Configure Second Virtual Network Interface Card (vNIC) on the AWS DataSync Agent for VMware Cloud on AWS
For storage workloads in VMware Cloud on AWS on HCX Layer 2 Extended Networks, that you want to replicate using AWS DataSync using a second vNIC
VMware Cloud on AWS Migration Challenges
One of the great features of VMware Cloud on AWS is the ability to easily migrate workloads from your data centre into AWS. There are a number of ways customers can migrate workloads into VMware Cloud on AWS, one of the most common tools is VMware Hybrid Cloud Extension (HCX).
HCX, when deployed, creates a plugin in VMware vCenter which allows customers to manage all their cloud migrations from the VMware vCenter console. Another capability of HCX is the ability to extend Layer 2 networks into VMware Cloud on AWS from on-premises. This allows customers to migrate workloads to AWS with minimal network changes (i.e no re-IP addressing required)
AWS has a number of services that help customers migrate, replicate and transform their existing applications / workloads into AWS, one of these services is AWS DataSync. AWS DataSync moves large amounts of data between on-premises or VMware Cloud on AWS storage and Amazon S3, Amazon Elastic File System (Amazon Elastic File System) or Amazon FSx.
When customers extend their layer 2 networks into VMware Cloud on AWS using HCX Network Extension, the gateway of that network will typically remain on-premise, which means any Virtual Machine (VM) network traffic that is on the extended network in VMware Cloud on AWS that is bound for other networks will generally need to traverse via the on-premise gateway. This network tromboning effect is observed when virtual machines in VMware Cloud on AWS connected to different extended segments communicate, see the image below.
The above network topology while handy for migrations, can pose some challenges when customers are needing to migrate/replicate workloads from VMware Cloud on AWS into other AWS Services, such as Amazon FSx for Windows File Server, leveraging the AWS DataSync Service to replicate the storage data.
There are 3 main components to the DataSync Service:
- Tasks - Describes where and how AWS DataSync transfers data.
- Location - Storage system or service that AWS DataSync reads from or writes to.
- Agent - VM or Amazon EC2 instance that AWS DataSync uses to read from or write to a storage system.
When you deploy a DataSync Agent on VMware Cloud on AWS, the default configuration is a single virtual network interface card (vNIC), this vNIC needs to be on the same network or able to route to the network that your source location (NFS/SMB/HDFS/Object Storage shares) reside on. When using a single vNIC this vNIC will also be used to communicate with the AWS DataSync service as well as the source storage location (i.e Windows File Server).
The default behaviour when using a single vNIC on your DataSync Agent, as well as the AWS DataSync Agent leveraging a HCX Layer 2 extended network, is to connect to the DataSync Service and migrate data, tromboning via the on-premises gateway. While doing this would work, it doesn't provide optimal performance when migrating directly from VMware Cloud on AWS into Amazon Storage Services, leveraging the DataSync service.
One option is to enable Mobility Optimised Networking (MON) on the HCX Extended Layer 2 network. Then deploy the AWS DataSync agent on a routed VMware Cloud on AWS Network Segment. Doing this, allows customers to enable local routing for VMs on the HCX Layer 2 extended network and the AWS DataSync Agent within VMware Cloud on AWS. This would avoid the DataSync traffic from going back to the on-premises gateway.
DataSync Agent with 2 vNICs
For some customers MON would be suitable for their network design, for other customers it might not be suitable based on the capabilities of MON. The DataSync Agent can also be configured with multiple vNICs, which will allow the DataSync Agent to have a vNIC connected to the HCX Layer 2 extended network, where the source storage workloads reside, as well as a vNIC will be connected to a local routed segment within VMware Cloud on AWS, that has access to the DataSync service, via a public endpoint or private endpoint.
Configure DataSync Agent with 2 vNICs
The below is the step by step instructions on configuring the DataSync Agent with two vNICs.
- If you haven’t already, configure a VMware Cloud on AWS Routed Network Segment This will be the primary network for the DataSync Agent
- Follow the deploy a DataSync Agent on VMware guide, make sure you select the VMware Cloud on AWS network segment as the network for the VM
- Once the DataSync Agent VM has deployed and the DataSync Agent is connected to the DataSync service, you should see the below in your AWS DataSync console (you should only see one Service Endpoint, I have deployed both a VPC endpoint and Public endpoint for illustration purposes)
- Open the VMware Cloud on AWS vCenter Console and locate your DataSync Agent VM
- Right click on the VM and select Edit Settings
- Select Add New Device
- From the drop down menu, select Network Adapter
- You should now see a new network adapter in the Edit Setting config
- Select the dropdown and choose browse
- Locate and select the HCX Layer 2 Extended Network that the workload you would like to replicate with DataSync, resides on (The naming convention will generally start with L2E), select ok
- Click OK, to close the Edit Settings console
- Restart the DataSync VM
- Once the DataSync VM has restarted, open the console for the DataSync Agent VM, and login (you can find the login credentials here, unless you have changed them)
- Select 1. Network Configuration
- If you are using DHCP on the network that the second vNIC is connected to, select 2: Configure DHCP. OR If you need to assign a Static IP, select 3: Configure Static IP
- Once you have made all the changes, press X to complete the network configuration
The second vNIC has now been configured for the HCX Extended Network. You will now be able to configure your locations and tasks as normal. The next step is to create the source and target locations, follow this guide to help you.
- Como soluciono problemas de conectividade entre a rede on-premises e a VPC através do Transit Gateway?AWS OFICIALAtualizada há 8 meses