Integrate HA with AWS Cloud WAN
For supported software information, click here.
You can integrate Versa Operating SystemTM (VOSTM) high availability (HA) with AWS cloud WAN to provide high availability for the customer workloads connected to different VPCs within a region and across a region. VOS HA enables network-wide redundancy by enabling fast recovery from faults that may occur inc any part of the network. With VOS HA, network hardware and software work together and enable fast recovery from network disruptions to ensure the best experience for users and network applications.
The following figures illustrate the components of the AWS cloud WAN and how they are integrated with VOS HA.
These two figures illustrate the following components in the AWS cloud WAN:
- AWS network manager—The user interfaces in the AWS management console and associated APIs to centrally manage the global network.
- Global network–A single private network that acts as the root-level container for network objects. A global network can contain both transit gateways and a core network.
- Core network—The part of the global network managed by AWS.
- Core network Policy—A single, versioned policy document that defines all aspects of the core network.
- Attachments—Any connections or resources you want to add to the core network. Supported attachments include VPCs, VPNs, and connect attachments.
- Core network edge (CNE)—A regional connection point for the attachments as defined in the policy. For this, Cloud WAN uses technology similar to a transit gateway, but because it is managed by AWS, there are differences, such as dynamic routing.
- Network Segments—Routing domains that by default allow communication only within a segment, consistently throughout the global network. These are strongly enforced Layer 3 routing domains, unless you create sharing relationships in the network policy.
The following are some of the use cases for an AWS cloud WAN :
Configure VOS HA for a Multi-Availability Zone in a Single Region
This section describes how to configure VOS HA for a multi-availability zone in a single region. The following figure illustrates the topology.
Configure the HA Topology
The following steps summarize the configuration of HA for a multi-availability zone in a single region:
- Deploy the VOS device as a hub or branch in the cloud using the IaC tool Terraform or Versa Director CMS. In a multi-availability zone in a single region, you can deploy the VOS device as either a hub or a branch.
- Create the AWS cloud WAN attachments to the core network. The supported attachments include VPCs, VPNs, and connect attachments.
- The VOS device uses the VPC attachment to connect the CORE network.
- After VPC attachment completes, create the VPC connect to configure GRE and EBGP.
- Ensure that the EBGP session between the VOS and core network core network edge (CNE) is up.
- Check the routing propagation from the VOS device to the core network routing table, and vice versa.
- Ensure that all traffic destined for SD-WAN prefers the primary AWS hub or branch based on the highest LPF.
- Ensure that all traffic destined for the AWS cloud prefers the primary VOS device based on the AS path prepend (lowest AS path BGP attributes).
- Ensure that all traffic destined for the regional and interregional cloud prefers the primary VOS device based on the lowest AS path. The secondary VOS device should have a higher AS path prepending.
- Use the BGP LPF and AS path prepend attributes help to ensure that the traffic destined for the cloud and SD-WAN network reaches these networks symmetrically.
- LAN failover is driven by EBPG configured between the VOS device and the core network.
- WAN failover is managed by the default native VOS SLA PDU between the VOS devices
Configure VOS HA with AWS
- Use Terraform or create a CMS connector to deploy the VOS device.
- In the AWS Network Manager, select Create Global Network to create a global network:
-
In the Policy Version, enable the BGP AS numbers for the core network so that the CNE can form the EBGP session using these AS numbers.
-
Configure the edge locations for the core networks.
-
View the JSON version of the policy version configuration:
-
Create the VPC attachment.
-
Connect the VPN attachment to the core networks.
-
View the core network topology:
-
View the topology graph:
-
View the topology tree:
-
View the logical topology:
-
View the route propagation:
-
Verify the VOS HA control plane:
Configure VOS HA for a Multi-Availability Zone in Multiple Regions
This section describes how to configure VOS HA for a multi-availability zone in multiple regions. The following figure illustrates the topology.
The following are configuration components:
- Deploy VOS devices in multiple availability zones across multiple regions to have regional-level redundancy for the workload hosted in the cloud.
- Users can reach their workloads in the closest regional hubs.
- Each non-regional hub can act as a backup for the cloud workloads.
- Users receive multi-availability zone and multiregion HA.
- Configure a spoke group to ensure that user traffic behind the SD-WAN VOS device prefers the regional hubs to reach the workload with less latency.
- Configure an AS path prepend to ensure that traffic destined for the cloud prefers the hubs to maintain a symmetric traffic path.
Supported Software Information
Releases 21.2.2 and later support all content described in this article.