Connection Options
You can use these connection options for the Cisco Hybrid Cloud Networking Solution:
-
With IPsec: If the connectivity from the on-premises data center to the cloud is over the public Internet, then an IPsec tunnel is required for establishing a secure channel. In this situation, the border gateway (BGW) will be connected to an on-premises IPsec-capable device, such as an ASR 1000 or a Cisco Catalyst 8000V. This device establishes IPsec tunnels with the Catalyst 8000Vs in the cloud. The on-premises BGWs can then leverage this "IPsec secured underlay" to build VXLAN tunnels with the Catalyst 8000Vs in the cloud.
-
Without IPsec: If the BGWs are connected to the public cloud using Direct Connect (AWS) or ExpressRoute (Azure), then enabling IPsec is optional. In this case, a VXLAN connection is employed between the on-premises VXLAN EVPN data centers and the Cisco Catalyst 8000Vs on top of those dedicated circuits.
The following sections provide more detailed information on the supported topologies available using either of these connection options: