

with

BGP

between

the

VPC

and

the

DX

location

router

(or

on-prem)VPCCIDRwillbe

advertised.Anyon-prem

networkswillbelearnedMax

100

BGP

prefixes

from

on-prem

(BGPsession

will

go

down

if

you

advertise

more

than

100

routes)Howto

Connect?CorpData

Center/16AWSrouterCustomerrouterCrossconnectCustomerrouterAWS

CloudVPC/16Private

VIFwith

BGPDestinationTarget/16local/0vgw-12345678

100BGP100

BGPBGP:

/16

/16

DX

locationService

ProviderMPLS17DirectConnectGateway

(DXGW)LEGENDonnext

slides

VGW

association

TGW

associationPublicVIFPrivate

VIFTransit

VIFGlobalConstructindependentof

RegionsUpto10VGWsassociationstoa1Private

VIFBGPsessionterminateson

DXGWDirectConnectGateway–

PrivateVIFCorpData

Center/16DX

locationAWSrouterCustomerrouterCrossconnectCustomerrouterAWS

CloudVPC/16VPC/16VPC/16Private

VIFwith

BGPMultiple

accounts

supported

for

Region

A

and

BVGW

associationService

ProviderMPLSAllowedRegion

AAccount

1Region

BAccount

2DX

GatewayNot17AllowedDX

GatewayUp

to

3

TGWs

associations

per

DX

GatewayUp

to

20

prefixes

from

TGW

to

DXGWUpto100prefixesfrom

on-premTGW

can

connect

to

1000s

of

VPCs

(think

aboutsummarization)DirectConnectGateway–

TransitVIFCorpData

Center/16DX

locationCustomerrouterAWSrouter CrossconnectCustomerrouterAWS

CloudVPC/16VPC/16VPC/16Region

ARegion

B20

BGP20

BGPTGWTGWNotAllowed

100BGPTransit

VIFwith

BGPTGW

associationService

ProviderMPLSAllowed18CGWMGWEdgeSDDC

1NSX</>vCenterDesign

Validity

–

Multiple

Public

and/or

Private

VIFs

?CorpData

Center/16CustomerrouterAWSrouter CrossconnectCustomerrouterAWS

CloudVPC/16VPC/16Region

APrivate

VIFsPublic

VIFDX

locationService

ProviderMPLSAllowed19DXlocationandAWSdeploymentregionare

linkedDesign

Validity

–

Private

VIF

and

DXGW

mix

?CorpData

Center/16DX

locationAWSrouterCustomerrouterCrossconnectCustomerrouterVPC/16AWS

CloudRegion

AVPC/16Region

BPrivate

VIFPrivate

VIFVGW

associationsDX

GatewayService

ProviderMPLSNotAllowedAllowedCGWMGWEdgeSDDC

1NSX</>vCenter20BGPsession

ScalabilityDX

locationAWSrouterCustomerrouterCrossconnectVPCPrivate

VIF1BGP

1

VPC1PrivateVIF

1VGW

1

VPCTGWVPCVPCTransit

VIF1TransitVIF

1

DXGW1DXGW

3

TGWs1TGW

1000sof

VPCs1BGP

1000s

VPCsDXGWVPCVPC1BGP

10

VPCs1PrivateVIF

1

DXGW1DXGW

10VPCsDXGWPrivate

VIF2123VMwareTransit

Connect-VMwareManaged

TGWVMwareManagedTGWinVMwareCloudon

AWSVMwareManaged

TGWIt’s

aVMware

owned

TGW

connecting

multipleSDDCsand

VPCs(belongstotheORGshadow

Account)23SDDCs

must

be

in

the

same

region

(TGW

dictates)SDDCsmusthavenonoverlappingManagement

networksSDDCsshouldhavenono