In this section:
An SBC SWe deployment requires a VPC with at least four IPv4 subnets:
All four subnets must be located in the same availability zone.
The suggested size of the VPC is CIDR x.x.x.x/16, where each subnet has a CIDR of x.x.x.x/24, although you can use smaller CIDR ranges.
The Dynamic Host Configuration Protocol (DHCP) provides a standard for passing configuration information to hosts on a TCP/IP network. The options
field of a DHCP message contains the configuration parameters. The parameters include the domain name, domain name server, and the netBIOS-node-type.
The DHCP options sets are associated with your AWS account so that you can use them across all of your VPC. For detailed information on the DHCP option sets, refer to DHCP Options Sets in the AWS documentation.
AWS provides the following DHCP option sets:
When creating a VPC, AWS automatically creates a set of DHCP options and associates them with the VPC. This set includes two options:
domain-name-servers=AmazonProvidedDNS
domain-name=domain-name-for-your-region
The AmazonProvidedDNS
is an Amazon DNS server, which enables DNS for instances that need to communicate over the VPC's Internet gateway. The string AmazonProvidedDNS
maps to a DNS server running on a reserved IP address at the base of the VPC IPv4 network range, with the last octet incremented by two digits. For example, the DNS Server on a 10.0.0.0/16 network is located at 10.0.0.2.”. For VPCs with multiple IPv4 CIDR blocks, the DNS server IP address is located in the primary CIDR block.
AWS HA uses several API requests to know the peer instance and also during IP switch-over. At the back-end, AWS has several servers with a different IP address running to provide the SBC seamless performance or response. If one server goes down, the Amazon-provided DNS automatically updates the API endpoint. This may not be the case with the custom DNS and results in an API request failure. To overcome this issue, the SBC needs to add the field AmazonProvidedDNS
in the DNS server, in addition to the IP address of the custom DNS server. For detailed information on the custom DNS, refer to Using DNS with Your VPC in the AWS documentation.
AWS VPC-end-point is a service that enables you to connect to services powered by AWS PrivateLink which means AWS services can be accessed by SBC without routing traffic over public IP/internet.
The SBC SWe supports a VPC endpoint-based setup which allows you to deploy an HA SBC (with or without HFE) without an EIP attached on the mgt interface of the SBC SWe. The VPC endpoint allows the SBC SWe to reach the RESTCONF API gateway without using EIP.
With VPC endpoint, the SBC eth0 port accesses AWS services over a private IP (using VPC-end-point) to move IPs from failed instance to new active instance.
If you deploy the SBC HA with a VPC endpoint, you must create the VPC endpoint first, and then deploy the SBC with HA.
Since EIP is optional on mgt0 on the SBC, select Yes/No for the EipAssociationForMgt parameter, as desired, in the Cloud Formation Template (see the parameter description below).
Field | Description |
---|---|
EipAssociationForMgt | Choose whether to associate the EIP on mgt0 of the HFE and SBC. to login and access SBC application from public networks
Note: Select "No" if you have already created the VPC endpoint before creating the SBC SWe. |
Use the AWS page https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpce-interface.html to create an EC2 endpoint (interface endpoint) for AWS services.
This endpoint is required to make the requests about the peer CE and move IPs. It is always in the form com.amazonaws.region.ec2
.