Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

Cloud OnRamp with AWS

Use the Cloud OnRamp screen to create virtual private cloud (VPC) instances for hosting vEdge Cloud routers in different AWS regions in the public internet. A Cloud OnRamp setup comprises three components:

  • A transit VPC, which connects a Viptela overlay network to one or more cloud-based applications.
  • A host VPC, which is where cloud-based applications reside.
  • The connections, or mappings, between the transit VPC and one or more host VPCs.

Screen Elements

  • Top bar—On the left are the menu icon, for expanding and collapsing the vManage menu, and the vManage product name. On the right are a number of icons and the user profile drop-down.
  • Title bar—Includes the title of the screen, Cloud OnRamp.
  • Add New Cloud Instance—Click to create a Cloud OnRamp VPC instance using the cloud instance configuration wizard.
  • Cloud OnRamp Dashboard—Displays after you add at least one region in an Account.
    • VPC panes—Located on the Cloud OnRamp Dashboard, directly under the Add New Cloud Instance button, is a pane for each region corresponding to an account that has been created. Each pane shows:
      • Account number or account name used for logging in to AWS
      • Number of up and down IPsec connections for mapped host VPCs
      • Number of up and down control connections for vEdge router instances within the transit VPCs

g00423.png

Create a Cloud Instance

  1. Click Add New Cloud Instance.
  2. In the Add Cloud Instance–Log In to a Cloud Server popup:
    1. In the Cloud drop-down, select the cloud type to be AWS.
    2. Click IAM Role or Key to log in to the cloud server. It is recommended that you use IAM Role.
    3. If you select IAM Role:
      1. In the Role ARN field, enter the role ARN of the IAM role.
      2. In the External ID field, enter external ID created for the role ARN. It is recommended that the external ID include 10 to 20 characters in random order.
        To authenticate to the vManage NMS using an IAM role, vManage NMS must be hosted by Viptela on AWS and have the following attributes:
        • Trusts the AWS account, 200235630647, that hosts the vManage NMS.
        • Have all permissions for EC2 and VPC resources.
        • A  default timeout of at least one hour.
        If vManage NMS is not hosted by Viptela on AWS, assign an IAM role with permissions to AssumeRole to the vManage server running the Cloud OnRamp process. Refer to the AWS documentation for details.
    4. If you select Key:
      1. In the API Key field, enter your Amazon API key.
      2. In the Secret Key field, enter the password associated with the API key.
  3. Click Login to log in to the cloud server.
    The cloud instance configuration wizard opens. This wizard consists of three screens that you use to select a region and discover hosts VPCs, add transit VPC, and map host VPCs to transit VPCs.
    A graphic on the right side of each wizard screen illustrates the steps in the cloud instance configuration process. Steps not yet completed are shown in light gray. The current step is highlighted within a blue box. Completed steps are indicated with a green checkmark and are shown in light orange.
  4. Select a region and discover host VPCs:
    1. In the Choose Region drop-down, select a geographical region.
    2. Click Discover Host VPCs. A list of host VPCs discovered in that region is displayed.
    3. Select the desired VPCs.
    4. Click Next.
  5. Add a transit VPC:
    1. In the Transit VPC Name field, type a name for the transit VPC. The name can be up to 128 characters and can contain only uppercase and lowercase letters, the digits 0 through 9, hyphens (–), and underscores (_). It cannot contain spaces or any other characters.
    2. Under Device Information, enter information about the transit VPC:
      1. In the vEdge Version drop-down, select the Viptela software version to run on the VPC transit.
      2. In the Size of Transit vEdge drop-down, select how much memory and how many CPUs to create on the VPC transit.
      3. In the Device 1 drop-down, select the serial number to use.
      4. In the Device 2 drop-down, select the serial number to use.
      5. Click Advanced if you wish to enter more specific configuration options:
        1. In the Transit VPC Subnet field, enter a custom CIDR that has a network mask in the range of 16 to 25. If you choose to leave this field empty, the Transit VPC is created with a default CIDR of 10.0.0.0/16.
        2. In the SSH PEM Key drop-down, select a PEM key pair to log in to an instance.
          Note that the key pairs are region-specific. Refer to the AWS documentation for instructions on creating key pairs.
        3. Click Save and Finish to create the transit VPC. Or click Proceed to Mapping to continue with the wizard.
    3. Click Next.
  6. Map the host VPCs to transit VPCs:
    1. In the table of host VPCs, select the desired host VPCs.
    2. Click Map VPCs. The Map Host VPCs popup opens.
    3. In the Transit VPC drop-down, select the transit VPC to map to the host VPCs.
    4. In the VPN drop-down, select the VPN in the overlay network in which to place the mapping.
    5. Click Map VPCs.
    6. Click Save and Complete.

Display Host VPCs

  1. In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens, and Host VPCs is selected by default. In the bar below this, Mapped Host VPCs is selected by default, and the table on the screen lists the mapping between host and transit VPCs, the state of the transit VPC, and the VPN ID.
  2. To list unmapped host VPCs, click Unmapped Host VPCs. Then click Discover Host VPCs.
  3. To display the transit VPCs, click Transit VPCs.

Map Host VPCs to a Transit VPC

  1. In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens.
  2. Click Unmapped Host VPCs.
  3. Click Discover Host VPCs.
  4. From the list of discovered host VPCs, select the desired host VPCs
  5. Click Map VPCs. The Map Host VPCs popup opens.
  6. In the Transit VPC drop-down, select the desired transit VPC.
  7. In the VPN drop-down, select the VPN in the overlay network in which to place the mapping.
  8. Click Map VPCs.

Unmap Host VPCs

  1. In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens.
  2. Click Mapped Host VPCs.
  3. From the list of VPCs, select the desired host VPCs.
  4. Click Unmap VPCs.
  5. Click OK to confirm the unmapping.

Unmapping host VPCs deletes all VPN connections to the VPN gateway in the host VPC, and then deletes the VPN gateway. When you make additional VPN connections to a mapped host VPC, they will be terminated as part of the unmapping process.

Display Transit VPCs

  1. In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens, and Host VPCs is selected by default.
  2. Click Transit VPCs.

The table at the bottom of the screen lists the transit VPCs.

Add a Transit VPC

  1. In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens, and Host VPCs is selected by default.
  2. Click Transit VPCs.
  3. Click Add Transit VPC.

Delete a Transit VPC

  1. In the Cloud OnRamp Dashboard, click the pane for the desired VPC. The Host VPCs/Transit VPCs screen opens, and Host VPCs is selected by default.
  2. Click Mapped Host VPCs.
  3. Select the desired host VPC, and click Unmap VPCs.
  4. Click OK to confirm the unmapping.
  5. Click Transit VPCs.
  6. Click the Trash icon to the left of the row for the transit VPC.
  7. Click OK to confirm.
  • Was this article helpful?