Example of Aviatrix China deployment; can be used in conjuction with repo 'ALIAZGLOBAL' to facilitate 'end to end' setup for testing. Recommended procedure is to deploy ALIAZCHINA first then ALIAZGLOBAL
-
'inter ALICloud region leveraging vpc peering' with S2C (BGPoIPSEc) overlay (note/ BGPoLAN not supported by ALI) -
Works well with better throughput due to vpc peering
There are a few options on connecting to China:
- OPT1:- Europe Azure Transit > S2C < China Azure Transit
- OPT2:- Europe Azure Transit > Europe Ali Transit > S2C < China Ali Transit < China Azure Transit
- OPT3:- As above but with Europe Ali Transit > S2C/VPC Peering < China Ali Transit
Summary of the *tf files, the code itself has some additional comments
- Variables.tf has most variables set to some 'default'
- See '####
TF files
'main.tf'
-
Step1
- ALI CN Aviatrix Transit + NSG rule entries for EIPs in Controller SG
-
Step2
- Azure CN Aviatrix transit + NSG rule entries for EIPs in Controller SG
- Aviatrix Transit peering (Az transit + ALI Transit)
-
Step3
- Azure CN Spoke + NSG rule entries for EIPs in Controller SG
- Azure Test Linux VM
'extconn.s2c.tf'
- Provides opt1-opt3, setup for opt3
- Since 'ALi Transit Global transit' private ips are not known, will need to update and re-apply Terraform after initial run
Terraform v1.8.2
on linux_amd64 (WSL) and TFC workspace
+ provider aviatrixsystems/aviatrix v3.1.0
ALI
export ALICLOUD_REGION=cn-hangzhou
export ALICLOUD_SECRET_KEY=
export ALICLOUD_ACCESS_KEY=
AZURE
If running locally, ensure you set the Azure cloud : az cloud set -n AzureChinaCloud
export ARM_CLIENT_ID=
export ARM_TENANT_ID=
export ARM_CLIENT_SECRET=
export ARM_SUBSCRIPTION_ID=
export ARM_ENDPOINT=https://management.chinacloudapi.cn
export ARM_ENVIRONMENT=china
-
Variables.tf has most defaults set for easy, check the settings.
-
The following variables were added to *tfvars
- aliregion
- controller_ip
- controller_nsg_name
- controller_nsg_resource_group_name
- ctrl_password
- gateway_name
- spokegateway_name
- transit_gw