I'm looking for some guidance on deploying a VeloCloud solution in AWS in multiple regions and multiple VPCs. I currently have a solution where I've built VPN tunnels from AWS Transit Gateway to the VeloCloud Orchestrator as non-velocloud sites. My concern with this method is that the VeloCloud gateways could be a single point of failure (I'm not able to find any concrete documentation that states the SLA of a VeloCloud Gateway).
The shortfall with the VeloCloud Edge device is that I would need to deploy an edge in each VPC in order to route traffic out the EC2 interface of the edge. To get around this I've come up with a possible solution which is what I'd like opinion on:
I'd like to create a new account in AWS. Build one "Egress VPC" with a public and private subnet. Deploy a VeloCloud Edge inside of the VPC. Build a transit gateway and attach this VPC. All routing from the transit gateway destined for internal traffic would point to the "Egress VPC." The route table inside the "Egress VPC" would point all internal traffic to the network interface of the VeloCloud Edge. At this point all traffic would essentially funnel from the Transit Gateway, out the VeloCloud Edge and onto the VeloCloud mesh.
I could then share this transit gateway across other AWS accounts using AWS Resource Access Manager. I could point all traffic that needs to go across VeloCloud to the shared transit gateway. Once it arrives at the Transit gateway, the route tables would direct the traffic all the way to the VeloCloud edge network interface.
I need help poking holes in this solution. I don't know that it will work - it's just a guess at this point. I don't know how I will setup an HA pair either.
Has anyone had to figure this out in their environment? Any help would be appreciated.
No comments:
Post a Comment