Skip to content

alibabacloud-automation/terraform-alicloud-build-local-to-cloud-active-active-connection-with-sdwan

BranchesTags

Repository files navigation

Terraform module to build a on-premise to aloud active-active high-availability networking architecture on Alibaba Cloud

terraform-alicloud-build-local-to-cloud-active-active-connection-with-sdwan

English | 简体中文

This solution supports the use of 3rd SDWAN to build a on-premise to aloud active-active high-availability networking architecture. The high availability implementation of this solution relies on the BGP.
Support creat:

  • Transit VPC, business VPC, and corresponding subnet
  • Security group for SDWAN image instance
  • SDWAN brand fortigate image instance (fortigate 7.2.7vm image). You can also choose other SDWAN brand that support function "bgp over ipsec" to implement this solution.
  • SDWAN Image instance configures a secondary network card for intranet communication
  • CEN instance
  • VPC attachment to CEN and implement route learning and route synchronization
  • IPsec vpn attachment to CEN and implements route learning and route synchronization

Architecture Diagram:

image

Usage

provider "alicloud" {
  region = "cn-shanghai"
}

module "complete" {
  source = "alibabacloud-automation/build-local-to-cloud-active-active-connection-with-sdwan/alicloud"
  
  business_vpc = {
    vpc_name   = "business_vpc"
    cidr_block = "10.1.0.0/16"
    vswitches = [{
      cidr_block = "10.1.1.0/24"
      zone_id    = "cn-shanghai-m"
      }, {
      cidr_block = "10.1.2.0/24"
      zone_id    = "cn-shanghai-n"
    }]
  }

  transit_vpc = {
    vpc_name   = "transit_vpc"
    cidr_block = "172.16.0.0/16"
    vswitches = [{
      cidr_block = "172.16.0.0/24"
      zone_id    = "cn-shanghai-m"
      }, {
      cidr_block = "172.16.1.0/24"
      zone_id    = "cn-shanghai-n"
    }]
  }

  transit_router_cidr = "10.10.10.0/24"
  instance_config = {
    image_id = "m-uf6c1shi2lk1xt196ybz"
  }

  vpn_attachment = {
    local_subnet  = "0.0.0.0/0"
    remote_subnet = "0.0.0.0/0"
  }
}

Examples

Requirements

Name Version
terraform >= 1.3

Providers

Name Version
alicloud n/a

Modules

No modules.

Resources

Name Type
alicloud_cen_instance.default resource
alicloud_cen_transit_router.default resource
alicloud_cen_transit_router_cidr.default resource
alicloud_cen_transit_router_route_table_association.business resource
alicloud_cen_transit_router_route_table_association.default resource
alicloud_cen_transit_router_route_table_association.transit resource
alicloud_cen_transit_router_route_table_propagation.business resource
alicloud_cen_transit_router_route_table_propagation.transit resource
alicloud_cen_transit_router_route_table_propagation.vpn_m_attch_propagation resource
alicloud_cen_transit_router_vpc_attachment.business resource
alicloud_cen_transit_router_vpc_attachment.transit resource
alicloud_cen_transit_router_vpn_attachment.default resource
alicloud_ecs_network_interface.default resource
alicloud_ecs_network_interface_attachment.default resource
alicloud_instance.default resource
alicloud_security_group.default resource
alicloud_security_group_rule.allow_all_tcp resource
alicloud_security_group_rule.allow_all_udp resource
alicloud_security_group_rule.fortigate_ingress_icmp resource
alicloud_vpc.business resource
alicloud_vpc.transit resource
alicloud_vpn_customer_gateway.default resource
alicloud_vpn_gateway_vpn_attachment.default resource
alicloud_vswitch.business resource
alicloud_vswitch.transit resource
alicloud_cen_transit_router_route_tables.default data source

Inputs

Name Description Type Default Required
business_vpc The parameters of business vpc and vswitches. 
object({
    vpc_name   = optional(string, null)
    cidr_block = string
    vswitches = list(object({
      vswitch_name = optional(string, null)
      cidr_block   = string
      zone_id      = string
    }))
  })
 n/a yes
cen_config The parameters of cen. 
object({
    cen_instance_name = optional(string, "sdwan-cen")
    description       = optional(string, null)
  })
 {} no
eni_name_prefix The name of ecs network interface. string "eni" no
instance_config The parameters of instance. 
object({
    image_id                   = string
    instance_name              = optional(string, null)
    description                = optional(string, null)
    instance_charge_type       = optional(string, "PostPaid")
    instance_type              = optional(string, "ecs.c6.xlarge")
    password                   = optional(string, null)
    internet_max_bandwidth_out = optional(number, 100)
    internet_charge_type       = optional(string, "PayByTraffic")
  })
 n/a yes
security_group_name The name of security group. string null no
transit_router_cidr The cidr of transit router. string n/a yes
transit_vpc The parameters of transit vpc and vswitches. 
object({
    vpc_name   = optional(string, null)
    cidr_block = string
    vswitches = list(object({
      vswitch_name = optional(string, null)
      cidr_block   = string
      zone_id      = string
    }))
  })
 n/a yes
vpc_customer_gateway The parameters of vpc customer gateway. 
object({
    name_prefix = optional(string, null)
    asn         = optional(string, null)
  })
 
{
  "asn": "65534",
  "name_prefix": "cgw"
}
 no
vpn_attachment The parameters of the VPN attachment 
object({
    local_subnet         = string
    remote_subnet        = string
    vpn_attachment_name  = optional(string, null)
    network_type         = optional(string, "private")
    effect_immediately   = optional(bool, true)
    enable_dpd           = optional(bool, true)
    enable_nat_traversal = optional(bool, true)
    ike_config = optional(list(object({
      ike_auth_alg = optional(string, "sha1")
      ike_enc_alg  = optional(string, "aes")
      ike_version  = optional(string, "ikev2")
      ike_mode     = optional(string, "main")
      ike_lifetime = optional(number, 86400)
      psk          = optional(string, "tfvpnattachment")
      ike_pfs      = optional(string, "group2")
    })), [{}])
    ipsec_config = optional(list(object({
      ipsec_pfs      = optional(string, "group2")
      ipsec_enc_alg  = optional(string, "aes")
      ipsec_auth_alg = optional(string, "sha1")
      ipsec_lifetime = optional(number, 86400)
    })), [{}])
    bgp_config = optional(list(object({
      enable       = optional(bool, true)
      local_asn    = optional(number, 45104)
      tunnel_cidr  = optional(string, "169.254.10.0/30")
      local_bgp_ip = optional(string, "169.254.10.1")
    })), [{}])
  })
 n/a yes

Outputs

Name Description
business_vpc_id The ID of the business VPC
business_vswitch_ids List of IDs for business VSwitches
cen_instance_id The ID of the CEN instance
cen_transit_router_business_vpc_attachment_id The attachment ID of the CEN transit router and business VPC
cen_transit_router_id The ID of the CEN transit router
cen_transit_router_transit_vpc_attachment_id The attachment ID of the CEN transit router and transit VPC
instance_ids List of instance IDs in the transit VPC
network_interface_ids List of network interface IDs
security_group_id The ID of the security group
transit_router_vpn_attachment_ids List of transit router VPN attachment IDs
transit_vpc_id The ID of the transit VPC
transit_vswitch_ids List of IDs for transit VSwitches
vpn_attachment_ids List of VPN attachment IDs
vpn_customer_gateway_ids List of VPN customer gateway IDs

Submit Issues

If you have any problems when using this module, please opening a provider issue and let us know.

Note: There does not recommend opening an issue on this repo.

Authors

Created and maintained by Alibaba Cloud Terraform Team(terraform@alibabacloud.com).

License

MIT Licensed. See LICENSE for full details.

Reference

About

registry.terraform.io/modules/alibabacloud-automation/build-local-to-cloud-active-active-connection-with-sdwan/alicloud/latest

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

v1.0.0 Latest
Mar 3, 2025

Packages

No packages published

Languages