Added AWS/Azure HA deployment documentation for and modified titles of AWS, Azure, GCP deployment pages (#1668)

* Added documentation pages for AWS/Azure HA deployment and modified pages AWS,Azure,GCP * Update docs/installation/cloud/azure-ha.rst Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-10-26 01:31:44 +02:00 · 2025-08-20 19:59:02 +04:00 · 2025-08-20 19:59:02 +04:00 · 6bdc91f403
commit 6bdc91f403
parent ddceec6cf5
8 changed files with 334 additions and 7 deletions
--- a/docs/_static/images/cloud-aws-ha-architecture.png
+++ b/docs/_static/images/cloud-aws-ha-architecture.png
--- a/docs/_static/images/cloud-azure-ha-architecture.png
+++ b/docs/_static/images/cloud-azure-ha-architecture.png
--- a/docs/installation/cloud/aws-ha.rst
+++ b/docs/installation/cloud/aws-ha.rst
@ -0,0 +1,154 @@
+##########
+VyOS High Availability (HA) Deployment on AWS
+##########
+
+This document describes how to deploy VyOS in a High Availability (HA) configuration on AWS using Terraform and a VPC Route Server to provide sub-second failover.
+
+Why Use HA on AWS?
+------------------
+
+This solution helps organizations achieve **high availability** routing with dynamic connectivity to multiple AWS VPCs or hybrid environments.
+
+Key Advantages:
+
+- Utilizes **AWS VPC Route Server** to manage BGP routes dynamically.
+
+- Deploys two VyOS EC2 instances as BGP peers connected to the Route Server. Although both participate, one is typically preferred as the next-hop.
+
+- Employs **Bidirectional Forwarding Detection (BFD)** for rapid failure detection.
+
+- On failure:
+
+  - Withdraws the failed peer’s routes from the RIB.
+
+  - Recomputes the optimal path in the FIB.
+
+  - Updates VPC route tables to point to the active instance.
+
+- Enables **sub-second failover** (< 1 s), outperforming AWS API-based route table failover.
+
+This architecture supports:
+
+- Cloud edge routing with failover.
+
+- Hybrid cloud resiliency.
+
+- Rapid recovery during instance crashes, upgrades, or network disruptions.
+
+- Continuity for mission-critical operations.
+
+HA Architecture Diagram
+------------------------
+
+.. figure:: /_static/images/cloud-aws-ha-architecture.png
+   :alt: VyOS HA topology diagram
+
+Terraform Automation
+--------------------
+
+To streamline and standardize the process, we developed a Terraform project that automates the deployment of VyOS in High Availability (HA) mode on AWS.
+
+This Terraform project automates the deployment of:
+
+- Two VyOS instances in HA mode.
+
+- VPC Route Server.
+
+- Transit Gateway.
+
+- A Transit VPC and a Data VPC containing a test Amazon Linux EC2 instance for connectivity validation.
+
+To integrate with existing AWS infrastructure:
+
+- Remove the Data VPC, its subnets, and EC2 test instance.
+
+- Update `main.tf`, `network.tf`, `transit_gateway.tf`, `variables.tf`, and `outputs.tf` accordingly.
+
+Prerequisites
+-------------
+
+AWS Environment:
+
+- Active AWS account with permissions for EC2, VPC, Transit Gateway, Route Server, and IAM (for keypair and role management).
+
+Local Environment:
+
+- AWS CLI installed: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
+
+- Terraform installed: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
+
+Set AWS credentials in your shell:
+
+.. code-block:: none
+
+  export AWS_ACCESS_KEY_ID="<AWS_ACCESS_KEY_ID>"
+  export AWS_SECRET_ACCESS_KEY="<AWS_SECRET_ACCESS_KEY>"
+  export AWS_SESSION_TOKEN="<AWS_SESSION_TOKEN>"
+  export AWS_DEFAULT_REGION="<AWS_REGION>"  # e.g., us-east-1
+
+Obtain VyOS AMI ID and Owner ID:
+
+Subscribe to VyOS via AWS Marketplace. Then run:
+
+.. code-block:: none
+
+  aws ec2 describe-images \
+    --owners aws-marketplace \
+    --filters "Name=product-code,Values=8wqdkv3u2b9sa0y73xob2yl90" \
+    --query 'Images[*].[ImageId,OwnerId,Name]' \
+    --output table
+
+Alternatively, set the `vyos_ami_id` variable directly in `variables.tf`.
+
+Generate an SSH keypair (or use the included demo key):
+
+.. code-block:: none
+
+  ssh-keygen -b 2048 -t rsa -m PEM -f keys/vyos_custom_key.pem
+  chmod 400 keys/vyos_custom_key.pem
+
+Usage
+-----
+
+Configure variables in `variables.tf`, including instance type, region, and `vyos_ami_id`.
+
+Terraform Workflow:
+
+.. code-block:: none
+
+  terraform init
+  terraform fmt
+  terraform validate
+  terraform plan
+  terraform apply
+
+On completion, run:
+
+.. code-block:: none
+
+  terraform output
+
+This displays the management IP and connectivity test results.
+
+To clean up:
+
+.. code-block:: none
+
+  terraform destroy
+
+Management
+----------
+
+SSH into VyOS:
+
+.. code-block:: none
+
+  ssh vyos@<vyos_public_ip> -i keys/vyos_custom_key.pem
+
+
+GitHub Repository
+-----------------
+
+You can clone or download the Terraform project and use them in your environment:
+
+https://github.com/vyos/vyos-automation/tree/main/Terraform/AWS/ha-instances-with-configs
--- a/docs/installation/cloud/aws.rst
+++ b/docs/installation/cloud/aws.rst
@ -1,5 +1,5 @@
 ##########
-Amazon AWS
+VyOS Deployment on AWS
 ##########


@ -601,6 +601,8 @@ Connect to the VyOS instance
 .. code-block:: none

   ssh -i vyos-keypair.pem vyos@35.152.131.62
+
+
   

 Deployment of VyOS Instance and Required Resources via CloudFormation Template
@ -621,6 +623,23 @@ https://github.com/vyos/vyos-automation/tree/main/CloudFormation



+Deployment of VyOS Instance and Required Resources via Terraform
+========
+
+These Terraform projects automate the deployment of a VyOS instance on AWS, configuring essential components such as:
+
+- VPC
+- Public and private subnets
+- Internet Gateway
+- Route Tables
+- Elastic IPs
+- Security Groups
+
+You can download or clone these templates from the GitHub repository and use them in your environment:
+
+https://github.com/vyos/vyos-automation/tree/main/Terraform/AWS/
+
+
 Amazon CloudWatch Agent Usage
 -----------------------------

--- a/docs/installation/cloud/azure-ha.rst
+++ b/docs/installation/cloud/azure-ha.rst
@ -0,0 +1,152 @@
+##########
+VyOS High Availability (HA) Deployment on Azure
+##########
+
+
+This document describes how to deploy VyOS in a High Availability (HA) configuration on Azure using Terraform and Azure Route Server to provide sub-second failover.
+
+Why Use HA on Azure?
+--------------------
+
+This module provides a robust, repeatable foundation for building **resilient network architectures** in Azure. By combining VyOS routing features with Terraform and Azure-native services, it enables:
+
+- Rapid deployment of cloud edge routers.
+
+- Full control over BGP route advertisement and filtering.
+
+- Realistic HA and disaster recovery simulations.
+
+- Seamless integration with hybrid or multi-cloud infrastructure.
+
+The architecture includes:
+
+- Two VyOS routers in a Transit VNet, configured with BGP.
+
+- Azure Route Server for dynamic route distribution.
+
+- Site-to-Site VPN connections to a simulated on-premises VyOS router.
+
+- An Ubuntu VM for connectivity and routing validation.
+
+- A Data VNet for testing and diagnostics.
+
+Key Features
+------------
+
+- **High Availability**: Dual VyOS routers for redundancy and failover.
+
+- **Dynamic Routing**: BGP-based routing via Azure Route Server.
+
+- **Hybrid Connectivity**: Site-to-Site VPN integration with a simulated on-prem VyOS.
+
+- **Testing Environment**: Includes Ubuntu VM for verification and diagnostics.
+
+- **Modular & Flexible**: Easily configurable via variables.
+
+HA Architecture Diagram
+-----------------------
+
+.. figure:: /_static/images/cloud-azure-ha-architecture.png
+   :alt: VyOS HA topology diagram
+
+This deployment architecture simulates a real-world enterprise network scenario for testing and validation purposes.
+
+Terraform Automation
+--------------------
+
+To streamline and standardize the process, we developed a Terraform project that automates the deployment of VyOS in High Availability (HA) mode on Azure.
+
+This Terraform project automates the deployment of:
+
+- Two VyOS instances in HA mode.
+
+- Azure Route Server.
+
+- A Transit VNet and a Data VNet containing a test Ubuntu VM for connectivity validation.
+
+Prerequisites
+-------------
+
+Ensure you have:
+
+- Active Azure subscription:
+
+.. code-block:: none
+
+   az account set --subscription "<subscription ID or name>"
+
+- Azure CLI installed:
+
+  https://learn.microsoft.com/en-us/cli/azure/install-azure-cli
+
+- Logged in with Azure credentials:
+
+.. code-block:: none
+
+   az version
+   az login
+
+- Azure Resource Group (RG) created:
+
+.. code-block:: none
+
+   az group create --name demoResourceGroup --location westus
+   az group list
+   az group show --name demoResourceGroup
+
+- Terraform installed:
+
+  https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
+
+- SSH key generated:
+
+.. code-block:: none
+
+   ssh-keygen -t rsa -b 4096 -f keys/vyos_custom_key.pem
+   chmod 400 keys/vyos_custom_key.pem
+
+Usage
+-----
+
+All variables are defined in ``variables.tf``. Adjust them to match your environment.
+
+Terraform Workflow:
+
+.. code-block:: none
+
+  terraform init
+  terraform fmt
+  terraform validate
+  terraform plan
+  terraform apply
+
+On completion, run:
+
+.. code-block:: none
+
+  terraform output
+
+This displays the management IP and connectivity test results.
+
+To clean up:
+
+.. code-block:: none
+
+  terraform destroy
+
+Management
+----------
+
+SSH into VyOS:
+
+.. code-block:: none
+
+  ssh adminuser@<vyos_public_ip> -i keys/vyos_custom_key.pem
+
+
+GitHub Repository
+-----------------
+
+You can clone or download the Terraform project and use them in your environment:
+
+https://github.com/vyos/vyos-automation/tree/main/Terraform/Azure/azure-ha-deployment-with-configs
--- a/docs/installation/cloud/azure.rst
+++ b/docs/installation/cloud/azure.rst
@ -1,5 +1,5 @@
 ##########
-Microsoft Azure
+VyOS Deployment on Azure
 ##########


--- a/docs/installation/cloud/gcp.rst
+++ b/docs/installation/cloud/gcp.rst
@ -1,5 +1,5 @@
 #####################
-Google Cloud Platform
+VyOS Deployment on Google Cloud Platform
 #####################

 This guide provides step-by-step instructions for deploying a VyOS instance with two NICs and the required resources on Google Cloud Platform (GCP).
@ -126,8 +126,8 @@ Step 3: Create VPC Networks and Subnets
 .. figure:: /_static/images/cloud-gcp-vpc-03.png

 .. figure:: /_static/images/cloud-gcp-vpc-04.png
-
-4. Add firewall rules to allow specific network traffic from the Internet. By default all incoming traffic from outside a network is blocked.
+   
+4. Add firewall rules to allow specific network traffic from the Internet if needed. By default, all incoming traffic from outside the network is blocked. Typically, a VyOS deployment from the GCP Marketplace configures this automatically, ensuring that SSH access is enabled after deployment.

 .. figure:: /_static/images/cloud-gcp-vpc-05.png

@ -224,7 +224,7 @@ Step 4: Deploy VyOS instance from Marketplace
      - set interfaces ethernet eth1 address 'dhcp'
      - set interfaces ethernet eth1 dhcp-options no-default-route

-For more information, please visit the official VyOS documentation:
+For more information, please visit the documentation:

 https://docs.vyos.io/en/stable/automation/cloud-init.html#module-vyos-userdata

--- a/docs/installation/cloud/index.rst
+++ b/docs/installation/cloud/index.rst
@ -8,6 +8,8 @@ Running VyOS in Cloud Environments
   :caption: Content

   aws
+   aws-ha
   azure
+   azure-ha
   gcp
-   oracel
+   oracle