Cloud OnRamp for Multicloud

Table 1. Feature History

Feature Name

Release Information

Description

Cloud OnRamp for Multicloud

Cisco IOS XE Catalyst SD-WAN Release 17.16.1a

Cisco Catalyst SD-WAN Manager Release 20.16.1

This feature provides a single common dashboard in Cisco SD-WAN Manager that displays unified information of accounts, gateways, and connections for both cloud and interconnect providers.

This feature enhances the experience by helping you identify resources and monitor each provider's utilization.

Information about Cloud OnRamp for Multicloud

The Cloud OnRamp for Multicloud page on Cisco SD-WAN Manager:

  • Simplifies the experience for multicloud configurations.

  • Provides step-by-step, intent-based connectivity deployments that helps you set up the connectivity.

  • Provides an onboarding experience for Day 0 configurations and a dashboard experience for Day N configurations.

For a Cisco SD-WAN Manager instance on Cisco Catalyst SD-WAN Manager Release 20.16.1, from the onboarding page you can initially associate a provider account. Once you add an account, you can configure global settings and tags for an associated cloud account. Once you create a connection from the onboarding page, you are automatically switched to the dashboard view. From the dashboard page, click Go to Onboarding to go back to the onboarding page.

The Cloud OnRamp for Multicloud dashboard shows key utilization metrics for each configured provider:

  • Number of accounts

  • Number of gateways

  • Number of cloud or interconnect connections

  • Number of connected tags, applicable only to cloud providers

  • If audit is enabled, last status of audit, applicable only to cloud providers

Workflow to Configure Cloud OnRamp for Multicloud

  1. Add Accounts: Associate and manage provider accounts.

  2. Add Global Settings: Configure and save default settings for provider services.

  3. Add VPCs/VNets Tags: Discover and tag cloud workloads (VPCs and VNets).

  4. Add Gateway: Create and manage cloud and interconnect gateways.

  5. Cloud Connections and Interconnect Connections: You can establish site-to-site, site-to-cloud, and cloud-to-cloud connectivity through the dashboard after bringing up the first gateway.

    Once you create a connection from the onboarding page, you are automatically switched to the dashboard view.

Manage Accounts

Add an AWS Cloud Account

  1. You can associate provider accounts in two ways:

    • If you are a first-time user:

      From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

      From the onboarding page, click Add accounts.

      .
    • Alternatively, from the dashboard page click Manage Accounts.

      Click Add accounts.

  2. Choose provider as AWS or AWS Gov Cloud based on your requirement.

  3. Enter the following parameters:

    Field

    Description

    Account name

    Enter the account name.

    Description (Optional)

    Enter the description.

    Use for cloud gateway

    Choose Yes if you want to create cloud gateway in your account, or choose No.

    Login in to AWS with

    Choose the authentication model you want to use:

    • Key

    • IAM Role

  4. If you choose the Key model, then provide API Key and Secret Key in the respective fileds.

    Or

    If you choose the IAM Role model, then create an IAM role with Cisco SD-WAN Manager provided External ID. Note the displayed External ID from the window and provide the Role Amazon Resource Name (ARN) value that is available when creating an IAM role.

    Choose IAM Role only if the controllers are deployed in AWS. If the controllers are managed by Cisco but deployed in AWS, use the External ID.

    To create an IAM role, you must enter the External ID provided by Cisco SD-WAN Manager into a policy by using the AWS Management Console. Do the following:

    1. Attach an IAM Role to an existing Cisco SD-WAN Manager EC2 instance.

      1. See the Creating an IAM role (console) topic of AWS documentation to create a policy. In the AWS Create policy wizard, click JSON and enter the following JSON policy document.

        {
          
"Version": "2012-10-17",

          "Statement": [{

            "Sid": "VisualEditor0",
            
"Effect": "Allow",

            "Action": "sts:AssumeRole",
            
"Resource": "*"

            }
]
        
}

        
      2. See the Easily Replace or Attach an IAM Role to an Existing EC2 Instance by Using the EC2 Console blog of AWS Security Blog for information about creating an IAM role and attaching it to the Cisco SD-WAN Manager EC2 instance based on the policy created in Step 1.


        Note


        On the Attach permissions policy window, choose the AWS managed policy that you created in Step 1.



        Note


        The following set of permissions are allowed:

        • AmazonEC2FullAccess

        • IAMReadOnlyAccess

        • AWSNetworkManagerFullAccess

        • AWSResourceAccessManagerFullAccess

        For more information on creating an AWS IAM Role, refer Creating an AWS IAM Role.


    2. Create an IAM role on an AWS account that you want to use for the multicloud environment.

      1. See the Creating an IAM role (console) topic of AWS Documentation and create an IAM role by checking Require External ID and pasting the external ID.

      2. See the Modifying a role trust policy (console) topic of AWS Documentation to change who can assume a role.

        In the IAM Roles window, scroll down and click the role you created in the previous step.

        In the Summary window, note the Role Amazon Resource Name (ARN) that is displayed at the top.


        Note


        You can enter this role ARN value when you choose the authentication model as IAM role in Step 7.


      3. After modifying the trust relationship, click JSON and enter the following JSON document. Save the changes.


        Note


        The account Id in the following JSON document belongs to the Cisco SD-WAN Manager EC2 instance.


        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": "arn:aws:iam::[Account ID from Part 1]:root"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                "StringEquals": {
                  "sts:ExternalId": "[vManage provided External ID]"
               }
              }
            }
          ]
        }
        
  5. Click Submit.

To view or update the account details, click ... on the Manage Accounts page.

You can also remove the account if there are no associated host VPC tags or cloud gateways.


Note


During the Multicloud resource cleanup process, Cisco SD-WAN Manager compares the current database to the running resources in the account using the organisation name and account detail tags. Any resources that match the tags but are not in the current database are deleted. Therefore, the AWS Multicloud resources of Cisco SD-WAN Manager can be deleted by another Cisco SD-WAN Manager if the organization name and the associated AWS account details are the same. We recommend that if you are using the same AWS account across different Cisco SD-WAN Manager overlays, ensure that you use different organization and overlay name for each Cisco SD-WAN Manager.


Add an Azure Cloud Account

  1. You can associate provider accounts in two ways:

    • If you are a first-time user:

      From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

      From the onboarding page, click Add accounts.

      .
    • Alternatively, from the dashboard page click Manage Accounts.

      Click Add accounts.

  2. Choose Azure or Azure Gov Cloud based on your requirement.

  3. Enter the following information:

    Field

    Description

    Account name

    Enter a name for your Azure subscription.

    Description (optional)

    Enter a description for the account. This field is optional.

    Use for cloud gateway

    Choose Yes to designate the account to be used for cloud gateway creation. The option Yes is chosen by default.

    Tenant ID

    Enter the ID of your Azure Active Directory (AD). To find the tenant ID, go to your Azure Active Directory and click Properties.

    Subscription ID

    Enter the ID of the Azure subscription you want to use as part of this workflow.

    Client ID

    Enter your existing Azure application ID. See Azure documentation for more information on how to register an application in Azure AD, get the client ID and secret key, and more.

    Secret key

    Enter the password associated with the client ID.

  4. Click Submit.

Add a Google Cloud Account

  1. You can associate provider accounts in two ways:

    • If you are a first-time user:

      From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

      From the onboarding page, click Add accounts.

      .
    • Alternatively, from the dashboard page click Manage Accounts.

      Click Add accounts.

  2. Choose Google Cloud.

  3. Enter the following information:

    Field

    Description

    Account name

    Enter a name for your Google Cloud account.

    Description (optional)

    Enter a description for the account.

    Use for cloud gateway

    Choose Yes to create a cloud gateway in your account. The option Yes is chosen by default.

    Billing ID (Optional)

    Enter the billing ID associated with your Google Cloud service account.

    If you provide a billing ID, it goes through an automatic validation process.

    Note

     

    This field is visible only if you choose the Yes option for the Use for Cloud Gateway field.

    Service directory lookup

    Choose Yes to allow Cisco SD-WAN Manager to discover services or applications in the Google Service Directory associated with the Cloud Account. The option No is chosen by default.

    Private key ID

    Click Upload Credential File. You must generate this file by logging in to Google Cloud console. The private key ID may be in JSON or REST API formats. The format depends on the method of key generation. For more details, see Google Cloud documentation.

    For more information, see Cisco SD-WAN Cloud onRamp for Multicloud using Google Cloud Platform.

  4. Click Submit.

Associate a Megaport Account

  1. You can associate provider accounts in two ways:

    • If you are a first-time user:

      From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

      From the onboarding page, click Add accounts.

      .
    • Alternatively, from the dashboard page click Manage Accounts.

      Click Add accounts.

  2. Choose Megaport.

  3. Configure the following:

    Field

    Description

    Account name

    Enter a name of your choice. This name is used to identify the Megaport account in workflows that define the cloud or site-to-site interconnects.

    Description (Optional)

    Enter a description.

    User name

    Enter the username of your Megaport account.

    Password

    Enter the password of your Megaport account.

  4. Click Submit.

Cisco SD-WAN Manager authenticates the account and saves the account details in a database.

Associate an Equinix Account

  1. You can associate provider accounts in two ways:

    • If you are a first-time user:

      From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

      From the onboarding page, click Add accounts.

      .
    • Alternatively, from the dashboard page click Manage Accounts.

      Click Add accounts.

  2. Choose Equinix.

  3. Configure the following:

    Account name Enter a name of your choice. This name is used to identify the Equinix account in workflows that define the cloud or site-to-site interconnects.
    Description (Optional) Enter a description.
    Customer key Enter the client ID (consumer key).
    Customer secret Enter the client secret key (consumer secret).
  4. Click Submit.

Cisco SD-WAN Manager authenticates the account and saves the account details in a database.

Global Settings

The global settings for each provider includes mandatory fields. The Advanced layout option provides all the advanced settings with preconfigured values. If you do not explicitly select a value in the fields that appear when you enable Advanced layout, preconfigured values are chosen. The Advanced layout option is disabled by default.

Configure Global Settings for AWS

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    On the onboarding page, click Add global settings.

  2. Configure the settings based on your requirements:

    Field

    Description

    Enable configuration group

    Enable this option to use configuration groups to configure devices.

    Note

     

    Configuration groups is not supported on AWS Branch Connect solution.

    Cloud gateway solution

    From the drop-down list choose one of the following options:

    • Transit Gateway–VPN based (using TVPC)—Allows connectivity of the cloud gateway to the VPCs in the cloud through the transit gateway that is instantiated in the AWS cloud. The cloud gateway consists of a pair of cloud services routers that are instantiated within a transit VPC. This option uses the AWS VPN connection (IPSec) approach.

    • Transit Gateway–Connect based (using TVPC)—Allows connectivity of the cloud gateway to the VPCs in the cloud through the transit gateway that is instantiated in the AWS cloud. The cloud gateway consists of a pair of cloud services routers that are instantiated within a transit VPC. This option uses the AWS TGW Connect (GRE tunnels) approach.

    • Transit Gateway–Branch-connect—Allows connectivity of different Cisco Catalyst SD-WAN edge devices to VPCs in the cloud through the transit gateway that is instantiated in the AWS cloud. This option uses the AWS VPN connection (IPSec) approach.

    • Cloud WAN–VPN based (using TVPC)—Allows connectivity of the cloud gateway to the VPCs in the cloud through AWS Cloud Wan. The cloud gateway consists of a pair of cloud services routers that are instantiated within a transit VPC. This option uses the AWS VPN connection (IPSec) approach.

    • Cloud WAN–Connect based (using TVPC)—Allows connectivity of the cloud gateway to the VPCs in the cloud through AWS Cloud Wan. The cloud gateway consists of a pair of cloud services routers that are instantiated within a transit VPC. This option uses the AWS Connect attachments (supporting GRE tunnels) approach.

    Reference account name

    From the drop-down list choose the reference account name. Cisco SD-WAN Manager discovers the software images and instance sizes using this reference account name.

    Note

     

    You can still choose a different account, if required, at the time of a cloud gateway creation.

    Reference region

    From the drop-down list choose the reference region. Cisco SD-WAN Manager discovers the software images and instance sizes in this reference region under the referenced account name.

    License type

    Choose BYOL to use a bring your own license software image

    Choose PAYG to use a pay as you go software image.

    Note

     

    PAYG is supported only on Transit Gateway - VPN based and Connect based solutions.

    Software image

    From the drop-down list, select a software image.

    Instance size

    From the drop-down list choose the required size.

    IP subnet pool

    Enter the subnet pool address.

    You cannot modify the pool when a few cloud gateways are already making use of pool.

    Full mesh of transit VPCs

    Specifies the full mesh connectivity between TVPCs of cloud gateways in different regions to carry site to site traffic (through Cisco Catalyst 8000V).

    Tunnel count

    This field appears if you choose Transit Gateway–Connect based (using TVPC) from the Cloud Gateway Solution drop-down list.

    Enter the number of tunnels for a GRE/peer connection.

    You can configure up to 4 tunnels for each GRE/peer connection. Each tunnel supports up to 5 Gbps of traffic.

    Note

     
    Changing the value of this parameter does not affect existing cloud gateways. To update the tunnel count for an existing cloud gateway, edit the cloud gateway from the Configuration > Cloud OnRamp For Multicloud > Cloud Gateway page.
Advanced Layout

If you enable the Advanced layout option, configure the following:

Field

Description

BGP ASN

Specifies the offset for allocation of transit gateway BGP ASNs. It is used to block routes learnt from one transit gateway (eBGP) to another.

A band of 30 ASNs are reserved for transit gateway ASNs. Starting offset plus 30 will be the organization side BGP ASN. For example, if the offset is 64830, Org BGP ASN will be 64860.

Acceptable start offset range is 64520 to 65500. It must be a multiple of 10.

Intra tag communication

Specifies if the communication between host VPCs under the same tag is enabled or disabled. If any tagged VPCs are already present and cloud gateways exist in those regions, then this flag cannot be changed.

Program default route in VPCs towards TGW/Core network

Specifies if the main route table of the host VPCs is programmed with default route is enabled or disabled.

Enable periodic audit

If you enable the periodic audit, Cisco SD-WAN Manager triggers an automatic audit every two hours. This automatic audit takes place in the background, and a discrepancies report is generated.

Enable auto correct

If you enable the auto correct option, after every periodic audit is triggered, all the recoverable issues that are discovered are auto corrected.

Click Save.

Configure Global Settings for Azure and Azure Gov Cloud

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    On the onboarding page, click Add global settings.

  2. Configure the global settings:

    Field

    Description

    Enable configuration group

    Enable this option to use configuration groups to configure devices in the multicloud workflow.

    Note

     

    When you enable configuration groups here, configuration groups are enabled for all cloud providers. For example, enabling this option here also enables configuration groups for all other multicloud and interconnect providers.

    Software image

    Choose the software image of the WAN edge device to be used in the Azure Virtual Hub.

    Note

     

    Choose the Cisco Catalyst 8000V image based on your Cisco SD-WAN Manager release.

    SKU scale

    From the drop-down list, choose a scale based on your capacity requirements.

    IP subnet pool

    Specify the IP subnet pool to be used for the Azure virtual WAN hub. A subnet pool needs prefixes between /16 and /24.

    A single /24 subnet pool is able to support one cloud gateway only. You cannot modify the pool if other cloud gateways are already using the pool. Overlapping subnets are not allowed.

    The IP subnet pool is meant for all Azure Virtual WAN Hubs inside an Azure Virtual WAN, one /24 prefix per Virtual WAN Hub. Ensure that you allocate enough /24 subnets for all the Virtual WAN Hubs you plan to create within the Virtual WAN. If a Virtual WAN Hub is already created in Microsoft Azure, you can discover it through Cisco SD-WAN Manager and use the existing subnet pool for the discovered hub.

Advanced Layout

If you enable the Advanced layout option, configure the following:

Field

Description

BGP ASN

Specify the ASN to be used by the cloud gateway for eBGP peering with the virtual hub.

Advertise default route to Azure Virtual Hub

By default, this field is Disabled. If you click Enabled, the internet traffic from the virtual network is redirected through Cisco Catalyst SD-WAN branches

Enable periodic audit

If you enable the periodic audit, Cisco SD-WAN Manager triggers an automatic audit every two hours. This automatic audit takes place in the background, and a discrepancies report is generated.

Enable auto correct

If you enable the auto correct option, after every periodic audit is triggered, all the recoverable issues that are discovered are auto corrected.

Push monitoring metrics to Azure

For the field, choose Enabled or Disabled. If you choose Enabled, the cloud gateway metrics associated with your Azure subscription are sent to the Microsoft Azure Monitoring Service portal periodically. These metrics are sent in a format prescribed by Microsoft Azure for all NVA vendors.

This option is not available for Azure Gov Cloud.

Click Save.

Configure Global Settings for Google Cloud

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    On the onboarding page, click Add global settings.

  2. Configure the global settings:

    Field

    Description

    Enable configuration group

    Enable this option to use configuration groups to configure devices.

    Software image

    Choose the software image of the WAN edge device for the WAN VPC. This should be a preinstalled Cisco Catalyst 8000V instance.

    Instance size

    Choose an instance based on your requirements.

    IP subnet pool

    Specify the IP subnet pool for the SD-WAN cloud gateway in Google Cloud. This subnet pool needs prefixes between /16 and /21.

    Note

     

    The IP subnet pool cannot be modified after a cloud gateway is created.

    BGP ASN

    Specify the autonomous system number (ASN) for the cloud gateway for BGP peering. This is the starting offset for the allocation of ASNs for the cloud gateways and Google Cloud routers. Starting from the offset, 10 ASN values are reserved for allocating to the cloud gateways.

    Note

     

    This offset value cannot be modified after a cloud gateway is created.

Advanced Layout

If you enable the Advanced layout option, configure the following:

Intra tag communication

If enabled, the VPCs with the same tag can communicate with each other.

Site-to-site communication

Enable for site-to-site transit connectivity using the Google global network.

Site-to-site tunnel encapsulation type

Choose the encapsulation from the drop-down list.

Service directory lookup capable

Enable to allow Cisco SD-WAN Manager to discover Google Service Directory applications associated with this Google account.

Network service tier

Choose one of the Google Cloud service tiers.

  • PREMIUM: Provides high-performing network experience using Google global network.

  • STANDARD: Allows control over network costs.

Enable periodic audit

If you enable the periodic audit, Cisco SD-WAN Manager triggers an automatic audit every two hours. This automatic audit takes place in the background, and a discrepancies report is generated.

Enable auto correct

If you enable the auto correct option, after every periodic audit is triggered, all the recoverable issues that are discovered are auto corrected.

Click Save.

Configure Global Settings for Megaport

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    On the onboarding page, click Add global settings.

  2. Configure the following:

    Field

    Description

    Enable configuration group

    Enable this option to use configuration groups to configure devices in the multicloud workflow.

    This option is disabled by default.

    Software image Choose a Cisco Catalyst 8000V image.
    Instance size

    Instance Size determines the compute footprint and throughput of each Cisco Catalyst 8000V instance. Choose one of the following:

    • Small

    • Medium

    • Large

    BGP ASN

    Enter a BGP ASN for peering between Interconnect Gateway and cloud provider.

    You can enter an ASN of your choice or reuse an existing ASN used by your organization.

Advanced Layout

If you enable the Advanced layout option, configure the following:

Field

Description

Interconnect transit color

Select the color to assign for the connection between Interconnect Gateways.

This color is restricted to prevent direct peering between branch locations. Do not assign the same color to another connection in the Cisco Catalyst SD-WAN fabric.

Note

 

It is recommended to use private colors. Do not use default colors.

Interconnect CGW SDWAN color

Choose the color to be used for the interface through which the Interconnect Gateway connects to the Cloud Gateway.

Note

 

Color assigned to an interface must be unique for the Interconnect Gateway devices and common across Cloud Interconnect providers.

For Microsoft Azure deployments, Cisco Catalyst SD-WAN tunnel color is not configured on the WAN interface of the Cloud Gateway through automation and you must manually update the WAN interface color. Ensure that the template color matches the color of the branch router, Interconnect Gateway, and Cloud Gateway.

Click Save.

Configure Global Settings for Equinix

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    On the onboarding page, click Add global settings.

  2. Configure the following:

    Field

    Description

    Enable configuration group

    Enable this option to use configuration groups to configure devices in the multicloud workflow.

    This option is disabled by default.

    Software image Choose a Cisco Catalyst 8000V image.
    Instance size

    Instance Size determines the compute footprint and throughput of each Cisco Catalyst 8000V instance. Choose one of the following:

    • Small

    • Medium

    • Large

    • xLarge

    BGP ASN

    Enter a BGP ASN for peering between Interconnect Gateway and cloud provider.

    You can enter an ASN of your choice or reuse an existing ASN used by your organization.

Advanced Layout

If you enable the Advanced layout option, configure the following:

Field

Description

Interconnect transit color

Select the color to assign for the connection between Interconnect Gateways.

This color is restricted to prevent direct peering between branch locations. Do not assign the same color to another connection in the Cisco Catalyst SD-WAN fabric.

Note

 

It is recommended to use private colors. Do not use default colors.

Interconnect CGW SDWAN color

Choose the color to be used for the interface through which the Interconnect Gateway connects to the Cloud Gateway.

Note

 

Color assigned to an interface must be unique for the Interconnect Gateway devices and common across Cloud Interconnect providers.

For Microsoft Azure deployments, Cisco Catalyst SD-WAN tunnel color is not configured on the WAN interface of the Cloud Gateway through automation and you must manually update the WAN interface color. Ensure that the template color matches the color of the branch router, Interconnect Gateway, and Cloud Gateway.

Click Save.

Add VPCs/VNets Tags

After you associate an account with Cisco SD-WAN Manager, you can discover host VPCs or VNets in the regions associated with the account. You can create new tags for the discovered VPCs or VNets, or modify or delete existing tags. Tags are used to manage connectivity between the VPCs or VNets and Cisco Catalyst SD-WAN branch VPNs.

Create Tags for AWS

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    In the onboarding page, click Add VPC/VNet tags. Choose the provider and click Next.

    Alternatively, you can navigate to the VPC/VNet tags page from the Cloud OnRamp for Multicloud dashboard. Click Add tag.

  2. Enter a Tag name.

  3. Choose a Cloud region from the drop-down list.

  4. To use the VPC tag while creating a cloud interconnect connection to a provider, Enable for Middle-Mile partner Interconnect Connections . If enabled, the tag can only be used for interconnect connections and is not available for cloud gateway intent mapping.

  5. Select the host VPCs from the table and view the Selected VPCs.

  6. Click Add.

In the VPC/VNet Tags page, you can toggle between tags and VPCs. A list of discovered host VPCs and tags displays in a table with the following columns: Tag Name, Cloud Region, Account Name, Associated VPCs, and Interconnect Enabled.

For the tags, click ... under Action column to:

  • Edit: Change the selected VPCs for an existing tag.

  • Delete: Delete the tag for the selected VPC.

Create Tags for Azure and Azure Gov Cloud

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    In the onboarding page, click Add VPC/VNet tags. Choose the provider and click Next.

    Alternatively, you can navigate to the VPC/VNet tags page from the Cloud OnRamp for Multicloud dashboard. Click Add tag.

  2. Enter a Tag name.

  3. Choose a Cloud region from the drop-down list.

  4. To use the VNet tag while creating a cloud interconnect connection to a provider, Enable for Middle-Mile partner Interconnect Connections . If enabled, the tag can only be used for interconnect connections and is not available for cloud gateway intent mapping.

  5. Select the VNets from the table and view the Selected VNets.

  6. You can choose the Cloud gateway attachment as Auto or map with an existing cloud gateway. The Auto option is automatically selected for Cloud gateway attachment.

  7. Click Add.

In the VPC/VNet Tags page, you can toggle between tags and VNets. A list of discovered host VNets displays in a table with the following columns: Cloud Region, Account Name, Tag Name, Cloud Gateway Attachment, Interconnect Enabled, and VNet Name.

For the tags, click ... under Action column to:

  • Edit: Change the selected VNets for an existing tag.

  • Delete: Delete the tag for the selected VNet.

Create Tags for Google Cloud

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    In the onboarding page, click Add VPC/VNet tags. Choose the provider and click Next.

    Alternatively, you can navigate to the VPC/VNet tags page from the Cloud OnRamp for Multicloud dashboard. Click Add tag.

  2. Enter a Tag name.

  3. Choose a Cloud region from the drop-down list.

  4. Select the host VPCs from the table and view the Selected VPCs.

  5. Click Add.

In the VPC/VNet Tags page, you can toggle between tags and VPCs. A list of discovered host VPCs and tags displays in a table with the following columns: Tag Name, Cloud Region, Account Name, Associated VPCs, and Interconnect Enabled.

For the tags, click ... under Action column to:

  • Edit: Change the selected VPCs for an existing tag.

  • Delete: Delete the tag for the selected VPC.


Note


You cannot create a tag with multiple regions. To add more regions to a tag, you must first create a tag with one region and then edit the tag to add a new region.


Create and Manage Gateways

Create and Manage Cloud Gateways

Create AWS Cloud Gateway


Note


You cannot create multiple AWS cloud gateways.


To create a cloud gateway, perform the following steps.

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    Click Onboarding and then click Add gateway.

    Alternatively, you can also create gateways from the Gateway Management tab on the Cloud OnRamp for Multicloud dashboard. Click Add gateway and proceed to configure the parameters to create the gateway.

  2. Select the provider:

    Field

    Description

    Provider

    Choose AWS from the drop-down list.

    Account name

    Choose the account name from the drop-down list.

    Cloud gateway name

    Enter the cloud gateway name.

    Description(Optional)

    Enter the description.

    Region

    Choose the region from the drop-down list.

    Click Next.

  3. Configure the site parameters:

    Field

    Description

    SSH key (Optional)

    Choose the SSH Key from the drop-down list.

    Site name

    Choose a site for which you want to create the cloud gateway.

    Configuration group

    Note

     

    When you enable configuration groups, it is enabled for all cloud providers. For example, enabling this option here also enables configuration groups for all other multicloud and interconnect providers.

    If you have enabled the Enable Configuration Group option in the AWS global settings, perform one of these actions:

    • Choose a configuration group.

      Note

       

      You can only choose configuration groups created from the create new workflow.

    • To create and use a new configuration group, choose Create New. In the Create Configuration Group dialog box, enter a name for a new configuration group and click Done. Choose the new configuration group from the drop-down list. The configuration group that you choose is used to configure devices in the multicloud workflow.

    Chassis number

    Associate a pair of chassis to the configuration group.

    Instance settings

    License type

    Choose a licensing option:

    • BYOL for bring your own license.

    • PAYG for pay as you go.

    Software image

    From the drop-down menu, choose a software image.

    Note

     

    The software image options are determined by the selection of BYOL or PAYG.

    Instance size

    From the drop-down list, choose the required size. Pick the size of the WAN edge based on the capacity needs.

    IP subnet pool

    Enter the subnet pool address. Subnet pool is used for transit VPC creation, needs between /16 to /24.System allocates /27 per transit VPC 8 subnet(s).

    This option is available only when Multi-Region Fabric is enabled.

    Multi-Region Fabric Settings

    MRF role

    Choose Border or Edge.

    Click Next.

  4. This step is applicable only when you enable configuration groups.

    Configure the device parameters:

    Most of the parameters are auto-populated based on your eariler selections. Click the edit icon for each chassis number to modify the following:

    • System IP

    • Host name

    • WAN region

    • TLOC color

    • Username

    • User password

    Click Next.

  5. Verify all the configuration parameters and click Deploy.


Note


Creating cloud gateways for AWS Cloud WAN can take over an hour depending on the resources deployed. The first deployment in a region may fail due to AWS's resource verification and validation processes in that region.

You cannot create cloud gateways in regions that do not support AWS Cloud WAN. For information about currently supported regions, see the AWS documentation.

You cannot edit a configuration group created in a multicloud workflow outside of a multicloud workflow.


Create Cloud Gateway for Azure and Azure Gov Cloud

Creation of cloud gateways involves the instantiation or discovery of Azure Virtual WAN Hub and creation of two or more Cisco Catalyst 8000V instances within the hub.


Note


If you have used the Azure portal to provision Cisco Catalyst 8000V instances, and created an Azure Virtual WAN and Azure Virtual WAN Hub using the Azure portal, you can also discover them using the procedure below.


To create a cloud gateway, perform the following steps.

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    Click Onboarding and then click Add gateway.

    Alternatively, you can also create gateways from the Gateway Management tab on the Cloud OnRamp for Multicloud dashboard. Click Add gateway and proceed to configure the parameters to create the gateway.

  2. Select the provider:

    Field

    Description

    Provider

    Choose Azure from the drop-down list.

    Account name

    Choose your Azure account name from the drop-down list.

    Cloud gateway name

    Enter the name of your cloud gateway.

    Note

     

    If you have created an Azure Virtual WAN Hub using the Azure portal, ensure that you enter the exact virtual hub name in this field. This ensures that the resources associated with the hub are discovered. The associated Azure Virtual WAN and Azure Virtual WAN Hub then become available for you to choose from in the Azure Virtual WAN and Azure Virtual WAN Hub fields.

    Description (Optional)

    Enter a description for the cloud gateway.

    Region

    Choose an Azure region from the drop-down list.

    Resource group

    Perform one of these actions:

    • Choose a resource group from the drop-down list

    • Choose Create New.

    For more information, see Create resource groups.

    Note

     

    If you choose to create a new resource group, you also need to create a new Azure virtual WAN and an Azure virtual WAN hub.

    Azure Virtual WAN

    Perform one of these actions:

    • Choose an Azure Virtual WAN from the drop-down list.

    • Click Create New to create a new Azure Virtual WAN.

    Azure Virtual WAN Hub

    Perform one of these actions:

    • Choose an Azure Virtual WAN Hub from the drop-down list.

    • Click Create New to create a new Azure virtual WAN hub.

    Click Next.

  3. Configure the site parameters:

    Field

    Description

    Solution type

    Choose one of the solution type from the drop-down list:

    • vHub with NVA

    • vHub with VPN

    Note

     

    You cannot configure both the VPN and NVA solutions in the same region. Also, you cannot configure more than one VPN Gateway in the same region.

    If you choose vHub with NVA configure the following parameters:

    Field

    Description

    Site name

    From the drop-down list, choose a site for which you want to create the interconnect gateway or click Create New.

    If you click Create New, configure the site settings in the slide-in pane. You can create a new site only if you have enabled configuration groups in the global settings.

    Configure the following and click Save:

    • Name

    • Description (optional)

    • Site ID (optional)

    • Country (optional)

    • Address (optional)

    • City (optional)

    • State (optional)

    • Zip code (optional)

    Configuration group

    If you have enabled the Enable Configuration Group option in the Azure global settings, perform one of these actions:

    • Choose a configuration group.

      Note

       

      You can only choose configuration groups created from the create new workflow.

    • To create and use a new configuration group, choose Create New. In the Create Configuration Group dialog box, enter a name for a new configuration group and click Done. Choose the new configuration group from the drop-down list. The configuration group that you choose is used to configure devices in the multicloud workflow.

    Chassis number

    Associate the number of chassis based on your requirement to the configuration group.

    Instance settings

    Software image

    This field is auto-populated with the configurations from the global settings. You can modify this field based on your requirements.

    IP subnet pool

    This field is auto-populated with the configurations from the global settings. You can modify this field based on your requirements.

    SKU scale

    This field is auto-populated with the configurations from the global settings. You can modify this field based on your requirements.

    This option is available only when Multi-Region Fabric is enabled.

    Multi-Region Fabric Settings

    MRF role

    Choose Border or Edge.

    Click Next to proceed to step 3.

    If you choose vHub with VPN configure the following parameters:


    Note


    You can create only one gateway for VPN solution in one region.


    Field

    Description

    SKU scale

    This field is auto-populated with the configurations from the global settings when you onboard the virtual hubs with Cisco Catalyst 8000V created on Cisco SD-WAN Manager. You can modify this field based on your requirements.

    IP subnet pool

    This field is auto-populated with the configurations from the global settings when you onboard the virtual hubs with Cisco Catalyst 8000V created on Cisco SD-WAN Manager. You can modify this field based on your requirements.

    Click Next to proceed to step 4.

  4. This step is applicable only when you enable configuration groups.

    Configure the device parameters:

    Most of the parameters are auto-populated based on your eariler selections. Click the edit icon for each chassis number to modify the following:

    • System IP

    • Host name

    • WAN region (This option is available only when Multi-Region Fabric is enabled.)

    • TLOC color

    • Username

    • User password

    Click Next.

  5. Review the connection summary. Click Deploy.


Note


It can take up to 40 minutes for your Azure Virtual WAN hub to be created and for the Cisco SD-WAN Manager instances to be provisioned inside the virtual hub.



Note


Once the creation of the Azure Virtual WAN Hub is complete, you have the option to convert it into a secured Azure Virtual WAN Hub. However, this configuration can only be completed through the Microsoft Azure portal. See Microsoft Azure documentation for more information.



Note


You can simultaneously create Azure cloud gateways in different regions.

  • Before creating multiple cloud gateways in different regions, create the resource group, virtual WAN, and storage account for the first cloud gateway.

  • Before creating multiple cloud gateways in the same region, create the virtual hub for the first cloud gateway in the region.

  • You need to have blob access to create a storage account in Azure for the Cloud OnRamp for Multicloud. Blob access is required while creating cloud gateways and modifying scale operations on the Cisco Catalyst SD-WAN devices.



Note


The Cloud OnRamp for Multicloud workflow supports up to eight virtual hubs in each Azure region. You can deploy only one cloud gateway Network Virtual Appliances (NVAs) in each virtual hub which supports upto five devices.



Note


You cannot edit configuration groups created by multicloud workflows outside of multicloud workflows.


Create Google Cloud Gateways

When the first cloud gateway is created, three reserved VPCs are instantiated—WAN transit VPC, site-to-site transit VPC, and site-to-cloud transit VPC. Cisco Catalyst 8000V instances that are instantiated as part of the cloud gateway are anchored to the VPCs.


Note


You cannot use the same configuration group for more than one cloud gateway in Google Cloud and AWS. Use different configuration groups for each cloud gateway in Google Cloud and AWS.


To create a cloud gateway, perform the following steps:

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    Click Onboarding and then click Add gateway.

    Alternatively, you can also create gateways from the Gateway Management tab on the Cloud OnRamp for Multicloud dashboard. Click Add gateway and proceed to configure the parameters to create the gateway.

  2. Enter the provider details:

    Field

    Description

    Provider

    Choose Google Cloud from the drop-down list.

    Account name

    Chose your Google Cloud account name from the drop-down list.

    Cloud gateway name

    Enter a name for your cloud gateway.

    Note

     

    Ensure that the name is in lower case letters. See the Google Cloud documentation for information about Naming resources and Naming convention.

    Region

    Choose a Google region from the drop-down list.

    Description (Optional)

    Enter a description.

    Involved in site-to-site communication

    If the cloud gateway will participate in site-to-site communication, click Yes.

    If the cloud gateway will not participate in site-to-site communication, click No.

    Note

     

    This field is enabled for configuration only when Site-to-site Communication is enabled in the global settings. When Site-to-site Communication is disabled in the global settings, this field is dimmed.

    Click Next.

  3. Configure the site parameters:

    Field

    Description

    NHM region

    (This option is available only when Multi-Region Fabric is enabled.)

    From the drop-down list, choose a network health monitoring (NHM) region for which you want to create the gateway.

    Site name

    From the drop-down list, choose a site for which you want to create the cloud gateway.

    Configuration group

    Note

     

    When you enable configuration groups here, configuration groups are enabled for all cloud providers. For example, enabling this option here also enables configuration groups for all other multicloud and interconnect providers.

    If you have enabled the Enable Configuration Group option in the Google Cloud global settings, perform one of these actions:

    • Choose a configuration group.

      Note

       

      You can only choose configuration groups created from the create new workflow.

    • To create and use a new configuration group, choose Create New. In the Create Configuration Group dialog box, enter a name for a new configuration group and click Done. Choose the new configuration group from the drop-down list. The configuration group that you choose is used to configure devices in the multicloud workflow.

    Chassis number

    You can associate between 2 and 8 chassis to the configuration group

    Instance settings

    Software image

    From the drop-down menu, choose a software image.

    Instance size

    From the drop-down list, choose the required size. Pick the size of the WAN edge based on the capacity needs.

    IP subnet pool

    Enter the subnet pool address. Subnet pool is used for transit VPC creation, needs between /16 to /24.System allocates /27 per transit VPC 8 subnet(s).

    Network service tier

    Choose one of the Google Cloud network service tiers from the drop-down list.

    • PREMIUM: Provides high-performing network experience using Google Cloud global network.

    • STANDARD: Allows control over network costs.

    This option is available only when Multi-Region Fabric is enabled.

    Multi-Region Fabric Settings

    MRF role

    Choose Border or Edge.

    Click Next.

  4. This step is applicable only when you enable configuration groups.

    Configure the device parameters:

    Most of the parameters are auto-populated based on your eariler selections. Click the edit icon for each chassis number to modify the following:

    • System IP

    • Host name

    • WAN region (This option is available only when Multi-Region Fabric is enabled.)

    • TLOC color

    • Username

    • User password

    Click Next.

  5. Click Deploy.

Create and Manage Interconnect Gateways

Create a Gateway at a Megaport Location

Deploy a Cisco Catalyst 8000V instance as the interconnect gateway at the desired Megaport location. We recommend that you deploy the Cisco Catalyst 8000V instance at the Megaport location closest to your branch location.

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    Click Onboarding and then click Add gateway.

    Alternatively, you can also create gateways from the Gateway Management tab on the Cloud OnRamp for Multicloud dashboard. Click Add gateway and proceed to configure the parameters to create the gateway.

  2. To view the Interconnect Gateway licenses purchased through Cisco, that are associated with the account, click Check available licenses.

    Configure the following provider parameters:

    Field

    Description

    Provider Choose Megaport.
    Account name

    Choose a Megaport account by the account name entered while associating the account details on Cisco SD-WAN Manager.

    Interconnect gateway name Enter a name to uniquely identify the gateway.
    Description (Optional) Enter a description.
  3. Configure the site parameters:

    Field

    Description

    Location Choose the Megaport PoP location where the Cisco 8000v instance must be deployed.

    Provider license type

    • Prepaid: Choose a prepaid license type to create the interconnect gateway.

    • PayG: Choose a pay-as-you-go (PAYG) license type to create the interconnect gateway.

    Note

     

    When using a Megaport account with Cisco billing, specify if you want to use a prepaid MVE license, or PAYG license where you are billed for each month. The selection must be done at the time of gateway creation and cannot be changed later.

    Appropriate prepaid or PAYG license should be purchased beforehand.

    Internet bandwidth (IP transit) in Mbps

    Choose the IP transit bandwidth value.

    WAN region

    This option is available only when Multi-Region Fabric is enabled.

    From the drop-down list, choose a WAN region for which you want to create the interconnect gateway.

    Site name

    From the drop-down list, choose a site for which you want to create the interconnect gateway or click Create New.

    If you click Create New, configure the site settings in the slide-in pane. You can create a new site only if you have enabled configuration groups in the global settings.

    Configure the following and click Save:

    • Name

    • Description (optional)

    • Site ID (optional)

    • Country (optional)

    • Address (optional)

    • City (optional)

    • State (optional)

    • Zip code (optional)

    Configuration group

    If you enabled the Enable Configuration Group in global settings for interconnect gateways, perform one of these actions:

    • Choose a configuration group.

      Note

       

      You can only choose configuration groups created from the create new workflow.

    • To create and use a new configuration group, choose Create New. In the Create Configuration Group dialog box, enter a name for a new configuration group and click Done. Choose the new configuration group from the drop-down list.

    The configuration group that you choose is used to configure devices in the multicloud workflow.

    For more information about configuration groups, see Cisco Catalyst SD-WAN Configuration Groups.

    Note

     
    It does not include other configuration groups that are created in Cisco SD-WAN Manager. The configuration groups in this drop-down list include the options that are needed for this provider.
    Chassis number

    Choose the chassis number of a Cisco Catalyst 8000v instance that has the Megaport default template attached. If the configuration group is enabled, Cisco Catalyst 8000v chassis numbers do not require the Megaport template to be attached.

    Note

     

    The chassis numbers are auto-populated when you choose a site from the Site Name drop-down list.

    Instance settings

    Choose one of the following:

    • Default: Use instance size and software image defined in the Interconnect global settings.

    • Custom: Choose a specific instance size and software image for this gateway.

    MRF role

    This option is available only when Multi-Region Fabric is enabled.

    Choose a router role: Border or Edge.

    Transport gateway

    This option is available only when Multi-Region Fabric is enabled.

    Choose Enabled or Disabled.

  4. This step is applicable only when you enable configuration groups.

    Configure the device parameters:

    The system IP address is not auto-populated for the interconnect connections. Click the edit icon for the chassis number to modify the following:

    • System IP

    • Host name

    • Color

    • Username

    • User password

    Click Next.

  5. Click Deploy.

When the configuration task is successful, the interconnect gateway is listed in the Gateway Management page.

Create a Gateway at a Equinix Location

Deploy a Cisco Catalyst 8000V instance as the interconnect gateway at the desired Equinix location. We recommend that you deploy the Cisco Catalyst 8000V instance at the Equinix location closest to your branch location.

If a subscription for Equinix SKUs is purchased through Cisco and the account is associated to the subscription via the Equinix portal, then all network edges brought up by the Cisco SD-WAN Controller, along with the IP transit associated with those network edges, device link groups, and all virtual connections originating from those network edges, is billed by Cisco. Otherwise, these component SKUs are billed directly by Equinix.

To create an interconnect gateway, perform the following steps:

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    Click Onboarding and then click Add gateway.

    Alternatively, you can also create gateways from the Gateway Management tab on the Cloud OnRamp for Multicloud dashboard. Click Add gateway and proceed to configure the parameters to create the gateway.

  2. Configure the following provider parameters:

    Field

    Description

    Provider Choose Equinix.
    Account name

    Choose a Equinix account by the account name entered while associating the account details on Cisco SD-WAN Manager.

    Gateway name Enter a name to uniquely identify the gateway.
    Description (Optional) Enter a description.
  3. Configure the site parameters.

    Field

    Description

    Location
    1. Click the Refresh button to update the list of available locations.

    2. Choose the Equinix metro location where the Cisco 8000v instance must be deployed.

    Billing Account ID

    Choose the appropriate billing account for the location.

    WAN region

    This option is available only when Multi-Region Fabric is enabled.

    From the drop-down list, choose a WAN region for which you want to create the interconnect gateway.

    Site name

    From the drop-down list, choose a site for which you want to create the interconnect gateway or click Create New.

    If you click Create New, configure the site settings in the slide-in pane. You can create a new site only if you have enabled configuration groups in the global settings.

    Configure the following and click Save:

    • Name

    • Description (optional)

    • Site ID (optional)

    • Country (optional)

    • Address (optional)

    • City (optional)

    • State (optional)

    • Zip code (optional)

    Configuration group

    If you enabled the Enable Configuration Group in global settings for interconnect gateways, perform one of these actions:

    • Choose a configuration group.

      Note

       

      You can only choose configuration groups created from the create new workflow.

    • To create and use a new configuration group, choose Create New. In the Create Configuration Group dialog box, enter a name for a new configuration group and click Done. Choose the new configuration group from the drop-down list.

    The configuration group that you choose is used to configure devices in the multicloud workflow.

    For more information about configuration groups, see Cisco Catalyst SD-WAN Configuration Groups.

    Note

     
    The Configuration Group drop-down list includes only configuration groups that you create from this drop-down list. It does not include other configuration groups that are created in Cisco SD-WAN Manager. The configuration groups in this drop-down list include the options that are needed for this provider.
    Chassis number

    Choose the chassis number of a Cisco Catalyst 8000v instance that has the Equinix default template attached. If the configuration group is enabled, Cisco Catalyst 8000v chassis numbers do not require the Equinix template to be attached.

    Note

     

    The chassis numbers are auto-populated when you choose a site from the Site Name drop-down list.

    Instance settings

    Choose one of the following:

    • Default: Use instance size and software image defined in the Interconnect global settings.

    • Custom: Choose a specific instance size and software image for this gateway.

    MRF role

    This option is available only when Multi-Region Fabric is enabled.

    Choose a router role: Border or Edge.

    Transport gateway

    This option is available only when Multi-Region Fabric is enabled.

    Choose Enabled or Disabled.

  4. This step is applicable only when you enable configuration groups.

    Configure the device parameters:

    The system IP address is not auto-populated for the interconnect connections. Click the edit icon for the chassis number to modify the following:

    • System IP

    • Host name

    • DNS Address (vpn_dns_primary)

    • DNS Address (vpn_dns_secondary)

    • Color

    • Username

    • User password

    Click Next.

  5. Click Deploy.

When the configuration task is successful, the interconnect gateway is listed in the Gateway Management page.

Cloud Connections

In the Cloud OnRamp for Multicloud onboarding page, click Add connections and choose the provider. Alternatively, you can create connectivity by clicking Edit on the intent management page for the selected cloud provider from the Cloud Connections tab in the dashboard view.

When the system records your intent for connectivity, it maps the intent in regions where a cloud gateway is present. This means that the VPC is reachable for VPNs that have a green color status.You can enter mapping intents even if cloud gateways are not present in certain regions. The system preserves and realizes your mapping intent when it discovers a new cloud gateway or mapping change. As cloud gateways are instantiated in different regions, the system realizes the mapping intents in those regions. Similarly, tagging operations can influence the mapping in different regions, and the system realizes mappings according to the tags in the cloud.

The Cloud Connections page displays the connectivity status with the following legends:

  • Blank - Editable

  • Grey color - System Defined

  • Blue color - Intent Defined

    Expressed intent between two tags or a VPN and a tag. Connectivity is not realized until a VPC in a tag and cloud gateway have regional overlap.

  • Green color - Intent Realized

    All tagged VPCS/VNets have connectivity to a cloud gateway.

  • Orange Color: Intent Partially Realized

    A combination of blue and green. Not all regions with tagged VPCs/VNets have connectivity.

  • Red color - Intent Realized With Errors

    Cisco Catalyst SD-WAN attempted connectivity but found errors.


Note


Cisco Catalyst SD-WAN supports only those cloud connections that have regions where Cisco Catalyst 8000V deployed.


Rebalance VNets

You can choose to redistribute VNets to load balance the existing VNets among all the cloud gateways in a region for a given tag at any time. You can reassign only the VNets with Auto option selected across cloud gateways. The VNets assignment is based on a load-balancing algorithm. As the rebalancing involves detachment and re-attachments of VNETs to cloud gateways, traffic disruption may occur. After rebalancing the VNets, you can view the revised mapping of VNETs to cloud gateways on the tagging page.


Note


You cannot rebalance VNets when:

  • Create, edit, or delete of Cloud gateway is in progress.

  • Mapping of VNets is in progress.

  • Audit is in progress.


  1. In Cloud Connections page, choose Azure or Azure Gov Cloud and click Rebalance VNets

  2. In the Region field, choose a region from the drop-down list.

  3. In the Tag Name field, choose a tag from the drop-down list.

  4. Click Save.

Interconnect Connections

Interconnect connections that are created in Cisco Catalyst SD-WAN Manager Release 20.15.x and earlier releases are automatically mapped into the middle-mile netwroks, multicloud networks, and the virtual networks workflows.

The connection names of the multicloud networks and virtual networks are in the following format:

AWS:

  • Private connections: AWS-<Name of DxGW> ::<UUID of DGW>

  • Public connections: AWS_PUBLIC_CONNECTION::<Account ID>

Azure connections: AZURE-<ERC Name>-<Auth Key>

Google Cloud:

  • Private connections: GCP <Region>::<Name of Google Cloud Route>r::<Name of Attachment>

Middle-Mile Networks

This section helps you create a middle-mile fabric between Interconnect gateways or a virtual connection from an Interconnect gateway to a cloud provider's on-ramp location.

Create Middle-Mile Networks to AWS
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Middle-Mile Networks.

  2. Configure the intent:

    Field

    Description

    Destination

    From the drop-down list, choose Cloud-AWS.

    Connection source

    Choose an interconnect gateway from the drop-down list.

    Cloud gateway connection

    Enable to extend the SD-WAN fabric to a cloud gateway.

    Click Next.

  3. Connect to AWS:

    To view available Interconnect Connection licenses associated with the account, click View license.

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Cloud access type

    Choose one of the following:

    • Public Services

    • Private Workloads

    If you choose Public Services:

    Field

    Description

    Cross-connect type

    This field is available only if you enable Advanced layout option.

    Choose one of the following:

    • Hosted VIF

      A virtual interface (VIF) in AWS is a connection that allows access to AWS services.

    • Hosted Connection

      This is the default option if Advanced layout option is not enabled.

    Note

     

    Equinix only supports public, private, and transit VIFs over a hosted connection. Hosted VIFs are not supported.

    VPN segment

    Choose the segment ID for this connection.

    Cloud OnRamp location

    Select the AWS on-ramp connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Select or enter AWS account

    Select an AWS account or enter an AWS account ID details to establish an interconnect connection.

    Account ID

    Enter the AWS account ID.

    This option is available only if you select Enter AWS account ID in the Select or enter AWS account field.

    Interconnect IP address

    Enter the source BGP peering subnet public IP address for the interconnect gateway.

    Amazon IP address

    Enter a public IP address for AWS BGP peer.

    Prefixes to be advertised to AWS

    Enter prefixes to advertise to AWS.

    (Optional) Source BGP ASN

    Enter a BGP ASN for peering between Interconnect Gateway and cloud provider.

    Enter an ASN supported by your provider.

    If you choose Private Workloads:

    Field

    Description

    Cross-connect type

    This field is available only if you enable Advanced layout option.

    Choose one of the following:

    • Hosted VIF

    • Hosted Connection

      This is the default option if Advanced layout option is not enabled.

    Virtual network association type

    This field is available only if you enable Advanced layout option.

    Choose one of the following:

    • Direct to VPC

    • Transit Gateway

      This is the default option if Advanced layout option is not enabled.

    VPN segment

    Choose the segment ID for this connection.

    Cloud OnRamp location

    Select the AWS on-ramp connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Select or enter AWS account

    Select an AWS account or enter an AWS account ID details to establish an interconnect connection.

    Account ID

    Enter the AWS account ID.

    This option is available only if you select Enter AWS account ID in the Select or enter AWS account field.

    Direct connect gateway BGP ASN

    Enter a BGP ASN for peering between Interconnect Gateway and direct connect gateway in your cloud provider.

    Check with you provider for the supported ranges.

    Connection peering settings

    This field is available only if you enable Advanced Layout option.

    Choose one of the following for BGP settings:

    • Autogenerated

      This is the default option if Advanced layout option is not enabled.

    • Custom

    If you choose Custom, enter the following:

    • Source BGP Peering IP

    • Destination BGP Peering IP

    • Source BGP ASN

    Click Next.

  4. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

When the configuration task is successful, the connection is listed in the Middle-Mile Networks page.

Create Middle-Mile Networks to Azure
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Middle-Mile Networks.

  2. Configure the intent:

    :

    Field

    Description

    Destination

    From the drop-down list, choose Cloud-Azure.

    Note

     

    Make sure to create the necessary Express Route circuit in the appropriate region before proceeding. You can create these resources using the Multicloud Networks page or directly in the cloud provider.

    Cloud gateway connection

    Enable to extend the SD-WAN fabric to a cloud gateway.

    Primary connection source

    Choose a primary interconnect gateway from the drop-down list.

    Secondary connection source

    Choose a secondary interconnect gateway from the drop-down list.

    Click Next.

  3. Connect to Azure:

    To view available Interconnect Connection licenses associated with the account, click View license.

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Cloud access type

    Choose one of the following:

    • Microsoft Services

    • Private Workloads

    If you choose Microsoft Services:

    Field

    Description

    VPN segment

    Choose the segment ID for this connection.

    Select account or enter express-route circuit

    Select an Azure account or enter an express route circuit key.

    Azure express-route circuit

    Click on the refresh button to get the latest list from cloud provider. Select the Azure Express Route circuit from the drop-down list.

    This option is available only if you select Enter an express-route circuit in the Select account or enter express-route circuit field.

    Primary cloud OnRamp location

    The primary Azure connection location field is auto-populated based on the Azure Express Route circuit selection. You cannot modify this field.

    Secondary cloud OnRamp location

    The selection Azure connection location field is auto-populated based on the Azure Express Route circuit selection. You cannot modify this field.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Primary connection peering IP addresses

    Interconnect IP address

    Enter the public IP Address to be used as the source BGP peering subnet ID for the interconnect gateway.

    Azure IP address

    Enter the public IP Address to be used as the destination BGP peering for the interconnect gateway.

    Secondary connection peering IP addresses

    Interconnect IP address

    Enter the public IP Address to be used as the source BGP peering subnet ID for the interconnect gateway.

    Azure IP address

    Enter the public IP Address to be used as the destination BGP peering for the interconnect gateway.

    Prefixes to be advertised to Azure

    Enter prefixes to advertise to Azure.

    Source BGP ASN

    This field is available only if you enable Advanced layout option.

    Enter a BGP ASN for peering between Interconnect Gateway and cloud provider.

    You can enter an ASN of your choice or reuse an existing ASN used by your organization.

    If you choose Private Workloads:

    Field

    Description

    Virtual network association type

    This field is available only if you enable Advanced layout option.

    Choose one of the following:

    • Direct to VNets

    • Virtual WAN and vHubs

      This is the default option if Advanced layout option is not enabled.

    VPN segment

    Choose the segment ID for this connection.

    Select account or enter express-route circuit

    Select an Azure account or enter an express route circuit key.

    Azure express-route circuit

    Click on the refresh button to get the latest list from cloud provider. Enter the details of Azure Express Route circuit.

    This option is available only if you select Enter an express-route circuit in the Select account or enter express-route circuit field.

    Primary cloud OnRamp location

    The primary Azure connection location field is auto-populated based on the Azure express route circuit selection. You cannot modify this field.

    Secondary cloud OnRamp location

    The secondary Azure connection location field is auto-populated based on the Azure express route circuit selection. You cannot modify this field.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Connection peering settings

    This field is available only if you enable Advanced layout option.

    Choose one of the following for BGP settings:

    • Autogenerated

      This is the default option if Advanced layout option is not enabled.

    • Custom

    If you choose Custom, enter the following:

    • Primary connection peering IP addresses

      • Interconnect IP address

      • Azure IP address

    • Secondary connection peering IP addresses

      • Interconnect IP address

      • Azure IP address

    • Source BGP ASN

    Click Next.

  4. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

When the configuration task is successful, the connection is listed in the Middle-Mile Networks page.

Create Middle-Mile Networks to Google Cloud
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Middle-Mile Networks.

  2. Configure the intent:

    Field

    Description

    Destination

    From the drop-down list, choose Cloud-Google.

    Note

     

    Make sure to create the necessary Google Cloud router and Interconnect attachment in the appropriate region before proceeding. You can create these resources using the Multicloud Networks page or directly in the cloud provider.

    Cloud gateway connection

    Enable to extend the SD-WAN fabric to a cloud gateway.

    If you enable, enter the following details:

    • Primary connection source

    • Secondary connection source

    Redundancy

    Choose Enable if you want to create connections with redundancy. Enter the following details:

    • Primary connection source

    • Secondary connection source

    Choose Disable if you want to create the connection without redundancy. Enter the following details:

    • Connection Source

    Click Next.

  3. Configure a connection to Google Cloud:

    To view available Interconnect Connection licenses associated with the account, click View license.

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    VPN segment

    Choose the segment ID for this connection.

    Select account or enter pairing key for attachment

    Select an account or enter a pairing key for the attachment.

    If you choose to select an account when redundancy is enabled:

    Field

    Description

    Google region

    Choose a Google Cloud connection location.

    VPC network

    Choose the VPC network to deploy this connection.

    Primary Connection

    Cloud router

    • Click the refresh symbol next to the Cloud Router drop-down list.

    • Choose a Google Cloud router.

    Google interconnect attachment

    Choose the desired interconnect attachment.

    Cloud OnRamp location

    Choose a Google Cloud connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Secondary Connection

    Cloud router

    • Click the refresh symbol next to the Cloud Router drop-down list.

    • Choose a Google Cloud router.

    Google interconnect attachment

    Choose the desired interconnect attachment.

    Cloud OnRamp location

    Choose a Google Cloud connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Connection peering settings

    This field is available only if you enable Advanced Layout option.

    Choose one of the following for BGP settings:

    • Autogenerated

      This is the default option if Advanced layout option is not enabled.

    • Custom

    If you choose Custom, enter the following:

    • Source BGP ASN

    If you choose to select an account when redundancy is disabled:

    Field

    Description

    Google region

    Choose a Google Cloud connection location.

    VPC network

    Choose the VPC network to deploy this connection.

    Connection

    Cloud router

    • Click the refresh symbol next to the Cloud Router drop-down list.

    • Choose a Google Cloud router.

    Google interconnect attachment

    Choose the desired interconnect attachment.

    Cloud OnRamp location

    Choose a Google Cloud connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Connection peering settings

    This field is available only if you enable Advanced Layout option.

    Choose one of the following for BGP settings:

    • Autogenerated

      This is the default option if Advanced layout option is not enabled.

    • Custom

    If you choose Custom, enter the following:

    • Source BGP ASN

    If you choose to enter a pairing key for the attachment when redundancy is enabled:

    Field

    Description

    Primary connection

    Google interconnect attachment

    Enter a pairing key for the attachment.

    Cloud OnRamp location

    Choose a Google Cloud connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Secondary connection

    Google interconnect attachment

    Enter a pairing key for the attachment.

    Cloud OnRamp location

    Choose a Google Cloud connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Connection peering settings

    This field is available only if you enable Advanced Layout option.

    Choose one of the following for BGP settings:

    • Autogenerated

      This is the default option if Advanced layout option is not enabled.

    • Custom

    If you choose Custom, enter the following:

    • Source BGP ASN

    If you choose to enter a pairing key for the attachment when redundancy is disabled:

    Field

    Description

    Google interconnect attachment

    Enter a pairing key for the attachment.

    Cloud OnRamp location

    Choose a Google Cloud connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Connection peering settings

    This field is available only if you enable Advanced Layout option.

    Choose one of the following for BGP settings:

    • Autogenerated

      This is the default option if Advanced layout option is not enabled.

    • Custom

    If you choose Custom, enter the following:

    • Source BGP ASN

    If you enable cloud gateway connection to extend the SD-WAN fabric to a cloud gateway through the middle-mile networks.

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Select account or enter pairing key for attachment

    Select an account or enter a pairing key for the attachment.

    Google Cloud Gateway

    Choose the Google Cloud gateway you wish to attach to this connection.

    Primary connection

    Google interconnect attachment

    Enter a pairing key for the attachment.

    Cloud OnRamp location

    Choose a Google Cloud connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Secondary connection

    Google interconnect attachment

    Enter a pairing key for the attachment.

    Cloud OnRamp location

    Choose a Google Cloud connection location.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Connection peering settings

    This field is available only if you enable Advanced Layout option.

    Choose one of the following for BGP settings:

    • Autogenerated

      This is the default option if Advanced layout option is not enabled.

    • Custom

    If you choose Custom, enter the following:

    • Source BGP ASN

    Click Next.

  4. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

    When you save the connection configuration, a configuration task is launched and creates the interconnects between the Interconnect Gateway and the interconnect attachments of the Google Cloud routers.

    When the task is successful, the connections are listed on the Middle-Mile Networks page. You can also view the connection details on the Google Cloud console.

When you connect an Interconnect gateway to Google Cloud using Middle-Mile Networks, Cisco SD-WAN Manager does not automatically set up the connection. The connection is set up in Multicloud Networks.

However, since a pairing key based connection is not applicable to Multicloud Networks, you have to set up the connection manually. Perform the following steps in your Google Cloud environment:

  1. Activate and set up the Autonomous System Number (ASN) for the Interconnect attachment. This number identifies your network to Google Cloud.

  2. Get the Cloud Router's IP address and the peer BGP IP address. These addresses are needed for routing traffic.

  3. Set up a VRF instance. This keeps the routing information of the connection separate.

  4. Configure the VRF BGP settings under the Interconnect Gateway using the appropriate interface. This enables your network and Google Cloud to share routing information.

Create Interconnect Between Interconnect Gateways
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Middle-Mile Networks.

  2. Configure the intent:

    Field

    Description

    Destination

    From the drop-down list, choose Device Connect.

    Connection source

    Select an interconnect gateway from the drop-down list.

    Click Next.

  3. Configure the device connections:

    To view available Interconnect Connection licenses associated with the account, click View license.

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Connection destination

    Choose a destination interconnect gateway.

    Bandwidth

    Specify the connection bandwidth.

    Unit: Mbps.

    Connection peering settings

    This field is available only if you enable Advanced Layout option.

    Choose one of the following for BGP settings:

    • Autogenerated

      This is the default option if Advanced layout option is not enabled.

    • Custom

    If you choose Custom, enter the following:

    • Source IP Address and Prefix

    • Destination IP Address and Prefix

    Click Next.

  4. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

When the configuration task is successful, the connection is listed in the Middle-Mile Networks page.

Multicloud Networks

This section helps you create cloud network resources, such as Direct Connect Gateways, ExpressRoute Circuits, or Google Cloud Routers. These resources are essential for connecting middle-mile network connections to your cloud workloads (VPCs/VNets).

Create Multicloud Networks to AWS
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Multicloud Networks.

  2. Configure the cloud intent:

    Field

    Description

    Cloud type

    From the drop-down list, choose AWS.

    Cloud access type

    Choose one of the following:

    • Public services

    • Private workloads

  3. If you choose Public services make the following connectivity configurations:

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Direct connect gateway account

    Choose a direct connect gateway account from the drop-down list.

    Connectivity configuration

    Choose Interconnect attachments.

    Middle-mile network connections

    Choose the middle-mile network connection from the drop-down list. Only middle-mile network connections matching the direct gateway's BGP ASN are displayed in the drop-down list.

    If you choose Private workloads make the following configurations:

    Field

    Description

    Virtual network association type

    This field is available only if you enable Advanced Layout option.

    Choose one of the following:

    • Direct to VPC

    • Transit gateway

      This is the default option if Advanced layout option is not enabled.

    • Cloud gateway connection

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Direct connect gateway account

    Choose a direct connect gateway account from the drop-down list.

    Direct connect gateway

    Click on the refresh button first. Choose a direct connect gateway from the drop-down list.

    Alternatively, create a new Direct Connect Gateway by clicking Create New.

    1. Enter a Gateway Name.

    2. Enter a BGP ASN for the gateway.

    3. Click Save.

    Connectivity configuration

    • Interconnect attachments

    • Gateway Associations

      This option is applicable to virtual network association type Transit Gateway and Cloud gateway connection.

    If you choose Interconnect attachments:

    Middle-mile network connections

    Choose the middle-mile network connection from the drop-down list. Only middle-mile network connections matching the direct gateway's BGP ASN which are of the same type as current multicloud networks connection are displayed in the drop-down list.

    If you choose Gateway Associations and if you choose Cloud gateway connection:

    + AWS region(s)

    Click to add AWS regions.

    AWS region

    Select the AWS on-ramp connection location.

    Cloud gateway

    Click on the refresh button first. Choose a cloud gateway for the selected region from the drop-down list.

    If you choose Transit gateway

    + AWS region(s)

    Click to add AWS regions.

    AWS region

    Select the AWS on-ramp connection location.

    Transit gateway

    Click on the refresh button first. Select transit gateway associated to the AWS account.

    Alternatively, create a new Transit gateway by clicking Add New.

    1. Enter a Gateway Name.

    2. Enter a BGP ASN for the gateway.

    3. Click Save.

    Prefixes

    Enter the IPv4 prefixes for the selected gateway.

  4. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

When the configuration task is successful, the connection is listed in the Multicloud Networks page.

Create Multicloud Networks to Azure
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Multicloud Networks.

  2. Configure the cloud intent:

    Field

    Description

    Cloud type

    From the drop-down list, choose Azure.

    Cloud access type

    Choose one of the following:

    • Microsoft services

    • Private workloads

  3. If you choose Microsoft services make the following connectivity configurations:

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Express route circuit account

    Choose an Azure account from the drop-down list to establish an interconnect connection.

    Express route circuit

    Click on the refresh button first. Choose an express route to attach an interconnect connection or click Add New.

    If you clicked Add New, configure the express route settings and click Save:

    • Resource Group: Choose a resource group associated with the Microsoft Azure account.

    • Region: Choose an Azure region.

    • Instance Name: Enter a name for the ExpressRoute instance.

    • Provider: Choose Megaport.

    • Peering Location: Choose an ExpressRoute location.

    • Bandwidth: Choose the bandwidth of the ExpressRoute circuit.

    • SKU: Choose the Premium or the Standard SKU.

    • Billing Model: Choose Metered billing or Unlimited.

    Connectivity configurations

    Choose Interconnect attachments.

    Middle-mile network connections

    Choose the interconnect circuits from the drop-down list. Only middle-mile network connections that are applicable are displayed in the drop-down list.

    If you choose Private workloads make the following configurations:

    Field

    Description

    Virtual network association type

    This field is available only if you enable Advanced Layout option.

    Choose one of the following:

    • Direct to VNets

    • Virtual WAN

      This is the default option if Advanced layout option is not enabled.

    • Cloud gateway connection

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Express route circuit account

    Choose an Azure account from the drop-down list to establish an interconnect connection.

    Express route circuit

    Click on the refresh button first. Choose an express route to attach an interconnect connection or click Add New.

    If you clicked Add New, configure the express route settings and click Save:

    • Resource Group: Choose a resource group associated with the Microsoft Azure account.

    • Region: Choose an Azure region.

    • Instance Name: Enter a name for the ExpressRoute instance.

    • Provider: Choose Megaport.

    • Peering Location: Choose an ExpressRoute location.

    • Bandwidth: Choose the bandwidth of the ExpressRoute circuit.

    • SKU: Choose the Premium or the Standard SKU.

    • Billing Model: Choose Metered billing or Unlimited.

    Connectivity configurations

    Choose one of the following:

    • Interconnect attachments

    • Gateway Associations

    Middle-mile network connections

    Choose the interconnect circuits from the drop-down list. Only middle-mile network connections that are applicable are displayed in the drop-down list.

    If you choose Gateway Associations:

    Azure virtual WAN

    This field is available only if you enable Advanced Layout option and choose Virtual WAN.

    Choose or add a new virtual WAN.

    + Add virtual hub(s)

    Click to add Azure virtual hubs.

    Azure region

    Select the Azure connection location.

    Virtual hub

    Click on the refresh button first. Choose a virtual hub for the selected region from the drop-down list.

    These fields are available only if you enable Advanced Layout option and choose Cloud gateway connection.

    + Add Cloud Gateways

    Click to add cloud gateways.

    Azure region

    Select the Azure connection location.

    Cloud gateway

    Click on the refresh button first. Choose a cloud gateway for the selected region from the drop-down list.

  4. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

When the configuration task is successful, the connection is listed in the Multicloud Networks page.

Create Multicloud Networks to Google Cloud
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Multicloud Networks.

  2. Configure the cloud intent:

    Field

    Description

    Cloud type

    From the drop-down list, choose Google Cloud.

    Virtual network association type

    Choose one of the following:

    • Shared VPC

    • Cloud gateway connections

    Redundancy

    Choose Enable if you want to create connections with redundancy.

    Choose Disable if you want to create the connection without redundancy.

  3. If you choose Shared VPC and Enable redundancy make the following connectivity configurations:

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Google account

    Choose a Google Cloud account to establish an interconnect connection from the drop-down list.

    Google region

    Select the Google Cloud connection location.

    VPC network

    Choose the VPC network to deploy this connection.

    Primary Google Cloud router

    Select a primary Google Cloud router or create a new one for the partner interconnect connection.

    If you clicked Add New, configure the router settings in the slide-in pane.

    Configure the following and click Save:

    • Region: Choose the Google Cloud router region.

    • VPC Network: Choose the Google Cloud router network.

    • Google Cloud Router: Enter a unique Google Cloud router name.

    Primary Google Cloud interconnect attachment

    Choose the desired interconnect attachment or click Add New.

    If you clicked Add New, configure the router settings in the slide-in pane.

    Configure the following and click Save:

    • Region: Choose the Google Cloud Interconnect attachment region.

    • VPC Network: Choose the Google Cloud network for the interconnect attachment.

    • Cloud Router Name: Choose the Google Cloud router deployed for the selected region and VPC network for the interconnect attachment.

    • Google Cloud Router Interconnect Attachment Name: Enter a unique name for the interconnect attachment.

    • Secondary Zone: If you want to deploy this attachment on the secondary zone, check the checkbox.

    Secondary Google Cloud router

    Select a secondary Google Cloud router or create a new one for the partner interconnect connection.

    If you clicked Add New, configure the router settings in the slide-in pane.

    Configure the following and click Save:

    • Region: Choose the Google Cloud router region.

    • VPC Network: Choose the Google Cloud router network.

    • Google Cloud Router: Enter a unique Google Cloud router name.

    Secondary Google Cloud interconnect attachment

    Choose the desired interconnect attachment or click Add New.

    If you clicked Add New, configure the router settings in the slide-in pane.

    Configure the following and click Save:

    • Region: Choose the Google Cloud Interconnect attachment region.

    • VPC Network: Choose the Google Cloud network for the interconnect attachment.

    • Cloud Router Name: Choose the Google Cloud router deployed for the selected region and VPC network for the interconnect attachment.

    • Google Cloud Router Interconnect Attachment Name: Enter a unique name for the interconnect attachment.

    • Secondary Zone: If you want to deploy this attachment on the secondary zone, check the checkbox.

    Connectivity configuration

    Choose Interconnect attachments.

    Middle-mile network connections

    Choose a middle-mile network connections to connect to the Google Cloud.

    If you choose Shared VPC and Disable redundancy make the following connectivity configurations:

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Google account

    Choose a Google account to establish an interconnect connection from the drop-down list.

    Google region

    Select the Google cloud connection location.

    VPC network

    Choose the VPC network to deploy this connection.

    Google cloud router

    Select a Google Cloud router or create a new one for the partner interconnect connection.

    If you clicked Add New, configure the router settings in the slide-in pane.

    Configure the following and click Save:

    • Region: Choose the Google Cloud router region.

    • VPC Network: Choose the Google Cloud router network.

    • Google Cloud Router: Enter a unique Google Cloud router name.

    Google interconnect attachment

    Choose the desired interconnect attachment or click Add New.

    If you clicked Add New, configure the router settings in the slide-in pane.

    Configure the following and click Save:

    • Region: Choose the Google Cloud Interconnect attachment region.

    • VPC Network: Choose the Google Cloud network for the interconnect attachment.

    • Cloud Router Name: Choose the Google Cloud router deployed for the selected region and VPC network for the interconnect attachment.

    • Google Cloud Router Interconnect Attachment Name: Enter a unique name for the interconnect attachment.

    • Secondary Zone: If you want to deploy this attachment on the secondary zone, check the checkbox.

    Connectivity configuration

    Choose Interconnect attachments.

    Middle-mile network connections

    Choose a middle-mile network connections to connect to the Google Cloud.

    If you choose Cloud gateway connections make the following connectivity configurations:

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Google account

    Choose a Google Cloud account to establish an interconnect connection from the drop-down list.

    Google Cloud gateway

    Choose the Google Cloud gateway you wish to attach to this connection.

    Primary Google Cloud router

    This field is auto-populated based on the selection of the Google Cloud gateway. You cannot modify this field.

    Primary Google interconnect attachment

    Choose the desired interconnect attachment or click Add New.

    If you clicked Add New, configure the router settings in the slide-in pane.

    Configure the following and click Save:

    • Region: Choose the Google Cloud Interconnect attachment region.

    • VPC Network: Choose the Google Cloud network for the interconnect attachment.

    • Cloud Router Name: Choose the Google Cloud router deployed for the selected region and VPC network for the interconnect attachment.

    • Google Cloud Router Interconnect Attachment Name: Enter a unique name for the interconnect attachment.

    • Secondary Zone: If you want to deploy this attachment on the secondary zone, check the checkbox.

    Secondary Google Cloud router (Optional)

    This field is auto-populated based on the selection of the Google Cloud gateway. You cannot modify this field.

    Secondary Google interconnect attachment

    Choose the desired interconnect attachment or click Add New.

    If you clicked Add New, configure the router settings in the slide-in pane.

    Configure the following and click Save:

    • Region: Choose the Google Cloud Interconnect attachment region.

    • VPC Network: Choose the Google Cloud network for the interconnect attachment.

    • Cloud Router Name: Choose the Google Cloud router deployed for the selected region and VPC network for the interconnect attachment.

    • Google Cloud Router Interconnect Attachment Name: Enter a unique name for the interconnect attachment.

    • Secondary Zone: If you want to deploy this attachment on the secondary zone, check the checkbox.

    Connectivity configuration

    Choose Interconnect attachments.

    Middle-mile network connections

    Choose a middle-mile network connections to connect to the Google Cloud.

  4. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

When the configuration task is successful, the connection is listed in the Multicloud Networks page.

Virtual Networks

This section helps you to associate multicloud network connections with your cloud workloads (VPCs/VNets).

Create Virtual Networks to AWS
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Virtual Networks.

  2. Configure cloud infrastructure connectivity:

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Cloud

    Select AWS as the cloud provider.

    Cloud account

    Select an AWS account from the drop-down list.

    Virtual Network Tag Association

    Virtual network tag(s)

    Choose VPC tags to identify VPCs for which traffic must be routed through this connection. See Create Tags for AWS.

    Multicloud network connection

    Choose a multicloud network connection.

    Click Next.

  3. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

When the configuration task is successful, the connection is listed in the Virtual Networks page.

Create Virtual Networks to Microsoft Azure
  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

    From the onboarding page, click Add connections and choose the provider.

    Alternatively, click Add connections from the Interconnect Connections tab in the dashboard view.

    Select Virtual Networks.

  2. Configure cloud infrastructure connectivity:

    Field

    Description

    Connection name

    Enter a unique name for the connection.

    Cloud

    Select Azure as the cloud provider.

    Cloud account

    Select an Azure account from the drop-down list.

    Virtual Network Tag Association

    Virtual network tag(s)

    Choose VNet tags to identify VNets for which traffic must be routed through this connection. See, Create Tags for Azure and Azure Gov Cloud.

    Multicloud network connection

    Choose a multicloud network connection.

    Click Next.

  3. Review the connection summary.

    • To create the connection, click Deploy.

    • To modify the connection settings, click Back.

When the configuration task is successful, the connection is listed in the Virtual Networks page.

View, Edit, or Delete Connections

View Connection Properties

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

  2. Click Interconnect Connections.

  3. Based on your requirements, click Middle-Mile Networks, Multicloud Networks, or Virtual Networks.

    Existing connections are summarized in a table.

  4. To view more information about a connection, click ... for the desired connection and click View.

Edit Connection Configuration

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

  2. Click Interconnect Connections.

  3. Based on your requirements, click Middle-Mile Networks, Multicloud Networks, or Virtual Networks.

    Existing connections are summarized in a table.

  4. To modify connection configuration, click ... for the desired connection and click Edit.

    Along with these editable parameters, Cisco SD-WAN Manager also displays read-only properties about the connection.


    Note


    You can modify the properties of active connections only.


  5. To apply the changes, click Update or Save.

Delete Connection


Note


  • When you delete a connection to AWS, Cisco SD-WAN Manager deletes only the VIF, the virtual private gateway, and the route table that were created while establishing the connection.

    To delete cloud resources created during AWS virtual interface connection:

    1. Edit the Multicloud networks connection and delete the attachment.

    2. Delete the correspondent middle-mile networks connection to detach the cross connect.

    3. Delete the Multicloud networks connection.

  • While creating a connection to AWS, if you created a direct connect gateway or a transit gateway, you can optionally delete the direct connect gateway and transit gateway.

  • When you delete a connection to Azure, Cisco SD-WAN Manager deletes any ExpressRoutes, VNet gateways, ExpressRoute gateways, and virtual hubs created for the connection only if these elements are not used in other connections. Azure Virtual WAN cannot be deleted when you delete a connection.

    When you delete a GCP connection, you can optionally select to delete the Google Cloud Router, or manage these resources as required.

  • Express-routes cannot be deleted until they are detached from the middle-mile cross connection. If you want to delete an express-route:

    1. Edit the multicloud metworks connection and delete both the primary and secondary attachments.

    2. Delete the correspondent middle-mile networks connection to detach the cross connect from the express-route.

    3. Delete the multicloud networks connection.


  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

  2. Click Interconnect Connections.

  3. Based on your requirements, click Middle-Mile Networks, Multicloud Networks, or Virtual Networks.

    Existing connections are summarized in a table.

  4. To delete a connection, click ... for the desired connection and click Delete. Confirm that you wish to delete the connection.

Audit

This is a user-invoked audit. Follow these steps to initiate an on-demand audit:

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Cloud OnRamp for Multicloud.

  2. In the dashboard page, click Audit.

  3. Perform one of the following:

    • Select the public cloud provider and click Run audit

    • or, select the interconnect providers, choose Interconnect Connections, Destination type, and Cloud Provider, and click Submit.

      When you choose Equinix you can also choose Device links for audit.

    The window displays the status for various instances. If the status is In Sync for any of the objects, it means the object is free from errors. If the status of an object is Out of Sync, it means that there are discrepancies between the instance details available on Cisco SD-WAN Manager and the details available on the provider database.

  4. If the status of an instance shows Out of Sync, it means that it is an error that requires manual intervention or a review and rerun of the audit to fix the error.


Note


The multicloud audit service does not run while other cloud operations are in progress.