Posts

Costs analysis for Data Transfer via VMware Managed TGW

Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Every customer design is different but all of them should include a costs analysis specifically when using VMware managed Transit Gateway or AWS Transit Gateway. The AWS page here has very useful information for us to be able to understand costs. Transit Gateway Costs TGW pricing is split in 2 components: A fixed price for infrastructure connectivity per hour. Depending on the attachments, various account owners are charged.  A variable price for processing data via the TGW. Price is per GB. The sending account is charged. Prices depend on regions and range from $0.05 to $0.09 per attachment per hour. Who is charged? VPC attachments The VPC account owner is charged and is billed hourly. VPN attachments The TGW account owner is billed hourly. Site-to-Site VPN connection pricing still applies in addition to the VPN TGW attachments. Direct Connect Gateway attachments The DXGW account owner is billed hourly. Peering Attac

Connect VMware managed TGW to your AWS TGW in the same region using a "peering VPC"

Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- In many designs we are facing customers that already have a TGW in a specific AWS region and VPCs attached to it. Adding an SDDC group in the same region is problematic since AWS doesn't support TGW peering in the same region. If the SDDC Group is in a different region, the VMC software (M15 for EA and M16 for GA) will support that but it's a very rare case and so far my Customers have TGW in the same region. On my "physical" last Re:Invent conference in Vegas in 2019, I talked to an AWS Network engineer that indicated that we can do transitive routing via a VPC attached to two TGWs in the same region. Yes, a VPC can be attached up to 5 different TGWs in the same region. The setup is quite easy and simple. The throughput via this "peering VPC" is great since all attachments are VPC attachments at 50Gbps. Nothing is required in the Peering VPC only 1 subnet in each AZ you want to connect - s

VMware Cloud on AWS VPN BGP Route filtering

Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Building a Route Based VPN with VMware Cloud on AWS is simple. There are multiple descriptions in this blog using APIs here and PowerCLI here . Today I want to highlight a very common request to filter BGP routes incoming and/or outgoing on a Route Based VPN tunnel. To do that, I will simply use an AWS Transit Gateway as the other end of the VPN tunnel. Initial Setup SDDC Side On the SDDC side I have a few Networks: Management at 10.10.0.0/23 NSX Segments 11.11.11.0/24 12.12.12.0/24 13.13.13.0/24 192.168.1.0/24 TGW Side On the TGW side I just added 2 static routes that will be propagated to the SDDC 22.22.0.0/24 33.33.0.0/24 SDDC Routes Visibility Note that when

Using VMware Cloud on AWS SDDC-Group APIs (Part 4)

Image
Gilles Chekroun
 Lead VMware Cloud on AWS Solutions Architect --- Following the  Part1 ,    Part2  and Part3 I am adding now more description and use of SDDC Grouping APIs. In this article, I will focus on: Add/Remove Direct Connect Gateway Association Detailed SDDC Group info Static vTGW routes for VPCs Add Direct Connect Gateway Association On AWS Console, create a DX Gateway and note the DXGW ID for the config.ini parameters The SDDC Grouping API for DXGW Association is: A code example would be: def attach_dxgw ( routes , resource_id , org_id , dxgw_owner , dxgw_id , region , session_token ): myHeader = { 'csp-auth-token' : session_token} myURL = " {} /network/ {} /aws/operations" .format(BaseURL, org_id) body = { "type" : &q