Extending SD-WAN Segmentation into AWS Cloud WAN – Part 1

Networking & Content Delivery Blog

This article explains how to extend SD-WAN network segmentation into AWS Cloud WAN using virtual appliances, focusing on Model 1: Multiple GRE-based Connect attachments over a single network interface.

Deploy SD-WAN virtual appliances directly in AWS instead of on-premises for scalability and flexibility
Map SD-WAN VRF instances to AWS Cloud WAN segments for end-to-end network isolation
Use GRE tunnels with Connect attachments to maintain strict segmentation across hybrid environments
Each GRE tunnel supports up to 5 Gbps; four peers per attachment enable 20 Gbps total bandwidth
Configure BGP peering between SD-WAN appliance and AWS Cloud WAN for dynamic routing
Requires Inside CIDR blocks, attachment policies, VPC attachment, and Connect peer configuration
Part 2 covers Tunnel-less Connect with Multi-VPC ENI for higher bandwidth without encapsulation

This approach enables enterprises to maintain strict network segmentation for compliance and multi-tenant environments while leveraging AWS global infrastructure and cloud-native deployment models.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Jun 10
2026

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 2

Jul 9
2025

A Lemongrass success story: Enhancing Multi-Region SD-WAN failover with AWS Cloud WAN

Jul 23
2024

Automating the admission of virtual private clouds to AWS Cloud WAN networks

Nov 20
2025

AWS Cloud WAN Routing Policy: Fine-grained controls for your global network (Part 1)

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 1

Related articles