Extending SD-WAN Segmentation into AWS Cloud WAN – Part 2

Networking & Content Delivery Blog

This article explains how to extend SD-WAN network segmentation into AWS Cloud WAN using Tunnel-less Connect attachments with Multi-VPC Elastic Network Interfaces (X-ENIs).

Tunnel-less Connect supports 100 Gbps per AZ with no encapsulation overhead versus GRE's 5 Gbps per tunnel
Uses X-ENIs to attach multiple VRFs to SD-WAN appliance, mapping 1:1 to Cloud WAN segments
Requires dedicated Data Plane VPC per VRF with X-ENI in same AZ as SD-WAN appliance
Eliminates GRE tunnel maintenance but requires separate ENI per VRF, limited by instance type
Detailed deployment steps cover VPC creation, X-ENI attachment, Connect peer configuration, and BGP setup
Validation includes BGP neighbor status, route propagation, and RIB verification
Trade-offs: higher performance and simpler operations versus increased provisioning complexity and cost per VRF

This architecture enables strict network segmentation for multi-tenant and regulated environments while providing high-performance, tunnel-less connectivity between SD-WAN and AWS Cloud WAN.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Jun 10
2026

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 1

Jul 9
2025

A Lemongrass success story: Enhancing Multi-Region SD-WAN failover with AWS Cloud WAN

Jul 23
2024

Automating the admission of virtual private clouds to AWS Cloud WAN networks

Nov 20
2025

AWS Cloud WAN Routing Policy: Fine-grained controls for your global network (Part 1)

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Extending SD-WAN Segmentation into AWS Cloud WAN – Part 2

Related articles