Creating a VPC or VNet

Create a VPC on an AWS cloud account or a virtual network (VNet) on an Azure cloud account. You can create gateway (that is, primary) and workload (that is, secondary) VPCs and VNets. You also configure the connection from AWS and Azure services to the SD-WAN controller.

Before you begin

Ensure that you created profiles and custom templates in your SD-WAN controller products, and that you created template data for these controllers in Site Planner. For more information, see Creating SD-WAN controller templates.

About this task

Each VPC or VNet must have at least one private global subnet and one public local subnet to host a software-defined WAN (SD-WAN).

Procedure

  1. Log in to the Wired portal.
  2. Click the cloud account where you want to create a VPC or VNet.
  3. Click Create VPC or Create VNet.
  4. (AWS only) Add a name, the VPC CIDR, and region information for the VPC.
    VPC CIDR
    Enter the VPC CIDR range for the VPC. For more information about which range to use, see the RFC 1918 private network address allocation recommendations.
    Region
    Select an AWS region for hosting the VPC.
  5. (Azure only) Add a name and the location information for the VNet.
    Address space
    Enter the CIDR range for the VNet. For more information about which range to use, see the RFC 1918 private network address allocation recommendations.
    Location
    Select an Azure location for hosting the VNet.
    Resource group
    Select a group that contains resources for the VNet.
  6. Add names and the details of the subnets for your VPC or VNet.
    Availability zone (AWS only)
    Select an availability zone within the AWS region. An availability zone is a functionally independent segment of network infrastructure that enables allow fault tolerance and high availability.
    CIDR address
    Enter the CIDR address for the subnet.
    Subnet type
    Specify whether the subnet is private or public.
    • Private subnets cannot access, or be accessed from, the internet.
    • Public subnets can access, and be accessed from, the internet.
    WAN access
    Specify whether the subnet has local or global WAN access.
    • Subnets with local access can communicate only within the VPC or VNet.
    • Subnets with global access can communicate with other VPCs or VNets and with your branch office network.
  7. Choose a template on which to base the VPC or VNet. That is, choose whether the VPC or VNet is a gateway or a workload VPC or VNet.
    • For a gateway VPC, click SDWAN Edge Gateway VPC. For a gateway VNet, click SDWAN Edge Gateway VNet.

      A gateway VPC or VNet is normally used to host an SD-WAN edge gateway and can optionally host workloads. It also acts as a gateway for workload VPCs or VNets.

    • For a workload VPC, click SDWAN Workload VPC. For a workload VNet, click SDWAN Workload VNet.

      A workload VPC or VNet is normally used to host workloads.

  8. Configure the connection from AWS and Azure services to the SD-WAN controller.
    1. Select the SD-WAN controller that you want to use, that is, Cisco SD-WAN or VMware SD-WAN.
    2. Specify the details of the SD-WAN edge that you want to deploy in the gateway VPC or VNet.
      Target public subnet
      Select one of the public subnets that you added in step 6. The WAN endpoint for the SD-WAN edge gateway is located in this subnet.
      Target private subnet
      Select one of the private subnets that you added in step 6. The LAN endpoint for the SD-WAN edge gateway is located in this subnet.
      Restriction: For an AWS VPC, the Target public subnet and Target private subnet must be in the same availability zone.
      Edge instance flavor
      Select the instance flavor that you want for the edge location.
      Edge software version
      Select the SD-WAN software version that you want to use for the edge location.
      Key pair name (AWS only)
      You can use two types of SSH key to access the SD-WAN edge location.
      To use an existing SSH key, create a key pair in the correct region in the AWS portal. Back in the Wired portal, enter the key pair name in the Key pair name field.
      To use an SSH key for a specific user, enter a name for the key pair, then upload a user-specific SSH key in the Public key field. The key is added to the AWS key pair inventory.
      Public key
      This SSH key is displayed only when a key pair name is entered that does not exist in AWS. You can upload a user-specific SSH public key in this field to access the SD-WAN edge location.
  9. Click Create VPC or Create VNet.

Results

The objects for the VPC or VNet are added to the Clouds menu in Site Planner. The gateway VPCs or VNets that cloud instances must connect to are set up.

What to do next

(AWS only) Configure the routes of the traffic between regions.