vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added AWS/Azure HA deployment documentation for and modified titles of AWS, Azure, GCP deployment pages (#1668)

Browse Source 
* Added documentation pages for AWS/Azure HA deployment and modified pages AWS,Azure,GCP

* Update docs/installation/cloud/azure-ha.rst

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Aslan Hajiyev 2025-08-20 19:59:02 +04:00 committed by GitHub
parent ddceec6cf5
commit 6bdc91f403
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 334 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
docs/_static/images/cloud-aws-ha-architecture.png vendored Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 54 KiB

BIN
docs/_static/images/cloud-azure-ha-architecture.png vendored Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 56 KiB

154
docs/installation/cloud/aws-ha.rst Executable file
View File

@ -0,0 +1,154 @@
##########
VyOS High Availability (HA) Deployment on AWS
##########
This document describes how to deploy VyOS in a High Availability (HA) configuration on AWS using Terraform and a VPC Route Server to provide sub-second failover.
Why Use HA on AWS?
------------------
This solution helps organizations achieve **high availability** routing with dynamic connectivity to multiple AWS VPCs or hybrid environments.
Key Advantages:
- Utilizes **AWS VPC Route Server** to manage BGP routes dynamically.
- Deploys two VyOS EC2 instances as BGP peers connected to the Route Server. Although both participate, one is typically preferred as the next-hop.
- Employs **Bidirectional Forwarding Detection (BFD)** for rapid failure detection.
- On failure:
- Withdraws the failed peers routes from the RIB.
- Recomputes the optimal path in the FIB.
- Updates VPC route tables to point to the active instance.
- Enables **sub-second failover** (< 1 s), outperforming AWS API-based route table failover.
This architecture supports:
- Cloud edge routing with failover.
- Hybrid cloud resiliency.
- Rapid recovery during instance crashes, upgrades, or network disruptions.
- Continuity for mission-critical operations.
HA Architecture Diagram
------------------------
.. figure:: /_static/images/cloud-aws-ha-architecture.png
:alt: VyOS HA topology diagram
Terraform Automation
--------------------
To streamline and standardize the process, we developed a Terraform project that automates the deployment of VyOS in High Availability (HA) mode on AWS.
This Terraform project automates the deployment of:
- Two VyOS instances in HA mode.
- VPC Route Server.
- Transit Gateway.
- A Transit VPC and a Data VPC containing a test Amazon Linux EC2 instance for connectivity validation.
To integrate with existing AWS infrastructure:
- Remove the Data VPC, its subnets, and EC2 test instance.
- Update `main.tf`, `network.tf`, `transit_gateway.tf`, `variables.tf`, and `outputs.tf` accordingly.
Prerequisites
-------------
AWS Environment:
- Active AWS account with permissions for EC2, VPC, Transit Gateway, Route Server, and IAM (for keypair and role management).
Local Environment:
- AWS CLI installed: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
- Terraform installed: https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
Set AWS credentials in your shell:
.. code-block:: none
export AWS_ACCESS_KEY_ID="<AWS_ACCESS_KEY_ID>"
export AWS_SECRET_ACCESS_KEY="<AWS_SECRET_ACCESS_KEY>"
export AWS_SESSION_TOKEN="<AWS_SESSION_TOKEN>"
export AWS_DEFAULT_REGION="<AWS_REGION>" # e.g., us-east-1
Obtain VyOS AMI ID and Owner ID:
Subscribe to VyOS via AWS Marketplace. Then run:
.. code-block:: none
aws ec2 describe-images \
--owners aws-marketplace \
--filters "Name=product-code,Values=8wqdkv3u2b9sa0y73xob2yl90" \
--query 'Images[*].[ImageId,OwnerId,Name]' \
--output table
Alternatively, set the `vyos_ami_id` variable directly in `variables.tf`.
Generate an SSH keypair (or use the included demo key):
.. code-block:: none
ssh-keygen -b 2048 -t rsa -m PEM -f keys/vyos_custom_key.pem
chmod 400 keys/vyos_custom_key.pem
Usage
-----
Configure variables in `variables.tf`, including instance type, region, and `vyos_ami_id`.
Terraform Workflow:
.. code-block:: none
terraform init
terraform fmt
terraform validate
terraform plan
terraform apply
On completion, run:
.. code-block:: none
terraform output
This displays the management IP and connectivity test results.
To clean up:
.. code-block:: none
terraform destroy
Management
----------
SSH into VyOS:
.. code-block:: none
ssh vyos@<vyos_public_ip> -i keys/vyos_custom_key.pem
GitHub Repository
-----------------
You can clone or download the Terraform project and use them in your environment:
https://github.com/vyos/vyos-automation/tree/main/Terraform/AWS/ha-instances-with-configs

21
docs/installation/cloud/aws.rst
View File

@ -1,5 +1,5 @@
########## ##########
Amazon AWS VyOS Deployment on AWS
########## ##########
@ -603,6 +603,8 @@ Connect to the VyOS instance
ssh -i vyos-keypair.pem vyos@35.152.131.62 ssh -i vyos-keypair.pem vyos@35.152.131.62
Deployment of VyOS Instance and Required Resources via CloudFormation Template Deployment of VyOS Instance and Required Resources via CloudFormation Template
======== ========
@ -621,6 +623,23 @@ https://github.com/vyos/vyos-automation/tree/main/CloudFormation
Deployment of VyOS Instance and Required Resources via Terraform
========
These Terraform projects automate the deployment of a VyOS instance on AWS, configuring essential components such as:
- VPC
- Public and private subnets
- Internet Gateway
- Route Tables
- Elastic IPs
- Security Groups
You can download or clone these templates from the GitHub repository and use them in your environment:
https://github.com/vyos/vyos-automation/tree/main/Terraform/AWS/
Amazon CloudWatch Agent Usage Amazon CloudWatch Agent Usage
----------------------------- -----------------------------

152
docs/installation/cloud/azure-ha.rst Executable file
View File

@ -0,0 +1,152 @@
##########
VyOS High Availability (HA) Deployment on Azure
##########
This document describes how to deploy VyOS in a High Availability (HA) configuration on Azure using Terraform and Azure Route Server to provide sub-second failover.
Why Use HA on Azure?
--------------------
This module provides a robust, repeatable foundation for building **resilient network architectures** in Azure. By combining VyOS routing features with Terraform and Azure-native services, it enables:
- Rapid deployment of cloud edge routers.
- Full control over BGP route advertisement and filtering.
- Realistic HA and disaster recovery simulations.
- Seamless integration with hybrid or multi-cloud infrastructure.
The architecture includes:
- Two VyOS routers in a Transit VNet, configured with BGP.
- Azure Route Server for dynamic route distribution.
- Site-to-Site VPN connections to a simulated on-premises VyOS router.
- An Ubuntu VM for connectivity and routing validation.
- A Data VNet for testing and diagnostics.
Key Features
------------
- **High Availability**: Dual VyOS routers for redundancy and failover.
- **Dynamic Routing**: BGP-based routing via Azure Route Server.
- **Hybrid Connectivity**: Site-to-Site VPN integration with a simulated on-prem VyOS.
- **Testing Environment**: Includes Ubuntu VM for verification and diagnostics.
- **Modular & Flexible**: Easily configurable via variables.
HA Architecture Diagram
-----------------------
.. figure:: /_static/images/cloud-azure-ha-architecture.png
:alt: VyOS HA topology diagram
This deployment architecture simulates a real-world enterprise network scenario for testing and validation purposes.
Terraform Automation
--------------------
To streamline and standardize the process, we developed a Terraform project that automates the deployment of VyOS in High Availability (HA) mode on Azure.
This Terraform project automates the deployment of:
- Two VyOS instances in HA mode.
- Azure Route Server.
- A Transit VNet and a Data VNet containing a test Ubuntu VM for connectivity validation.
Prerequisites
-------------
Ensure you have:
- Active Azure subscription:
.. code-block:: none
az account set --subscription "<subscription ID or name>"
- Azure CLI installed:
https://learn.microsoft.com/en-us/cli/azure/install-azure-cli
- Logged in with Azure credentials:
.. code-block:: none
az version
az login
- Azure Resource Group (RG) created:
.. code-block:: none
az group create --name demoResourceGroup --location westus
az group list
az group show --name demoResourceGroup
- Terraform installed:
https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
- SSH key generated:
.. code-block:: none
ssh-keygen -t rsa -b 4096 -f keys/vyos_custom_key.pem
chmod 400 keys/vyos_custom_key.pem
Usage
-----
All variables are defined in ``variables.tf``. Adjust them to match your environment.
Terraform Workflow:
.. code-block:: none
terraform init
terraform fmt
terraform validate
terraform plan
terraform apply
On completion, run:
.. code-block:: none
terraform output
This displays the management IP and connectivity test results.
To clean up:
.. code-block:: none
terraform destroy
Management
----------
SSH into VyOS:
.. code-block:: none
ssh adminuser@<vyos_public_ip> -i keys/vyos_custom_key.pem
GitHub Repository
-----------------
You can clone or download the Terraform project and use them in your environment:
https://github.com/vyos/vyos-automation/tree/main/Terraform/Azure/azure-ha-deployment-with-configs

2
docs/installation/cloud/azure.rst
View File

@ -1,5 +1,5 @@
########## ##########
Microsoft Azure VyOS Deployment on Azure
########## ##########

6
docs/installation/cloud/gcp.rst
View File

@ -1,5 +1,5 @@
##################### #####################
Google Cloud Platform VyOS Deployment on Google Cloud Platform
##################### #####################
This guide provides step-by-step instructions for deploying a VyOS instance with two NICs and the required resources on Google Cloud Platform (GCP). This guide provides step-by-step instructions for deploying a VyOS instance with two NICs and the required resources on Google Cloud Platform (GCP).
@ -127,7 +127,7 @@ Step 3: Create VPC Networks and Subnets
.. figure:: /_static/images/cloud-gcp-vpc-04.png .. figure:: /_static/images/cloud-gcp-vpc-04.png
4. Add firewall rules to allow specific network traffic from the Internet. By default all incoming traffic from outside a network is blocked. 4. Add firewall rules to allow specific network traffic from the Internet if needed. By default, all incoming traffic from outside the network is blocked. Typically, a VyOS deployment from the GCP Marketplace configures this automatically, ensuring that SSH access is enabled after deployment.
.. figure:: /_static/images/cloud-gcp-vpc-05.png .. figure:: /_static/images/cloud-gcp-vpc-05.png
@ -224,7 +224,7 @@ Step 4: Deploy VyOS instance from Marketplace
- set interfaces ethernet eth1 address 'dhcp' - set interfaces ethernet eth1 address 'dhcp'
- set interfaces ethernet eth1 dhcp-options no-default-route - set interfaces ethernet eth1 dhcp-options no-default-route
For more information, please visit the official VyOS documentation: For more information, please visit the documentation:
https://docs.vyos.io/en/stable/automation/cloud-init.html#module-vyos-userdata https://docs.vyos.io/en/stable/automation/cloud-init.html#module-vyos-userdata

4
docs/installation/cloud/index.rst
View File

@ -8,6 +8,8 @@ Running VyOS in Cloud Environments
:caption: Content :caption: Content
aws aws
aws-ha
azure azure
azure-ha
gcp gcp
oracel oracle