Creating an MVE Integrated with VMware

This topic describes how to create and configure a Megaport Virtual Edge (MVE) with VMware SD-WAN. Once you have a Megaport ONE account, you use the VMware centralized management console called Orchestrator. In Orchestrator you create and configure the profile and edge device. In the Megaport ONE Portal, you create, administer, maintain, monitor, and terminate MVE.

Before you begin, you need to create a Megaport ONE account:

• New Megaport customers – Log in to the Megaport ONE Portal, create your account, and proceed to your VMware SD-WAN Orchestrator account. For details on setting up a Megaport ONE account, see Creating an Account.
• Existing Megaport customers – Proceed to Creating a VMware edge profile and device to start creating a new MVE.

Tip

VMware provides documentation for their SD-WAN product at VMware SD-WAN Documentation.

Licensing

Before you create an MVE in the Megaport ONE Portal, you need a valid license from VMware. For details on obtaining a VMware license, see Edge Licensing or ask your VMware Sales Associate or Reseller.

Basic steps

This section provides an overview of the configuration steps in VMware Orchestrator and the Megaport ONE Portal.

The basic steps are:

• Create a VMware edge device profile and edge device in Orchestrator.
• Configure the VMware edge device and apply the profile to the device.
• Generate an SSH public key.
• Create a VMware MVE in the Megaport ONE Portal.

Creating a VMware Virtual Edge profile and device

To get started, you create a default profile so that when the edge device registers to Orchestrator, it retrieves its base configuration, connects to Orchestrator, and enables some specific firewall rules. After that you can manage the MVE device through Orchestrator.

To create an edge profile in Orchestrator

1. Log in to the VMware SD-WAN Orchestrator.

2. Click the link for the Customer profile account.

3. Choose Configure > Profiles.

4. Click New Profile.

5. Enter a Profile Name and an optional Description.
   For example, megaport-default-profile.
   

6. Click Create.

To create a virtual edge device in Orchestrator

1. Select the Device tab.

2. Select Global Segment from the Configure Segment drop-down.

3. Enable Cloud VPN.
   

4. Unselect all device types, except for Virtual Edge.

5. Under Device Settings: Virtual Edge, click Edit next to GE1 and GE2 and disable those interfaces sequentially.

6. Ensure that GE3 is enabled.
   GE3 becomes the first available routed interface. Other ports do not require to be disabled and can be left in their current state.
   

7. Configure the following options for the GE3 interface:

   • Interface Enabled – Select this option.
   • Capability – Choose Routed from the drop-down list.
   • Addressing Type – Choose DHCP from the drop-down list.
   • WAN Overlay – Enable this option and choose Auto-Detect Overlay from the drop-down list.
   • All other interfaces – Leave the default values.

8. Click Update GE3.

9. Under Wi-Fi Radio, ensure that Radio Enabled is unselected (there are no wireless interfaces).

10. Click Save Changes in the upper-right corner.

11. Select the Firewall tab and enter comma-separated IP values for any customer-side management IPs that require access to the edge device.
    

12. Ensure that the Firewall Status option is set to On.

13. Next to Support Access, enter the trusted IP addresses that are allowed access to the device.

14. Next to SNMP Access, you can optionally allow SNMP access to the WAN public interface. Enter the trusted IP addresses to allow.

15. Next to Local Web UI Access, enter the trusted IP addresses to allow access to the WAN interface. This is important because you are configuring a VMware Virtual Edge device with no LAN ports and no console.

16. Accept 80 as the Local Web UI Port Number or change it to match your environment.

17. Click Save Changes in the upper-right corner.

The next step is to configure and assign the profile to the edge device.

Configuring the VMware edge device

After creating the profile, you will configure the edge device to get it connected to the internet.

To configure a VMware edge device in Orchestrator

1. In Orchestrator, click the link for the Customer profile account.

2. Choose Configure > Edges.

3. In the upper-right corner, click New Edge….

4. Populate the fields as required for your network.

   • Name – Enter a name for the edge device.
   • Model – Choose Virtual Edge from the drop-down list.
   • Profile – Select the recently created profile to assign to the new edge device.
   • Authentication – Choose an authentication option for the edge device.
     For details on the authentication options, see the VMware SD-WAN documentation.
   • Edge License – Choose the license to apply to this edge device. The list displays the licenses assigned to your enterprise. Licenses are grouped by the edge device throughput limit (1 Gbps or 10 Gbps), region, and length of contract. For details on obtaining a VMware license, see Edge Licensing or ask your VMware Sales Associate or Reseller.
   • Custom Info (optional) – Enter a description for the edge device.
   • Contact Name and Contact Email – Enter a contact name and email address for this device.
     

5. Click Create.

6. The Edge Overview tab lists an activation key. Save the activation key for use in the Megaport ONE Portal.

7. Make any device-specific changes to the Device, Business Policy, or Firewall parameters. Or, use a device-specific profile to use predefined profile settings.

8. Click Save Changes in the upper-right corner.

The next step is to generate an SSH key for authentication.

Administrative access to MVE

Megaport MVE and Orchestrator connect through a public/private SSH key pair to establish secure connections. The public SSH key allows you to SSH into Orchestrator and set the administrative password, enable HTTPS access, and optionally register the MVE to Orchestrator.

Megaport ONE supports the 2048-bit RSA key type.

To generate an SSH key pair (Linux/Mac OSX)

• Run the SSH keygen command:

   ssh-keygen -f ~/.ssh/megaport-mve-instance-1-2048 -t rsa -b 2048
  

The key generator command creates an SSH key pair and adds two files to your ~/.ssh directory:

• megaport-mve-instance-1-2048 - contains the private key.
• megaport-mve-instance-1-2048.pub - contains the public key that is authorized to log in to the VMware account.

To generate an SSH key pair (Windows, using PuTTYgen)

1. Open PuTTYGen.
2. In the Key section, choose RSA 2048 bit and click Generate.
3. Move your mouse randomly in the small screen to generate the key pairs.
4. Enter a key comment, which will identify the key.
   This is convenient when you use several SSH keys.
5. Enter a Key passphrase, and re-enter to confirm.
   The passphrase is used to protect your key. You will be asked for it when you connect via SSH.
6. Click Save private key, choose a location, and click Save.
7. Click Save public key, choose a location, and click Save.

Public keys: You’ll copy and paste the contents of the public key file in the Megaport ONE Portal later to distribute the public key to the edge device. Your private key will match the public key to grant access. Only a single private key has access to the edge device for SSH access.

Creating an MVE in the Megaport ONE Portal

Before you create an MVE, you need to determine the best location - one that supports MVE and one that is in the most compatible metro area. You can connect multiple locations to an individual MVE. For location details, see Planning Your Deployment.

You can deploy multiple MVEs within the same metropolitan area for redundancy or capacity reasons.

To create an MVE

1. In the Megaport ONE Portal, choose Networking > Services.

2. Click Create Service and select MVE.
   

3. Select an MVE location geographically close to your target branch and/or on-premises locations.
   You can search for your preferred location using the Country drop-down list, or enter a search term to filter results as you type. Click Clear Filters to reset the filters. Note that the country you choose must be a market in which you have already registered. If you haven’t registered a billing market in the location where you will deploy the MVE, see Enabling Billing Markets.
   

4. Specify the MVE Configuration details:

   • MVE Name – Enter a name for the MVE that is easily identifiable, particularly if you plan on provisioning more than one. This name appears in the Megaport ONE Portal.
   • Vendor – Select VMware SD-WAN and the software version. The MVE will be configured to be compatible with this software version from VMware.
   • Service – Displays the vendor name and software version, and any important information such as upgrade requirements.

   • MVE Size – Select a size from the drop-down list. The list displays all sizes that match the CPU capacity at the selected location. The sizes support varying numbers of concurrent connections, and individual partner product metrics vary slightly. For sizing details, see Planning Your VMWare MVE Deployment.

     

5. Specify the VMware SD-WAN Configuration details:

   • Orchestrator Address – Enter an FQDN (Fully Qualified Domain Name) or IPv4 or IPv6 address for the Orchestrator where you created the edge device.
   • Activation Code – Enter the activation key provided to you by Orchestrator after creating the edge device.
   • SSH Key – Copy and paste the contents of your public SSH key here. You can find the public key in the megaport-mve-instance-1-2048.pub file generated earlier.
     

6. Specify the Billing Details:

   • Service Level Reference (optional) – Specify a unique identifying number for the MVE to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.

   • Minimum Term – Select No Minimum Term to pay-as-you-go, or select a term of 12, 24, or 36 months. Longer terms result in a lower monthly rate. By default, a 12-month term is selected.

     Note

     Partner and partner managed accounts cannot view or change MVE contract terms.

     For details on contract terms, see MVE Pricing and Contract Terms.

   • Monthly Price – The monthly rate is based on location, size, and contract term.

   • Promo Code – If you have a promotional code, enter it and click Add Code.

     Note

     Partner managed accounts can apply a Partner Deal to a service.

     

7. Click Deploy MVE.
   A summary screen appears.
   

8. Review the new configuration and pricing then click Confirm.
   You are prompted to create a Transit Virtual Cross Connect (VXC). A Transit VXC provides connectivity and allows MVE to register and communicate with the VMware SD-WAN overlay network.
   

To create the Transit VXC

1. Click Create IP Transit VXC to proceed (recommended), or click Not now to provision your own internet access at a later time.
   A destination port in the same diversity zone as the MVE will be assigned automatically.

   Note

   MVE requires connectivity to the internet onto the management plane virtual interface. You can either provision a Transit VXC or configure a third-party internet connection using a private VXC. We strongly recommend that you order a Megaport Transit VXC for the initial MVE startup and deployment to ensure that the MVE is provisioned and functioning correctly.

2. Specify the VXC Configuration details:

   • Connection Name – Specify a unique name for the Transit VXC.

   • Rate Limit (Mbps) – Specify the speed for the Transit VXC.
     This speed is adjustable from 20 Mbps to 10 Gbps in increments of 1 Mbps. You can change the speed as needed after you create the Transit VXC. Monthly billing details appear based on location and rate limit.

   • Preferred A-End VLAN (optional) – Specify an unused VLAN ID for this connection.
     This must be a unique VLAN ID on this MVE and can range from 2 to 4093. If you specify a VLAN ID that is already in use, the system displays the next available VLAN number. The VLAN ID must be unique to proceed with the order. If you don’t specify a value, Megaport will assign one. Alternatively, you can click Untag VLAN. This selection removes the VLAN tagging for this connection and it will be configured without a VLAN ID.

     

3. Specify the Billing Details:

   • Service Level Reference (optional) – Specify a unique identifying number for the Transit VXC to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice.

     Tip

     Use the same Service Level Reference numbers for the Transit VXC and MVE to help identify the matching pair in your invoice.

   • Monthly Price – The monthly rate is based on location and size.

   • Promo Code – If you have a promotional code, enter it and click Add Code.

4. Click Create Connection to order the connection.
   A summary screen appears.
   

5. Review the new connection details and pricing then click Confirm.
   The MVE and Transit VXC are created.
   

Ordering MVE provisions the instance and assigns IP addresses from the Megaport SDN. The MVE provisioning takes only a few minutes to complete. The provisioning process spins up a FortiGate.

Viewing the MVE in the Megaport ONE Portal

After creating the MVE, you can view it in the Megaport ONE Portal on the Services page. You can also view the MVE public IP address assignment.

To view an MVE in the Megaport ONE Portal

• Go to the Networking > Services page.

Under the new MVE, you will see a Transit VXC to “Megaport IP Transit”. The Transit VXC icon differs from a standard VXC icon in the Megaport ONE Portal, as shown in the image.

For details on the Services page, see Viewing Network Services.

By this time, the new MVE should be registered to your Orchestrator and ready for additional configuration.

To view the public IP addresses assigned to the MVE

1. Click the gear icon next to the Transit VXC and select Edit Service.
   The VXC Configuration details appear. From here, you can modify any of the Transit VXC details.
   
2. Click the Details tab.
   
3. Locate the public IP address (IPv4 or IPv6). These are the public IP addresses assigned to the MVE. Make a note of these addresses for use later.

Viewing the MVE in Orchestrator

After creating the MVE, you can monitor the status in Orchestrator.

To view an MVE in Orchestrator

1. Log in to Orchestrator.
2. Choose Monitor > Network Overview.

3. Click the MVE edge device from the list.
   The Link Status and Bandwidth Usage metrics are displayed.

   

Validating your connection

• In Orchestrator under Test & Troubleshoot > Remote Diagnostics, select the MVE and click Run for Troubleshoot BGP - Show BGP Summary to verify the BGP session and ensure the edge device is up.

You can also check connectivity and BGP status from the CLI of the edge device. For details, see Reviewing your VMware MVE connection settings.

Next steps

Now that you’ve deployed an MVE, the next step is to connect a VXC to a CSP, a local port, or a third-party network. You can optionally connect a physical Port to the MVE through a private VXC or connect to a service provider in the Megaport Marketplace.

For details, see Creating a VXC to an MVE Integrated with VMware.

---

Last update: 2023-11-08