Arista CloudEOS on Google Cloud Platform (GCP)


Arista CloudEOS

Arista CloudEOS is a cloud-grade and feature-rich virtual router for Google cloud. This software-only release of EOS software is supported on public clouds, as well as on customer premises equipment running Linux and VMware hypervisors. By bringing advanced network telemetry and secure IPSec VPN connectivity in a software-only package, CloudEOS provides a consistent, secure and universal approach to hybrid cloud networking for any virtualized cloud deployment.

This release of CloudEOS is available as a software subscription in Google Cloud Launcher following a BYOL license model. A CloudEOS license activation key must be obtained separately from Arista, which unlocks the platform from a default performance limit of 10 Mbps, and enable the use of IPsec encrypted VPNs.

Deploying Arista CloudEOS on GCP

  1. Locate the CloudEOS listing in the Google Cloud Launcher, then select LAUNCH ON COMPUTE ENGINE.
  2. Fill out the relevant fields in the deployment screen, then select Deploy.
    Note: By default the instance is created with a single NIC and the values for NIC1 Network name and NIC1 Subnetwork name is ignored. To create the instance with the second interface please check Enable secondary NIC checkbox.
    Note: When adding a SSH public key make sure you paste the key without any extra spaces and newlines.
  3. After deployment, you will find the information about your CloudEOS instance in the post deployment screen.

Logging into Arista CloudEOS

  1. From the post deployment screen select vm instance.
  3. Locate the External IP.
  4. Log into the instance using the credentials you entered during the deployment:
    “ssh -i <private_key_file> <username>@<external_ip>”.

Arista CloudEOS Instance with more than 2 Interfaces

You can launch an Arista VM either by launching an instance using template, or by using deployment manager.

Launching Using Instance Template

To create a Arista vEOS instance on Google cloud with more than 2 interfaces, you need to create an instance template first and then launch the VM from the template. Google cloud has a maximum limit of 8 interfaces per VM Instance. The following steps are to create the VM template, and launch the VM with additional network interfaces.

  1. Create network subnets in a specific VPC for each attached interfaces through Google Cloud console.
  2. To activate Google Cloud Shell: Goto Menu > Compute Engine > VM Instances and click on > _ on the top right of the Menu.
  3. Create an VM template with additional network interfaces by running the below command in the Google Cloud CLI, as shown in the example below:
    gcloud compute instance-templates create arista-template-1 \
    --network-interface subnet=default \
    --network-interface subnet=net1-subnet-b,no-address \
    --network-interface subnet=net2-subnet-c,no-address \
    --region us-central1--machine-type=n1-standard-4\
    --image-project=sw-veos-public \ 
  4. Goto Menu > Compute Engine > Instance Templates and refresh to see the arista-template-1.
  5. Click on the arista-template-1, and then, click on Create VM button on the top menu.
  6. Scroll down and click on Management, security, disk, networking, sole tenancy as shown below.
  7. Click on the Security tab, and then copy the SSH key in the text window provided.
  8. Click on Networking tab, edit the 1st interface configuration to enable IP forwarding and external IP for this interface. Click on +Add network interface tab below to add required number of interfaces.
    Note: The number of interfaces are limited based on the machine-type selected. Change the machine type appropriately based on the number of interfaces.
  9. Click on the Create tab to start Arista CloudEOS with required number of interfaces.

Launching Using Deployment Manager Template

  1. To launch instance using deployment manager, cut/paste and store the following deployment sample in a yaml file. Please be careful in cut-pasting SSH key as any extra whitespace/newline will not let you log into the instance using SSH key. For example, mydeployment.yaml and edit/add fields for your environment such as instance zone, instance type, instance name, networks, subnetworks and so on. You can also add any startup configurations to the config file. The following example adds a user called “testuser” with password “test123” to the launched instance config which is used to login into the instance in addition to the SSH based login.
    Note: Only SSH based GCP authentication is recommended, this is just an example and should not be used in production.
    -------Deployment Config ----
    - name: deploy-arista-three-nic-mgmt 
    type: compute.v1.instance 
    zone: us-east1-b
    machineType: zones/us-east1-b/machineTypes/n1-standard-4
    - deviceName: boot
    type: PERSISTENT
    boot: true
    autoDelete: true
    - network: global/networks/default
    - name: External NAT
    type: ONE_TO_ONE_NAT
    - network: global/networks/ts-test-vpc-1
    subnetwork: regions/us-east1/subnetworks/sub1 
    - network: global/networks/ts-test-vpv-3
    subnetwork: regions/us-east1/subnetworks/ts-test-vpc-3-sub1 
    canIpForward: true
    - key: user-data
    value: |
     username testuser privilege 15 secret test123
    - key: ssh-keys 
    value: |
    testadmin:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYP3+wSjsNMwg9l
    //rGCPFhT5fVQ6N9tgpGJq/ECxDMDaVG5gLGpmzUrlwgVi7jYu5E8koKOpmtlp This email address is being protected from spambots. You need JavaScript enabled to view it.
  2. Deploy mydeployment.yaml:
    $gcloud --project <my_project> deployment-manager deployments create --config mydeployment.yaml
  3. Get the IP address and connect to created instance.
    $gcloud --project <my_project> computeinstancesdescribe --zone us-east1-b deploy-arista-three-nic-mgmt
    ...check the NAT IP address of first interface ...
    $ssh -i <my-ssh-priv-key> testadmin@<instance_nat_ip>

CloudEOS Router Startup-Configuration using Instance Custom-Data


This section describes the use of custom-data during the initial deployment of the vEOS router instance, GCP provides an option to upload custom-data. The custom-data used passes in the configuration for multiple entities. Currently, GCP supports only the EOS configuration. This configuration is separated using start and end markers.

The administrator is allowed to upload vEOS router configuration using custom-data while launching a router instance through the portal as shown below. Note, the custom-data works only during the first boot.

Note, the following regarding the custom-data.

  • Markers must be at the beginning of the line.
  • The user is expected to have tested the configurations on a live system before using the configurations to deploy the new vEOS router. Mis-configuration may result in an unrecoverable instance.
  • EOS configuration for all interfaces is passed in during the deployment. The configuration takes effect as the new instances attach to the vEOS router.

Configuring custome-data for GCP instance through portal.