Print

VeloCloud SD-WAN AWS - Deployment Guide - Deploying Virtual Edge with CloudFormation Print

Deploying Virtual Edge with CloudFormation

The following are required before you begin to deploy the Virtual Edge with CloudFormation templates:

Instructions on how to deploy a Virtual Edge with CloudFormation templates are described below. However, make sure to adhere to the prerequisite requirements prior to deployment.

As part of the VeloCloud SD-WAN solution, Customers deploy the VeloCloud Virtual Edges in AWS, typically in a VPC. Edge(s) can be deployed via few methods, namely AWS console and Cloud Formation Template. Total provisioning time typically takes around ~30 minutes.

Available Regions

Basic Topology

The VeloCloud Edge AMI is available in all AWS commercial regions with EC2 service, with China being the exception.

In a basic topology example, the AWS VPC (10.0.0.0/16) is divided into a Public subnet (10.0.0.0/24) and a Private subnet (10.0.1.0/24). The Virtual Edge routes between the two subnets. The Public VPC Routes will forward all offnet traffic to the Internet Gateway. The VPC Router in the Private subnet will forward all traffic to the LAN facing interface on the Virtual Edge (ENI of GE3). In this example, a default route is used to forward all traffic from the workloads, but is not necessary. RFC1918 summarization or specific branch/hub prefixes can be used to narrow what is sent to the Virtual Edge. For example, if the workloads in the Private Subnet need to be accessible via the SSH from publicly sourced IPs, then the VPC Router could be configured to point the default route (0.0.0.0/0) to the Internet Gateway and RFC1918 summarization to the Virtual Edge.

Figure 1. Deploying Virtual Edge with CloudFormation
  1. Add the Virtual Edge to the Enterprise via the Orchestrator
    1. Login to the Orchestrator.
    2. Go to Configure > Edges from the navigation panel, and select the Add Edge button. The Provision an Edge screen appears.
      Figure 2. Provision an Edge
    3. In the Provision an Edge dialog box:
      1. In the Name text box, enter a unique name for the Edge.
      2. From the Model drop-down menu, choose Virtual Edge.
      3. From the Profile drop-down menu, choose a profile for the Virtual Edge.
      4. From the Edge License drop-down menu, select an Edge license. The list displays the licenses assigned to the Enterprise, by the Operator.
      5. Enter all the required details and select Next to configure the additional parameters like Serial number, Location, and so on.
      6. Select Add Edge.
    4. The Virtual Edge is provisioned with an activation key. Make a note of the activation key, as it will be used when you deploy the CloudFormation template.
      Figure 3. Activation Key

    For more information, see the topic Provision a New Edge in the Arista VeloCloud SD-WAN Administration Guide.

  2. Add VLAN IP: The VLAN configuration must have an IP address assigned to it in order to save the Device Settings, but the IP address will not be used. For example, use IP address 169.254.0.1. Follow the steps below to add the VLAN IP address.
    1. For the Virtual Edge that was just created, select the Device tab on the Orchestrator.
    2. Scroll down to the Configure VLAN section, and select the Add VLAN button.
      The Add VLAN dialog box displays.
      Figure 4. Add VLAN
    3. In the Add VLAN dialog box:
      1. From the Segment drop-down menu, select a segment.
      2. In the VLAN Name text box, enter a unique name for the VLAN.
      3. In the VLAN ID text box, enter a VLAN ID.
      4. To configure IPv4 settings, under IPv4 Settings select the Active check box.
        1. In the Edge LAN IP Address text box, enter an IP address (for example:169.254.0.1).
        2. In the Cidr Prefix text box, enter 24.
        3. The Network value will be configured based on the Cidr Prefix.
        4. Deselect the Advertise check box.
        5. Under IPv4 DHCP Server, select Deactivated as the DHCP Type.
      5. After configuring the required parameters, select Done.

    For additional information, see the topic Configure VLAN for Edges in the Arista VeloCloud SD-WAN Administration Guide.

  3. Configure Virtual Edge Interfaces
    Warning: The Device Settings must be configured first in the Orchestrator first before Edge activation. If you skip this step, the Virtual Edge will activate, but will go offline a few minutes later.
    1. Go to the Virtual Edge's Device settings by navigating to Configure > Edge > Device tab .
    2. Scroll down to the Interfaces section.
      Figure 5. Configure Virtual Edge Interfaces
    3. Select the Edit link for the GE2 interface to change the interface settings.
      The dialog box for the GE2 interface settings appears.
    4. In the GE2 Interface Settings dialog box, select the Override Interface check box and complete the following steps:
      1. In the Capability drop-down menu, change the GE2 interface capability from Switched to Routed.
      2. Choose DHCP from the Addressing Type drop-down menu.
      3. Activate the WAN Overlay by checking the Enable WAN Link check box.
    5. Select the Edit link for the GE3 interface to change the interface settings.
      The dialog box for the GE3 interface settings appears.
    6. In the GE3 interface settings dialog box, select the Override Interface check box and complete the following steps:
      1. Deactivate the WAN Overlay by unchecking the Enable WAN Link check box, as this interface will be used for the LAN-side gateway.
      2. Uncheck the NAT Direct Traffic check box to deactivate NAT direct traffic.
  4. Launch Virtual Edge via CloudFormation
    Note:
    • If this is the first deployment of the Virtual Edge, you may need to “Subscribe” to the Edge version in the AWS Marketplace before deploying from the CloudFormation Template.
    • For additional information on how to configure AWS specific components, please refer to the AWS documentation.
    1. Log into the AWS console.
    2. Create or Import a Key Pair.
      Figure 6. Create or Import Key Pair
      Note: For additional information regarding AWS EC2 Instance Keys see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html.
    3. Navigate to CloudFormation.
      Figure 7. CloudFormation
    4. Create a CloudFormation stack.
      Figure 8. CloudFormation Stack
    5. Upload the CloudFormation template.
      Figure 9. Upload CloudFormation Template
    6. Specify the stack details as indicated in the image below:
      Figure 10. Specify Stack Details

      For the few remaining screens, you can leave those parameters, fields, or text boxes as default settings unless you have a specific need to change them. The final step is to create the stack.

    7. Review and create the stack.
    8. Monitor your deployment progress.
      Figure 11. Monitor Deployment
..