You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<listitem><para><emphasisrole="bold">Gateway</emphasis>: The IP address of the remote gateway.</para></listitem>
37
-
<listitem><para><emphasisrole="bold">CIDR list</emphasis>: The guest CIDR list of the remote subnets. Enter a CIDR or a comma-separated list of CIDRs. </para></listitem>
38
-
<listitem><para><emphasisrole="bold">IPsec Preshared Key</emphasis>: The preshared key of the remote gateway.</para></listitem>
39
-
<listitem><para><emphasisrole="bold">IKE Policy</emphasis>: Internet Key Exchange (IKE) policy for phase 1. Specify it as a combination of the encryption algorithm(aes,3des,des) and hash algorithm(sha1,md5). For example: aes-sha1, 3des-sha1.</para></listitem>
40
-
<listitem><para><emphasisrole="bold">ESP Policy</emphasis>: Encapsulating Security Payload (ESP) policy for phase 2. Specify it as a combination of the encryption algorithm(aes,3des,des) and hash algorithm(sha1,md5). For example: aes-sha1, 3des-sha1.</para></listitem>
41
-
<listitem><para><emphasisrole="bold">Lifetime (seconds)</emphasis>: Lifetime of SA in seconds. Default is 86400 seconds(1day).</para></listitem>
42
-
</itemizedlist></listitem>
43
-
<listitem><para>Click OK.</para></listitem>
44
-
</orderedlist>
45
-
</section>
22
+
<title>Setting Up a Site-to-Site VPN Connection</title>
23
+
<para>A Site-to-Site VPN connection helps you establish a secure connection from an enterprise
24
+
datacenter to the cloud infrastructure. This allows users to access the guest VMs by
25
+
establishing a VPN connection to the virtual router of the account from a device in the
26
+
datacenter of the enterprise. Having this facility eliminates the need to establish VPN
27
+
connections to individual VMs.</para>
28
+
<para>The supported endpoints on the remote datacenters are: </para>
29
+
<itemizedlist>
30
+
<listitem>
31
+
<para>Cisco ISR with IOS 12.4 or later</para>
32
+
</listitem>
33
+
<listitem>
34
+
<para>Juniper J-Series routers with JunOS 9.5 or later</para>
35
+
</listitem>
36
+
</itemizedlist>
37
+
<note>
38
+
<para>In addition to the specific Cisco and Juniper devices listed above, the expectation is
39
+
that any Cisco or Juniper device running on the supported operating systems are able to
40
+
establish VPN connections.</para>
41
+
</note>
42
+
<para> To set up a Site-to-Site VPN connection, perform the following:</para>
43
+
<orderedlist>
44
+
<listitem>
45
+
<para>Create a Virtual Private Cloud (VPC).</para>
46
+
<para>See <xreflinkend="configure-vpc"/>.</para>
47
+
</listitem>
48
+
<listitem>
49
+
<para>Create a VPN Customer Gateway.</para>
50
+
</listitem>
51
+
<listitem>
52
+
<para>Create a VPN gateway for the VPC that you created.</para>
53
+
</listitem>
54
+
<listitem>
55
+
<para>Create VPN connection from the VPC VPN gateway to the customer VPN gateway.</para>
<!-- Licensed to the Apache Software Foundation (ASF) under one
8
-
or more contributor license agreements. See the NOTICE file
9
-
distributed with this work for additional information
10
-
regarding copyright ownership. The ASF licenses this file
11
-
to you under the Apache License, Version 2.0 (the
12
-
"License"); you may not use this file except in compliance
13
-
with the License. You may obtain a copy of the License at
14
-
15
-
http://www.apache.org/licenses/LICENSE-2.0
16
-
17
-
Unless required by applicable law or agreed to in writing,
18
-
software distributed under the License is distributed on an
19
-
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
20
-
KIND, either express or implied. See the License for the
21
-
specific language governing permissions and limitations
22
-
under the License.
7
+
or more contributor license agreements. See the NOTICE file
8
+
distributed with this work for additional information
9
+
regarding copyright ownership. The ASF licenses this file
10
+
to you under the Apache License, Version 2.0 (the
11
+
"License"); you may not use this file except in compliance
12
+
with the License. You may obtain a copy of the License at
13
+
http://www.apache.org/licenses/LICENSE-2.0
14
+
Unless required by applicable law or agreed to in writing,
15
+
software distributed under the License is distributed on an
16
+
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17
+
KIND, either express or implied. See the License for the
18
+
specific language governing permissions and limitations
19
+
under the License.
23
20
-->
24
-
25
21
<sectionid="vpc">
26
-
<title>Virtual Private Cloud</title>
27
-
<para></para>
28
-
<para>To add a Virtual Private Cloud (VPC):</para>
29
-
<orderedlist>
30
-
<listitem><para>Log in to the &PRODUCT; UI as an administrator or end user. </para></listitem>
31
-
<listitem><para>In the left navigation, choose Network</para></listitem>
32
-
<listitem><para>In the Select view, select VPC.</para></listitem>
33
-
<listitem><para>Click Add VPC. Provide the following information:</para>
34
-
<itemizedlist>
35
-
<listitem><para><emphasisrole="bold">Name</emphasis>: A short name for the VPC that you are creating.</para></listitem>
36
-
<listitem><para><emphasisrole="bold">Description</emphasis>: A brief description of the VPC.</para></listitem>
37
-
<listitem><para><emphasisrole="bold">Zone</emphasis>: Choose the zone where you want the VPC to be available.</para></listitem>
38
-
<listitem><para><emphasisrole="bold">CIDR</emphasis>: To accept the traffic only from the IP addresses within a particular address block, enter a CIDR or a comma-separated list of CIDRs. The CIDR is the base IP address of the incoming traffic. For example, 192.168.0.0/22. To allow all CIDRs, set to 0.0.0.0/0.</para></listitem>
39
-
<listitem><para><emphasisrole="bold">Network Domain</emphasis>: If you want to assign a special domain name to this network, specify the DNS suffix.</para></listitem>
40
-
</itemizedlist></listitem>
41
-
</orderedlist>
42
-
</section>
22
+
<title>About Virtual Private Clouds</title>
23
+
<para>&PRODUCT; Virtual Private Cloud is a private, isolated part of &PRODUCT;. A VPC can have its
24
+
own virtual network topology that resembles a traditional physical network. You can launch VMs
25
+
in the virtual network that can have private addresses in the range of your choice, for example:
26
+
10.0.0.0/16. You can define network tiers within your VPC network range, which in turn enables
27
+
you to group similar kinds of instances based on IP address range.</para>
28
+
<para>For example, if a VPC has the private range 10.0.0.0/16, its guest networks can have the
29
+
network ranges 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24, and so on.</para>
30
+
<formalpara>
31
+
<title>Major Components of a VPC:</title>
32
+
<para>A VPC is comprised of the following network components:</para>
33
+
</formalpara>
34
+
<itemizedlist>
35
+
<listitem>
36
+
<para><emphasisrole="bold">VPC</emphasis>: A VPC acts as a container for multiple isolated
37
+
networks that can communicate with each other via its virtual router.</para>
38
+
</listitem>
39
+
<listitem>
40
+
<para><emphasisrole="bold">Network Tiers</emphasis>: Each tier acts as an isolated network
41
+
with its own VLANs and CIDR list, where you can place groups of resources, such as VMs. The
42
+
tiers are segmented by means of VLANs. The NIC of each tier acts as its gateway.</para>
43
+
</listitem>
44
+
<listitem>
45
+
<para><emphasisrole="bold">Virtual Router</emphasis>: A virtual router is automatically
46
+
created and started when you create a VPC. The virtual router connect the tiers and direct
47
+
traffic among the public gateway, the VPN gateways, and the NAT instances. For each tier, a
48
+
corresponding NIC and IP exist in the virtual router. The virtual router provides DNS and
49
+
DHCP services through its IP.</para>
50
+
</listitem>
51
+
<listitem>
52
+
<para><emphasisrole="bold">Public Gateway</emphasis>: The traffic to and from the Internet
53
+
routed to the VPC through the public gateway. In a VPC, the public gateway is not exposed to
54
+
the end user; therefore, static routes are not support for the public gateway.</para>
55
+
</listitem>
56
+
<listitem>
57
+
<para><emphasisrole="bold">Private Gateway</emphasis>: All the traffic to and from a private
58
+
network routed to the VPC through the private gateway. For more information, see <xref
59
+
linkend="add-gateway-vpc"/>.</para>
60
+
</listitem>
61
+
<listitem>
62
+
<para><emphasisrole="bold">VPN Gateway</emphasis>: The VPC side of a VPN connection.</para>
63
+
</listitem>
64
+
<listitem>
65
+
<para><emphasisrole="bold">Site-to-Site VPN Connection</emphasis>: A hardware-based VPN
66
+
connection between your VPC and your datacenter, home network, or co-location facility. For
67
+
more information, see <xreflinkend="site-to-site-vpn"/>.</para>
68
+
</listitem>
69
+
<listitem>
70
+
<para><emphasisrole="bold">Customer Gateway</emphasis>: The customer side of a VPN
71
+
Connection. For more information, see <xreflinkend="create-vpn-customer-gateway"/>.</para>
72
+
</listitem>
73
+
<listitem>
74
+
<para><emphasisrole="bold">NAT Instance</emphasis>: An instance that provides Port Address
75
+
Translation for instances to access the Internet via the public gateway. For more
76
+
information, see <xreflinkend="enable-disable-static-nat-vpc"/>.</para>
77
+
</listitem>
78
+
</itemizedlist>
79
+
<formalpara>
80
+
<title>Network Architecture in a VPC</title>
81
+
<para>In a VPC, the following four basic options of network architectures are present:</para>
82
+
</formalpara>
83
+
<itemizedlist>
84
+
<listitem>
85
+
<para>VPC with a public gateway only</para>
86
+
</listitem>
87
+
<listitem>
88
+
<para>VPC with public and private gateways</para>
89
+
</listitem>
90
+
<listitem>
91
+
<para>VPC with public and private gateways and site-to-site VPN access</para>
92
+
</listitem>
93
+
<listitem>
94
+
<para>VPC with a private gateway only and site-to-site VPN access</para>
95
+
</listitem>
96
+
</itemizedlist>
97
+
<formalpara>
98
+
<title>Connectivity Options for a VPC</title>
99
+
<para>You can connect your VPC to:</para>
100
+
</formalpara>
101
+
<itemizedlist>
102
+
<listitem>
103
+
<para>The Internet through the public gateway.</para>
104
+
</listitem>
105
+
<listitem>
106
+
<para>The corporate datacenter by using a site-to-site VPN connection through the VPN
107
+
gateway.</para>
108
+
</listitem>
109
+
<listitem>
110
+
<para>Both the Internet and your corporate datacenter by using both the public gateway and a
111
+
VPN gateway.</para>
112
+
</listitem>
113
+
</itemizedlist>
114
+
<formalpara>
115
+
<title>VPC Network Considerations</title>
116
+
<para>Consider the following before you create a VPC:</para>
117
+
</formalpara>
118
+
<itemizedlist>
119
+
<listitem>
120
+
<para>A VPC, by default, is created in the enabled state.</para>
121
+
</listitem>
122
+
<listitem>
123
+
<para>A VPC can be created in Advance zone only, and can't belong to more than one zone at a
124
+
time.</para>
125
+
</listitem>
126
+
<listitem>
127
+
<para>The default number of VPCs an account can create is 20. However, you can change it by
128
+
using the max.account.vpcs global parameter, which controls the maximum number of VPCs an
129
+
account is allowed to create.</para>
130
+
</listitem>
131
+
<listitem>
132
+
<para>The default number of tiers an account can create within a VPC is 3. You can configure
133
+
this number by using the vpc.max.networks parameter.</para>
134
+
</listitem>
135
+
<listitem>
136
+
<para>Each tier should have an unique CIDR in the VPC. Ensure that the tier's CIDR should be
137
+
within the VPC CIDR range.</para>
138
+
</listitem>
139
+
<listitem>
140
+
<para>A tier belongs to only one VPC. </para>
141
+
</listitem>
142
+
<listitem>
143
+
<para>All network tiers inside the VPC should belong to the same account.</para>
144
+
</listitem>
145
+
<listitem>
146
+
<para>When a VPC is created, by default, a SourceNAT IP is allocated to it. The Source NAT IP
147
+
is released only when the VPC is removed.</para>
148
+
</listitem>
149
+
<listitem>
150
+
<para>A public IP can be used for only one purpose at a time. If the IP is a sourceNAT, it
151
+
cannot be used for StaticNAT or port forwarding.</para>
152
+
</listitem>
153
+
<listitem>
154
+
<para>The instances only have a private IP address that you provision. To communicate with the
155
+
Internet, enable NAT to an instance that you launch in your VPC.</para>
156
+
</listitem>
157
+
<listitem>
158
+
<para>Only new networks can be added to a VPC. The maximum number of networks per VPC is
159
+
limited by the value you specify in the vpc.max.networks parameter. The default value is
160
+
three.</para>
161
+
</listitem>
162
+
<listitem>
163
+
<para>The load balancing service can be supported by only one tier inside the VPC.</para>
164
+
</listitem>
165
+
<listitem>
166
+
<para>If an IP address is assigned to a tier:</para>
167
+
<itemizedlist>
168
+
<listitem>
169
+
<para>That IP can't be used by more than one tier at a time in the VPC. For example, if
170
+
you have tiers A and B, and a public IP1, you can create a port forwarding rule by using
171
+
the IP either for A or B, but not for both.</para>
172
+
</listitem>
173
+
<listitem>
174
+
<para>That IP can't be used for StaticNAT, load balancing, or port forwarding rules for
175
+
another guest network inside the VPC.</para>
176
+
</listitem>
177
+
</itemizedlist>
178
+
</listitem>
179
+
<listitem>
180
+
<para>Remote access VPN is not supported in VPC networks.</para>
0 commit comments