Creating an MVE Integrated with VMware
This topic describes how to create and configure a Megaport Virtual Edge (MVE) with VMware SD-WAN. Once you have a Megaport ONE account, you use the VMware centralized management console called Orchestrator. In Orchestrator you create and configure the profile and edge device. In the Megaport ONE Portal, you create, administer, maintain, monitor, and terminate MVE.
Before you begin, you need to create a Megaport ONE account:
- New Megaport customers – Log in to the Megaport ONE Portal, create your account, and proceed to your VMware SD-WAN Orchestrator account. For details on setting up a Megaport ONE account, see Creating an Account.
- Existing Megaport customers – Proceed to Creating a VMware edge profile and device to start creating a new MVE.
VMware provides documentation for their SD-WAN product at VMware SD-WAN Documentation.
Before you create an MVE in the Megaport ONE Portal, you need a valid license from VMware. For details on obtaining a VMware license, see Edge Licensing or ask your VMware Sales Associate or Reseller.
This section provides an overview of the configuration steps in VMware Orchestrator and the Megaport ONE Portal.
The basic steps are:
- Create a VMware edge device profile and edge device in Orchestrator.
- Configure the VMware edge device and apply the profile to the device.
- Generate an SSH public key.
- Create an MVE instance in the Megaport ONE Portal.
To get started, you create a default profile so that when the edge device registers to Orchestrator, it retrieves its base configuration, connects to Orchestrator, and enables some specific firewall rules. After that you can manage the MVE device through Orchestrator.
To create an edge profile in Orchestrator
Log in to the VMware SD-WAN Orchestrator.
Click the link for the Customer profile account.
Choose Configure > Profiles.
Click New Profile.
Enter a Profile Name and an optional Description. For example, megaport-default-profile.
To create a virtual edge device in Orchestrator
Select the Device tab.
Select Global Segment from the Configure Segment drop-down.
Enable Cloud VPN.
Unselect all device types, except for Virtual Edge.
Under Device Settings: Virtual Edge, click Edit next to GE1 and GE2 and disable those interfaces sequentially.
Ensure that GE3 is enabled.
GE3 becomes the first available routed interface. Other ports do not require to be disabled and can be left in their current state.
Configure the following options for the GE3 interface:
- Interface Enabled – Select this option.
- Capability – Choose Routed from the drop-down list.
- Addressing Type – Choose DHCP from the drop-down list.
- WAN Overlay – Enable this option and choose Auto-Detect Overlay from the drop-down list.
- All other interfaces – Leave the default values.
Click Update GE3.
Under Wi-Fi Radio, ensure that Radio Enabled is unselected (there are no wireless interfaces).
Click Save Changes in the upper-right corner.
Select the Firewall tab and enter comma-separated IP values for any customer-side management IPs that require access to the edge device.
Ensure that the Firewall Status option is set to On.
Next to Support Access, enter the trusted IP addresses that are allowed access to the device.
Next to SNMP Access, you can optionally allow SNMP access to the WAN public interface. Enter the trusted IP addresses to allow.
Next to Local Web UI Access, enter the trusted IP addresses to allow access to the WAN interface. This is important because you are configuring a VMware Virtual Edge device with no LAN ports and no console.
Accept 80 as the Local Web UI Port Number or change it to match your environment.
Click Save Changes in the upper-right corner.
The next step is to configure and assign the profile to the edge device.
Configuring the VMware edge device
After creating the profile, you will configure the edge device to get it connected to the internet.
To configure a VMware edge device in Orchestrator
In Orchestrator, click the link for the Customer profile account.
Choose Configure > Edges.
In the upper-right corner, click New Edge….
Populate the fields as required for your network.
- Name – Enter a name for the edge device.
- Model – Choose Virtual Edge from the drop-down list.
- Profile – Select the recently created profile to assign to the new edge device.
- Authentication – Choose an authentication option for the edge device. For details on the authentication options, see the VMware SD-WAN documentation.
- Edge License – Choose the license to apply to this edge device. The list displays the licenses assigned to your enterprise. Licenses are grouped by the edge device throughput limit (1 Gbps or 10 Gbps), region, and length of contract. For details on obtaining a VMware license, see Edge Licensing or ask your VMware Sales Associate or Reseller.
- Custom Info (optional) – Enter a description for the edge device.
- Contact Name and Contact Email – Enter a contact name and email address for this device.
The Edge Overview tab lists an activation key. Save the activation key for use in the Megaport ONE Portal.
Make any device-specific changes to the Device, Business Policy, or Firewall parameters. Or, use a device-specific profile to use predefined profile settings.
Click Save Changes in the upper-right corner.
The next step is to generate an SSH key for authentication.
Administrative access to MVE
Megaport MVE and Orchestrator connect through a public/private SSH key pair to establish secure connections. The public SSH key allows you to SSH into Orchestrator and set the administrative password, enable HTTPS access, and optionally register the MVE to Orchestrator.
Megaport ONE supports the 2048-bit RSA key type.
To generate an SSH key pair (Linux/Mac OSX)
- Run the SSH keygen command:
ssh-keygen -f ~/.ssh/megaport-mve-instance-1-2048 -t rsa -b 2048
The key generator command creates an SSH key pair and adds two files to your ~/.ssh directory:
- megaport-mve-instance-1-2048 - contains the private key.
- megaport-mve-instance-1-2048.pub - contains the public key that is authorized to log in to the VMware account.
To generate an SSH key pair (Windows, using PuTTYgen)
- Open PuTTYGen.
- In the Key section, choose RSA 2048 bit and click Generate.
- Move your mouse randomly in the small screen to generate the key pairs.
- Enter a key comment, which will identify the key.
This is convenient when you use several SSH keys.
- Enter a Key passphrase, and re-enter to confirm.
The passphrase is used to protect your key. You will be asked for it when you connect via SSH.
- Click Save private key, choose a location, and click Save.
- Click Save public key, choose a location, and click Save.
Public keys: You’ll copy and paste the contents of the public key file in the Megaport ONE Portal later to distribute the public key to the edge device. Your private key will match the public key to grant access. Only a single private key has access to the edge device for SSH access.
Creating the VMware MVE in the Megaport ONE Portal
Before you create an MVE, you need to determine the best location - one that supports MVE and one that is in the most compatible metro area. You can connect multiple locations to an individual MVE. For location details, see Planning Your Deployment.
You can deploy multiple MVEs within the same metropolitan area for redundancy or capacity reasons.
To create an MVE
In the Megaport ONE Portal, choose Networking > Services.
Click Create and select MVE.
Select an MVE location geographically close to your target branch and/or on-premises locations.
You can search for your preferred location using the Country drop-down list, or enter a search term to filter results as you type. Click Clear Filters to reset the filters. Note that the country you choose must be a market in which you have already registered. If you haven’t registered a billing market in the location where you will deploy the MVE, see Enabling Billing Markets.
Specify the MVE Configuration details:
- MVE Name – Enter a name for the MVE that is easily identifiable, particularly if you plan on provisioning more than one. This name appears in the Megaport ONE Portal.
- Vendor – Select VMware SD-WAN and the software version. The MVE will be configured to be compatible with this software version from VMware.
- Service – Displays the vendor name and software version, and any important information such as upgrade requirements.
MVE Size – Select a size from the drop-down list. The list displays all sizes that match the CPU capacity at the selected location. The sizes support varying numbers of concurrent connections, and individual partner product metrics vary slightly. For sizing details, see Planning Your VMWare Deployment.
Specify the VMware SD-WAN configuration details:
- Orchestrator Account Name – Enter an FQDN (Fully Qualified Domain Name) or IPv4 or IPv6 address for the Orchestrator where you created the edge device.
- Activation Code – Enter the activation key provided to you by Orchestrator after creating the edge device.
- SSH Key – Copy and paste the contents of your public SSH key here. You can find the public key in the megaport-mve-instance-1-2048.pub file generated earlier.
Specify the billing details:
Service Level Reference (optional) – Specify a unique identifying number for the MVE to be used for billing purposes, such as a cost center number or a unique customer ID. The service level reference number appears for each service under the Product section of the invoice. You can also edit this field for an existing service.
The transit VXC associated with the MVE is automatically updated with the MVE service level reference number.
Minimum Term – Select No Minimum Term to pay-as-you-go, or select a term of 12, 24, or 36 months. Longer terms result in a lower monthly rate. By default, a 12-month term is selected.
Partner and partner managed accounts cannot view or change MVE contract terms.
For details on contract terms, see MVE Pricing and Contract Terms.
Monthly Price – The monthly rate is based on location and size.
Promo Code – If you have a promo code, enter it and click Add Code.
Partner managed accounts can apply a Partner Deal to a service.
Click Deploy MVE.
A summary screen appears.
Review the new configuration and pricing and click Confirm.
To add more MVEs in other locations, go to the Networking > Services page, click Create and select MVE.
Ordering the MVE provisions the instance and assigns IP addresses from the Megaport SDN. The MVE provisioning takes only a few minutes to complete.
Viewing the MVE in the Megaport ONE Portal
After creating the MVE, you can view it in the Megaport ONE Portal.
To view an MVE in the Megaport ONE Portal
- Go to the Networking > Services page.
As part of the MVE provisioning, Megaport ONE creates a transit Virtual Cross Connect (VXC) to provide internet connectivity and to allow MVE to register and communicate with the SD-WAN overlay network. The overlay network is created and maintained by VMware SD-WAN to provide secure tunnels from the branch locations. The transit VXC is a fixed size, based on the size of the MVE. You cannot modify or delete the transit VXC. Select it to view its details.
By this time, the new MVE should be registered to your Orchestrator and ready for additional configuration.
To view the public IP addresses assigned to the MVE
- Select the transit VXC to Megaport Internet.
- Locate the public IP address (IPv4 or IPv6) in the Details tab. These are the addresses of the MVE device.
Validating your connection
- In Orchestrator under Test & Troubleshoot > Remote Diagnostics, select the MVE and click Run for Troubleshoot BGP - Show BGP Summary to verify the BGP session and ensure the edge device is up.
You can also check connectivity and BGP status from the CLI of the edge device. For details, see Reviewing your VMware MVE connection settings.
Viewing the MVE in Orchestrator
After creating the MVE, you can monitor the status in Orchestrator.
To view an MVE in Orchestrator
- Log in to Orchestrator.
- Choose Monitor > Network Overview.
Click the MVE edge device from the list.
The Link Status and Bandwidth Usage metrics are displayed.
Once the MVE is provisioned with an Active status, the next step is to create VXCs to connect the Megaport backbone to other MVEs or cloud service providers. You can optionally connect a physical Port to the MVE through a private VXC.
For details, see Creating a VXC.