diff --git a/docs/_static/images/cloud-aws-01.png b/docs/_static/images/cloud-aws-01.png deleted file mode 100644 index cda6542fab..0000000000 Binary files a/docs/_static/images/cloud-aws-01.png and /dev/null differ diff --git a/docs/_static/images/cloud-aws-02.png b/docs/_static/images/cloud-aws-02.png deleted file mode 100644 index 639d42fabb..0000000000 Binary files a/docs/_static/images/cloud-aws-02.png and /dev/null differ diff --git a/docs/_static/images/cloud-aws-03.png b/docs/_static/images/cloud-aws-03.png deleted file mode 100644 index 92d3e63bc3..0000000000 Binary files a/docs/_static/images/cloud-aws-03.png and /dev/null differ diff --git a/docs/_static/images/cloud-aws-04.png b/docs/_static/images/cloud-aws-04.png deleted file mode 100644 index 3ae4fb2a51..0000000000 Binary files a/docs/_static/images/cloud-aws-04.png and /dev/null differ diff --git a/docs/_static/images/cloud-aws-05.png b/docs/_static/images/cloud-aws-05.png deleted file mode 100644 index fa3521a650..0000000000 Binary files a/docs/_static/images/cloud-aws-05.png and /dev/null differ diff --git a/docs/_static/images/cloud-aws-06.png b/docs/_static/images/cloud-aws-06.png deleted file mode 100644 index c8f88ded0a..0000000000 Binary files a/docs/_static/images/cloud-aws-06.png and /dev/null differ diff --git a/docs/_static/images/cloud-aws-07.png b/docs/_static/images/cloud-aws-07.png deleted file mode 100644 index d9f934acce..0000000000 Binary files a/docs/_static/images/cloud-aws-07.png and /dev/null differ diff --git a/docs/_static/images/cloud-aws-08.png b/docs/_static/images/cloud-aws-08.png deleted file mode 100644 index db3030a0a7..0000000000 Binary files a/docs/_static/images/cloud-aws-08.png and /dev/null differ diff --git a/docs/_static/images/cloud-aws-eip-01.png b/docs/_static/images/cloud-aws-eip-01.png new file mode 100755 index 0000000000..6e376d63ab Binary files /dev/null and b/docs/_static/images/cloud-aws-eip-01.png differ diff --git a/docs/_static/images/cloud-aws-eip-02.png b/docs/_static/images/cloud-aws-eip-02.png new file mode 100755 index 0000000000..69bd5aa544 Binary files /dev/null and b/docs/_static/images/cloud-aws-eip-02.png differ diff --git a/docs/_static/images/cloud-aws-eni-01.png b/docs/_static/images/cloud-aws-eni-01.png new file mode 100755 index 0000000000..5c67f4dcde Binary files /dev/null and b/docs/_static/images/cloud-aws-eni-01.png differ diff --git a/docs/_static/images/cloud-aws-eni-02.png b/docs/_static/images/cloud-aws-eni-02.png new file mode 100755 index 0000000000..15b5b8aa5a Binary files /dev/null and b/docs/_static/images/cloud-aws-eni-02.png differ diff --git a/docs/_static/images/cloud-aws-igw-01.png b/docs/_static/images/cloud-aws-igw-01.png new file mode 100755 index 0000000000..148c2d05b8 Binary files /dev/null and b/docs/_static/images/cloud-aws-igw-01.png differ diff --git a/docs/_static/images/cloud-aws-igw-02.png b/docs/_static/images/cloud-aws-igw-02.png new file mode 100755 index 0000000000..26e6ea4865 Binary files /dev/null and b/docs/_static/images/cloud-aws-igw-02.png differ diff --git a/docs/_static/images/cloud-aws-keypair-01.png b/docs/_static/images/cloud-aws-keypair-01.png new file mode 100644 index 0000000000..2ebc9ac371 Binary files /dev/null and b/docs/_static/images/cloud-aws-keypair-01.png differ diff --git a/docs/_static/images/cloud-aws-keypair-02.png b/docs/_static/images/cloud-aws-keypair-02.png new file mode 100644 index 0000000000..419e816868 Binary files /dev/null and b/docs/_static/images/cloud-aws-keypair-02.png differ diff --git a/docs/_static/images/cloud-aws-keypair-03.png b/docs/_static/images/cloud-aws-keypair-03.png new file mode 100644 index 0000000000..cc3f0dec29 Binary files /dev/null and b/docs/_static/images/cloud-aws-keypair-03.png differ diff --git a/docs/_static/images/cloud-aws-keypair-04.png b/docs/_static/images/cloud-aws-keypair-04.png new file mode 100644 index 0000000000..0e4b9f6d05 Binary files /dev/null and b/docs/_static/images/cloud-aws-keypair-04.png differ diff --git a/docs/_static/images/cloud-aws-route-01.png b/docs/_static/images/cloud-aws-route-01.png new file mode 100755 index 0000000000..1563c0b4de Binary files /dev/null and b/docs/_static/images/cloud-aws-route-01.png differ diff --git a/docs/_static/images/cloud-aws-route-02.png b/docs/_static/images/cloud-aws-route-02.png new file mode 100755 index 0000000000..9ba19f1e16 Binary files /dev/null and b/docs/_static/images/cloud-aws-route-02.png differ diff --git a/docs/_static/images/cloud-aws-route-03.png b/docs/_static/images/cloud-aws-route-03.png new file mode 100755 index 0000000000..1bfef11c3f Binary files /dev/null and b/docs/_static/images/cloud-aws-route-03.png differ diff --git a/docs/_static/images/cloud-aws-route-04.png b/docs/_static/images/cloud-aws-route-04.png new file mode 100755 index 0000000000..e3987ad35e Binary files /dev/null and b/docs/_static/images/cloud-aws-route-04.png differ diff --git a/docs/_static/images/cloud-aws-sg-01.png b/docs/_static/images/cloud-aws-sg-01.png new file mode 100755 index 0000000000..77558eeb9b Binary files /dev/null and b/docs/_static/images/cloud-aws-sg-01.png differ diff --git a/docs/_static/images/cloud-aws-sg-02.png b/docs/_static/images/cloud-aws-sg-02.png new file mode 100755 index 0000000000..22351f75eb Binary files /dev/null and b/docs/_static/images/cloud-aws-sg-02.png differ diff --git a/docs/_static/images/cloud-aws-sg-03.png b/docs/_static/images/cloud-aws-sg-03.png new file mode 100755 index 0000000000..7375b681e5 Binary files /dev/null and b/docs/_static/images/cloud-aws-sg-03.png differ diff --git a/docs/_static/images/cloud-aws-sg-04.png b/docs/_static/images/cloud-aws-sg-04.png new file mode 100755 index 0000000000..874feed595 Binary files /dev/null and b/docs/_static/images/cloud-aws-sg-04.png differ diff --git a/docs/_static/images/cloud-aws-sg-05.png b/docs/_static/images/cloud-aws-sg-05.png new file mode 100755 index 0000000000..43b7b5cde6 Binary files /dev/null and b/docs/_static/images/cloud-aws-sg-05.png differ diff --git a/docs/_static/images/cloud-aws-subnet-01.png b/docs/_static/images/cloud-aws-subnet-01.png new file mode 100755 index 0000000000..05fe311c2c Binary files /dev/null and b/docs/_static/images/cloud-aws-subnet-01.png differ diff --git a/docs/_static/images/cloud-aws-subnet-02.png b/docs/_static/images/cloud-aws-subnet-02.png new file mode 100755 index 0000000000..22ebde4c2b Binary files /dev/null and b/docs/_static/images/cloud-aws-subnet-02.png differ diff --git a/docs/_static/images/cloud-aws-subnet-03.png b/docs/_static/images/cloud-aws-subnet-03.png new file mode 100755 index 0000000000..f909295528 Binary files /dev/null and b/docs/_static/images/cloud-aws-subnet-03.png differ diff --git a/docs/_static/images/cloud-aws-vpc-01.png b/docs/_static/images/cloud-aws-vpc-01.png new file mode 100755 index 0000000000..4a41375c71 Binary files /dev/null and b/docs/_static/images/cloud-aws-vpc-01.png differ diff --git a/docs/_static/images/cloud-aws-vpc-02.png b/docs/_static/images/cloud-aws-vpc-02.png new file mode 100755 index 0000000000..bdd04f30fa Binary files /dev/null and b/docs/_static/images/cloud-aws-vpc-02.png differ diff --git a/docs/_static/images/cloud-aws-vpc-03.png b/docs/_static/images/cloud-aws-vpc-03.png new file mode 100755 index 0000000000..f71fb5e55d Binary files /dev/null and b/docs/_static/images/cloud-aws-vpc-03.png differ diff --git a/docs/_static/images/cloud-aws-vyos-01.png b/docs/_static/images/cloud-aws-vyos-01.png new file mode 100755 index 0000000000..b3e7083566 Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-01.png differ diff --git a/docs/_static/images/cloud-aws-vyos-02.png b/docs/_static/images/cloud-aws-vyos-02.png new file mode 100755 index 0000000000..409576676b Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-02.png differ diff --git a/docs/_static/images/cloud-aws-vyos-03.png b/docs/_static/images/cloud-aws-vyos-03.png new file mode 100755 index 0000000000..ecd58eed29 Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-03.png differ diff --git a/docs/_static/images/cloud-aws-vyos-04.png b/docs/_static/images/cloud-aws-vyos-04.png new file mode 100755 index 0000000000..e3db20dbea Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-04.png differ diff --git a/docs/_static/images/cloud-aws-vyos-05.png b/docs/_static/images/cloud-aws-vyos-05.png new file mode 100755 index 0000000000..b91b5913ff Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-05.png differ diff --git a/docs/_static/images/cloud-aws-vyos-06.png b/docs/_static/images/cloud-aws-vyos-06.png new file mode 100755 index 0000000000..912cfed15c Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-06.png differ diff --git a/docs/_static/images/cloud-aws-vyos-07.png b/docs/_static/images/cloud-aws-vyos-07.png new file mode 100755 index 0000000000..ba6ad590b9 Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-07.png differ diff --git a/docs/_static/images/cloud-aws-vyos-08.png b/docs/_static/images/cloud-aws-vyos-08.png new file mode 100755 index 0000000000..f7d4e8138f Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-08.png differ diff --git a/docs/_static/images/cloud-aws-vyos-09.png b/docs/_static/images/cloud-aws-vyos-09.png new file mode 100755 index 0000000000..912cfed15c Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-09.png differ diff --git a/docs/_static/images/cloud-aws-vyos-10.png b/docs/_static/images/cloud-aws-vyos-10.png new file mode 100755 index 0000000000..5912163a22 Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-10.png differ diff --git a/docs/_static/images/cloud-aws-vyos-11.png b/docs/_static/images/cloud-aws-vyos-11.png new file mode 100755 index 0000000000..28aa334604 Binary files /dev/null and b/docs/_static/images/cloud-aws-vyos-11.png differ diff --git a/docs/_static/images/cloud-azure-01.png b/docs/_static/images/cloud-azure-01.png deleted file mode 100644 index 2c7b1adb43..0000000000 Binary files a/docs/_static/images/cloud-azure-01.png and /dev/null differ diff --git a/docs/_static/images/cloud-azure-02.png b/docs/_static/images/cloud-azure-02.png deleted file mode 100644 index 286b86899a..0000000000 Binary files a/docs/_static/images/cloud-azure-02.png and /dev/null differ diff --git a/docs/_static/images/cloud-azure-03.png b/docs/_static/images/cloud-azure-03.png deleted file mode 100644 index 4661a1fbf6..0000000000 Binary files a/docs/_static/images/cloud-azure-03.png and /dev/null differ diff --git a/docs/_static/images/cloud-azure-04.png b/docs/_static/images/cloud-azure-04.png deleted file mode 100644 index af12d337d3..0000000000 Binary files a/docs/_static/images/cloud-azure-04.png and /dev/null differ diff --git a/docs/_static/images/cloud-azure-05.png b/docs/_static/images/cloud-azure-05.png deleted file mode 100644 index c5a32d2e77..0000000000 Binary files a/docs/_static/images/cloud-azure-05.png and /dev/null differ diff --git a/docs/_static/images/cloud-azure-06.png b/docs/_static/images/cloud-azure-06.png deleted file mode 100644 index 1cc7cbf1e7..0000000000 Binary files a/docs/_static/images/cloud-azure-06.png and /dev/null differ diff --git a/docs/_static/images/cloud-azure-nic-01.png b/docs/_static/images/cloud-azure-nic-01.png new file mode 100755 index 0000000000..80109a69a1 Binary files /dev/null and b/docs/_static/images/cloud-azure-nic-01.png differ diff --git a/docs/_static/images/cloud-azure-nic-02.png b/docs/_static/images/cloud-azure-nic-02.png new file mode 100755 index 0000000000..066f0ca138 Binary files /dev/null and b/docs/_static/images/cloud-azure-nic-02.png differ diff --git a/docs/_static/images/cloud-azure-nic-03.png b/docs/_static/images/cloud-azure-nic-03.png new file mode 100755 index 0000000000..7d27262069 Binary files /dev/null and b/docs/_static/images/cloud-azure-nic-03.png differ diff --git a/docs/_static/images/cloud-azure-nic-04.png b/docs/_static/images/cloud-azure-nic-04.png new file mode 100755 index 0000000000..918c7e28f6 Binary files /dev/null and b/docs/_static/images/cloud-azure-nic-04.png differ diff --git a/docs/_static/images/cloud-azure-pub-ip-01.png b/docs/_static/images/cloud-azure-pub-ip-01.png new file mode 100755 index 0000000000..721eff2cae Binary files /dev/null and b/docs/_static/images/cloud-azure-pub-ip-01.png differ diff --git a/docs/_static/images/cloud-azure-pub-ip-02.png b/docs/_static/images/cloud-azure-pub-ip-02.png new file mode 100755 index 0000000000..cebf17994d Binary files /dev/null and b/docs/_static/images/cloud-azure-pub-ip-02.png differ diff --git a/docs/_static/images/cloud-azure-pub-ip-03.png b/docs/_static/images/cloud-azure-pub-ip-03.png new file mode 100755 index 0000000000..3a429dbaab Binary files /dev/null and b/docs/_static/images/cloud-azure-pub-ip-03.png differ diff --git a/docs/_static/images/cloud-azure-rg-01.png b/docs/_static/images/cloud-azure-rg-01.png new file mode 100755 index 0000000000..399a156c21 Binary files /dev/null and b/docs/_static/images/cloud-azure-rg-01.png differ diff --git a/docs/_static/images/cloud-azure-rg-02.png b/docs/_static/images/cloud-azure-rg-02.png new file mode 100755 index 0000000000..24de95f27d Binary files /dev/null and b/docs/_static/images/cloud-azure-rg-02.png differ diff --git a/docs/_static/images/cloud-azure-route-01.png b/docs/_static/images/cloud-azure-route-01.png new file mode 100755 index 0000000000..1cf33838d1 Binary files /dev/null and b/docs/_static/images/cloud-azure-route-01.png differ diff --git a/docs/_static/images/cloud-azure-route-02.png b/docs/_static/images/cloud-azure-route-02.png new file mode 100755 index 0000000000..0e4f294b71 Binary files /dev/null and b/docs/_static/images/cloud-azure-route-02.png differ diff --git a/docs/_static/images/cloud-azure-route-03.png b/docs/_static/images/cloud-azure-route-03.png new file mode 100755 index 0000000000..09dd3ec271 Binary files /dev/null and b/docs/_static/images/cloud-azure-route-03.png differ diff --git a/docs/_static/images/cloud-azure-route-04.png b/docs/_static/images/cloud-azure-route-04.png new file mode 100755 index 0000000000..4c497c1cb0 Binary files /dev/null and b/docs/_static/images/cloud-azure-route-04.png differ diff --git a/docs/_static/images/cloud-azure-route-05.png b/docs/_static/images/cloud-azure-route-05.png new file mode 100755 index 0000000000..f30d3f5b92 Binary files /dev/null and b/docs/_static/images/cloud-azure-route-05.png differ diff --git a/docs/_static/images/cloud-azure-sg-01.png b/docs/_static/images/cloud-azure-sg-01.png new file mode 100755 index 0000000000..76f0ea9527 Binary files /dev/null and b/docs/_static/images/cloud-azure-sg-01.png differ diff --git a/docs/_static/images/cloud-azure-sg-02.png b/docs/_static/images/cloud-azure-sg-02.png new file mode 100755 index 0000000000..4e98a5c018 Binary files /dev/null and b/docs/_static/images/cloud-azure-sg-02.png differ diff --git a/docs/_static/images/cloud-azure-sg-03.png b/docs/_static/images/cloud-azure-sg-03.png new file mode 100755 index 0000000000..4eeec886a9 Binary files /dev/null and b/docs/_static/images/cloud-azure-sg-03.png differ diff --git a/docs/_static/images/cloud-azure-sg-04.png b/docs/_static/images/cloud-azure-sg-04.png new file mode 100755 index 0000000000..a6d6426e0c Binary files /dev/null and b/docs/_static/images/cloud-azure-sg-04.png differ diff --git a/docs/_static/images/cloud-azure-vm-01.png b/docs/_static/images/cloud-azure-vm-01.png new file mode 100755 index 0000000000..aebf2c9efc Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-01.png differ diff --git a/docs/_static/images/cloud-azure-vm-02.png b/docs/_static/images/cloud-azure-vm-02.png new file mode 100755 index 0000000000..5d24917f31 Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-02.png differ diff --git a/docs/_static/images/cloud-azure-vm-03.png b/docs/_static/images/cloud-azure-vm-03.png new file mode 100755 index 0000000000..63e8ef940e Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-03.png differ diff --git a/docs/_static/images/cloud-azure-vm-04.png b/docs/_static/images/cloud-azure-vm-04.png new file mode 100755 index 0000000000..9cfaeccf53 Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-04.png differ diff --git a/docs/_static/images/cloud-azure-vm-05.png b/docs/_static/images/cloud-azure-vm-05.png new file mode 100755 index 0000000000..749b30c66d Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-05.png differ diff --git a/docs/_static/images/cloud-azure-vm-06.png b/docs/_static/images/cloud-azure-vm-06.png new file mode 100755 index 0000000000..9a735f0e96 Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-06.png differ diff --git a/docs/_static/images/cloud-azure-vm-07.png b/docs/_static/images/cloud-azure-vm-07.png new file mode 100755 index 0000000000..ce25cb528a Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-07.png differ diff --git a/docs/_static/images/cloud-azure-vm-08.png b/docs/_static/images/cloud-azure-vm-08.png new file mode 100755 index 0000000000..30017934f2 Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-08.png differ diff --git a/docs/_static/images/cloud-azure-vm-09.png b/docs/_static/images/cloud-azure-vm-09.png new file mode 100755 index 0000000000..5f0daf3488 Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-09.png differ diff --git a/docs/_static/images/cloud-azure-vm-10.png b/docs/_static/images/cloud-azure-vm-10.png new file mode 100755 index 0000000000..ea913d68a0 Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-10.png differ diff --git a/docs/_static/images/cloud-azure-vm-11.png b/docs/_static/images/cloud-azure-vm-11.png new file mode 100755 index 0000000000..a0da6ea258 Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-11.png differ diff --git a/docs/_static/images/cloud-azure-vm-12.png b/docs/_static/images/cloud-azure-vm-12.png new file mode 100755 index 0000000000..30cbcc5296 Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-12.png differ diff --git a/docs/_static/images/cloud-azure-vm-13.png b/docs/_static/images/cloud-azure-vm-13.png new file mode 100755 index 0000000000..527330e1df Binary files /dev/null and b/docs/_static/images/cloud-azure-vm-13.png differ diff --git a/docs/_static/images/cloud-azure-vnet-01.png b/docs/_static/images/cloud-azure-vnet-01.png new file mode 100755 index 0000000000..3577d8ab1a Binary files /dev/null and b/docs/_static/images/cloud-azure-vnet-01.png differ diff --git a/docs/_static/images/cloud-azure-vnet-02.png b/docs/_static/images/cloud-azure-vnet-02.png new file mode 100755 index 0000000000..6da436f52f Binary files /dev/null and b/docs/_static/images/cloud-azure-vnet-02.png differ diff --git a/docs/_static/images/cloud-azure-vnet-03.png b/docs/_static/images/cloud-azure-vnet-03.png new file mode 100755 index 0000000000..36a6803b41 Binary files /dev/null and b/docs/_static/images/cloud-azure-vnet-03.png differ diff --git a/docs/_static/images/cloud-azure-vnet-04.png b/docs/_static/images/cloud-azure-vnet-04.png new file mode 100755 index 0000000000..8351e2036a Binary files /dev/null and b/docs/_static/images/cloud-azure-vnet-04.png differ diff --git a/docs/_static/images/cloud-azure-vnet-05.png b/docs/_static/images/cloud-azure-vnet-05.png new file mode 100755 index 0000000000..daea1900b2 Binary files /dev/null and b/docs/_static/images/cloud-azure-vnet-05.png differ diff --git a/docs/installation/cloud/aws.rst b/docs/installation/cloud/aws.rst index 992e26099c..3370169f7c 100644 --- a/docs/installation/cloud/aws.rst +++ b/docs/installation/cloud/aws.rst @@ -2,52 +2,624 @@ Amazon AWS ########## -Deploy VM ---------- -Deploy VyOS on Amazon :abbr:`AWS (Amazon Web Services)` +This manual provides detailed step-by-step instructions for deploying a VyOS instance and required resources (VPC, ENIs, Subnets, Security Groups) on AWS. -1. Click to ``Instances`` and ``Launch Instance`` +Prerequisites +======== -.. figure:: /_static/images/cloud-aws-01.png +1. AWS Account +----------- +Ensure you have an AWS account with administrative access. -2. On the marketplace search "VyOS" +2. IAM Permissions +----------- -.. figure:: /_static/images/cloud-aws-02.png +To deploy VyOS and related resources, the user must have the following permissions: -3. Choose the instance type. Minimum recommendation start from ``m3.medium`` +- ``ec2:`` for managing EC2, ENIs, and EIPs. +- ``vpc:`` for creating VPCs, subnets, and route tables. +- ``iam:`` for attaching roles. -.. figure:: /_static/images/cloud-aws-03.png +3. SSH Key Pair +----------- -4. Configure instance for your requirements. Select number of - instances / network / subnet +You can use Amazon EC2 to create your key pairs, or you can use a third-party tool to create your key pairs and then import them to Amazon EC2. +Amazon EC2 supports: -.. figure:: /_static/images/cloud-aws-04.png +- ``2048-bit SSH-2 RSA keys`` for Linux and Windows instances. +- ``ED25519 keys`` for Linux instances (not supported for Windows). -5. Additional storage. You can remove additional storage ``/dev/sdb``. First - root device will be ``/dev/xvda``. You can skip this step. +When you create a key pair using Amazon EC2: -.. figure:: /_static/images/cloud-aws-05.png +- The ``public key`` is stored in Amazon EC2. +- You store the ``private key`` securely on your local machine. -6. Configure Security Group. It's recommended that you configure ssh access - only from certain address sources. Or permit any (by default). -.. figure:: /_static/images/cloud-aws-06.png +Steps to Create a Key Pair Using Amazon EC2 +^^^^^^^^^^^^^^ -7. Select SSH key pair and click ``Launch Instances`` +- Open the Amazon EC2 console https://console.aws.amazon.com/ec2/. -.. figure:: /_static/images/cloud-aws-07.png +- In the navigation pane, under ``Network & Security``, choose ``Key Pairs``. -8. Find out your public IP address. +.. figure:: /_static/images/cloud-aws-keypair-01.png -.. figure:: /_static/images/cloud-aws-08.png +- Choose ``Create key pair`` and select ``AWS region`` at the top right corner of the windows where you plan to deploy the VyOS instance. -9. Connect to the instance by SSH key. +.. figure:: /_static/images/cloud-aws-keypair-02.png + +- Configure Key Pair: +"""""""""" + + - **Name**: Enter a descriptive name for the key pair, e.g., ``vyos-keypair``. + + .. note:: The key name can include up to 255 ASCII characters. It cannot include leading or trailing spaces. + + - **Select Key Pair Type**: + - For **Linux instances**: Choose either **RSA** or **ED25519**. + + - For **Windows instances**: Choose **RSA**. + + .. note:: ED25519 keys are not supported for Windows instances. + + - **Private Key File Format**: + - **PEM**: Choose this format if using OpenSSH or other SSH clients (e.g., on Linux/macOS). + - **PPK**: Choose this format if using PuTTY on Windows. + +- **Optional**: Add tags to the key pair. Choose **Add tag** and provide the **key** and **value** for each tag. + +- Choose **Create key pair**. + +- The private key file will automatically download to your browser. + - The file name will match the name you provided (e.g., `vyos-keypair.pem`), with the extension determined by the format you chose. + +.. figure:: /_static/images/cloud-aws-keypair-03.png + +.. figure:: /_static/images/cloud-aws-keypair-04.png + + **Important Notes** + +- **Save the private key file securely**: + This is your **only chance** to download the private key. If you lose it, you cannot connect to your instance. + +- If you are using SSH on a **macOS or Linux computer**, set the correct permissions for the private key file: + +.. code-block:: none + + chmod 400 vyos-keypair.pem + +If permissions are not set to **400**, you will encounter an **"Unprotected private key file"** error when attempting to connect to the instance. + + **Example Usage for SSH** + +.. code-block:: none + + ssh -i vyos-keypair.pem vyos@ + +For more information, please visit the official AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-key-pairs.html#having-ec2-create-your-key-pair + + +4. VyOS Subscription +----------- +- Go to the AWS Marketplace https://aws.amazon.com/marketplace and search for **VyOS**. +- Subscribe to the VyOS AMI. + +For more information, please visit: + +https://aws.amazon.com/marketplace/seller-profile?id=7636d180-1710-48bc-acd6-d323c4a0429f + + +Create required resources +======== + +Certain resources need to be created in the AWS infrastructure before creating a VyOS instance, such as a VPC, Subnets, Elastic IPs, Route Tables, Security Groups, and others. + +Step 1: Create Virtual Private Cloud (VPC) and Subnets +----------- + +1. Create a VPC +^^^^^^^^^^^^^^ + +To create a VPC for your AWS environment: + +- Go to the **Amazon VPC Console** at https://console.aws.amazon.com/vpc/. + +- In the navigation pane, choose **Your VPCs**. + +- Choose **Create VPC**. + +.. figure:: /_static/images/cloud-aws-vpc-01.png + +- **Configure VPC Settings**: + - **Name tag - optional**: Enter a descriptive name for your VPC, e.g., ``VyOS-VPC``. + - **IPv4 CIDR Block**: Enter ``10.0.0.0/16``. + +- Choose **Create VPC**. + +.. figure:: /_static/images/cloud-aws-vpc-02.png + +.. figure:: /_static/images/cloud-aws-vpc-03.png + +For more information, please visit the AWS documentation: + +https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html + + +2. Create Subnets +^^^^^^^^^^^^^^ + +Subnets allow you to divide your VPC into smaller IP spaces. Follow these steps to create subnets for both **public** and **private** networks: + +- Go to the **Amazon VPC Console** at https://console.aws.amazon.com/vpc/. + +- In the navigation pane, choose **Subnets**. + +- Choose **Create Subnet**. + +.. figure:: /_static/images/cloud-aws-subnet-01.png + +- Configure Subnet Settings: +"""""""""" + + - **Public Subnet**: + + - **VPC**: Select ``VyOS-VPC``. + + - **Name Tag**: ``VyOS-Public-Subnet``. + + - **IPv4 CIDR Block**: ``10.0.1.0/24``. + + - **Availability Zone**: Select an AZ, e.g., ``us-east-1a``. + + - **Private Subnet**: + + - **VPC**: Select ``VyOS-VPC``. + + - **Name Tag**: ``VyOS-Private-Subnet``. + + - **IPv4 CIDR Block**: ``10.0.2.0/24``. + + - **Availability Zone**: Select an AZ, e.g., ``us-east-1a``. + + +- Choose **Create Subnet**. + +.. figure:: /_static/images/cloud-aws-subnet-02.png + +.. figure:: /_static/images/cloud-aws-subnet-03.png + +For additional information, please visit the AWS documentation: + +https://docs.aws.amazon.com/vpc/latest/userguide/create-subnets.html + +For additional details about IP addressing for your VPC and subnets, refer to the AWS documentation: + +https://docs.aws.amazon.com/vpc/latest/userguide/vpc-ip-addressing.html + + +Step 2: Create and Configure Security Groups +----------- + +1. Create Public Security Group +^^^^^^^^^^^^^^ + +The **Public Security Group** is used for **outbound connectivity**. All external resources, systems, or networks will connect via this security group. + +- Open the **Amazon EC2 Console** at https://console.aws.amazon.com/ec2/. + +- In the navigation pane, choose **Security Groups**. + +- Choose **Create Security Group**. + +.. figure:: /_static/images/cloud-aws-sg-01.png + +- **Configure the Security Group**: + + - **Name**: ``VyOS-Public-SG``. + + - **Description**: "Public security group for outbound connectivity" + + - **VPC**: Select the VPC in which your VyOS instance resides. + +- Inbound Rules: +"""""""""" + + - **SSH**: Port ``22``, Source ``0.0.0.0/0`` (Restrict to your IP for security). + + - **ICMP**: Allow for ping testing purposes. + + - **IPSec**: Allow port ``500`` (UDP) for ISAKMP (Phase 1 negotiation). + + - **NAT Traversal**: Allow port ``4500`` (UDP) for NAT-T support in IPsec. + + - **WireGuard**: Allow port ``51820`` (UDP). + + - **OpenVPN**: Allow port ``1194`` (UDP or TCP). + +.. figure:: /_static/images/cloud-aws-sg-02.png + +- (Optional) Add tags to identify the security group: + - **Key**: `Name`, **Value**: `VyOS-Public-SG`. + +- Choose **Create Security Group**. + +.. figure:: /_static/images/cloud-aws-sg-03.png + + +2. Create Private Security Group +^^^^^^^^^^^^^^ + +The **Private Security Group** is used for **internal connectivity** from internal or VPC-based resources. + +- Open the **Amazon EC2 Console**. + +- In the navigation pane, choose **Security Groups**. + +- Choose **Create Security Group**. + +- Configure the Security Group: +"""""""""" + + - **Name**: ``VyOS-Private-SG``. + + - **Description**: "Private security group for internal connectivity" + + - **VPC**: Select the VPC in which your VyOS instance resides. + +- Inbound Rules: +"""""""""" + + - Allow **All Traffic** (``0.0.0.0/0``) for internal connectivity between resources, VPCs, and other trusted networks. + +.. figure:: /_static/images/cloud-aws-sg-04.png + +- (Optional) Add tags to identify the security group: + - **Key**: ``Name``, **Value**: ``VyOS-Private-SG``. + +- Choose **Create Security Group**. + +.. figure:: /_static/images/cloud-aws-sg-05.png + +For detailed instructions on creating a security group, refer to the official AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/creating-security-group.html + +For more information, refer to the official AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html + + +Step 3: Create ENIs (Elastic Network Interfaces) +----------- + +Network Interfaces (ENIs) are essential for connecting instances to subnets and managing network traffic. Follow the steps below to create **Public** and **Private** ENIs. + +- Open the **Amazon EC2 Console** at https://console.aws.amazon.com/ec2/. + +- In the navigation pane, choose **Network Interfaces**. + +- Choose **Create Network Interface**. + +- **Configure Network Interface Settings**: + +Public ENI +"""""""""" + - **Name**: ``VyOS-Public-ENI``. + + - **Description**: "Network Interface for Public Subnet." + + - **Subnet**: Select the ``VyOS-Public-Subnet`` you created earlier. + + - **Private IPv4 Address**: Choose **Auto-assign** to let AWS pick an IP address from the subnet. + + - **Security Group**: Select the ``VyOS-Public-SG``. + + - (Optional) Add tags to identify the ENIs: + **Key**: ``Name``, **Value**: ``VyOS-Public-ENI``. + + - Choose **Create Network Interface**. + + .. figure:: /_static/images/cloud-aws-eni-01.png + +Private ENI +"""""""""" + - **Name**: ``VyOS-Private-ENI``. + + - **Description**: "Network Interface for Private Subnet." + + - **Subnet**: Select the ``VyOS-Private-Subnet`` you created earlier. + + - **Private IPv4 Address**: Choose **Auto-assign** to let AWS pick an IP address from the subnet. + + - **Security Group**: Select the ``VyOS-Private-SG``. + + - (Optional) Add tags to identify the ENIs: + **Key**: ``Name``, **Value**: ``VyOS-Private-ENI``. + + - Choose **Create Network Interface**. + + .. figure:: /_static/images/cloud-aws-eni-02.png + +Step 4: Configure Internet Gateway +----------- + +An **Internet Gateway** allows communication between your VPC and the internet. Follow the steps below to create and attach an Internet Gateway to your VPC. + +1. Create an Internet Gateway +^^^^^^^^^^^^^^ + +- Open the **Amazon VPC Console** at https://console.aws.amazon.com/vpc/. + +- In the navigation pane, choose **Internet Gateways**. + +- Choose **Create Internet Gateway**. + +- **Configure Internet Gateway**: + - (Optional) **Name**: Enter a descriptive name, e.g., ``VyOS-IGW``. + +- (Optional) Add a tag to identify the Internet Gateway: + - **Key**: ``Name``, **Value**: ``VyOS-IGW``. + +- Choose **Create Internet Gateway**. + +.. figure:: /_static/images/cloud-aws-igw-01.png + + +2. Attach the Internet Gateway to Your VPC +^^^^^^^^^^^^^^ + +To enable your VPC to access the internet, attach the Internet Gateway to your VPC: + +- After creating the Internet Gateway, select it from the **Internet Gateways** list. + +- Choose **Actions > Attach to VPC**. + +- Select the VPC where you want to attach the Internet Gateway: + - Choose `VyOS-VPC` (the VPC you created earlier). + +- Choose **Attach Internet Gateway**. + +.. figure:: /_static/images/cloud-aws-igw-02.png + +For more details, refer to the official AWS documentation: + +https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Internet_Gateway.html. + + +Step 5: Configure Route Tables +----------- + +Route tables define the paths for network traffic within your VPC. In this step, we will configure **Public** and **Private** route tables to control traffic flow for their respective subnets. + + +1. Create and Configure the Public Route Table +^^^^^^^^^^^^^^ + +- **Go to the Route Tables Section:** + - Open the **Amazon VPC Console** at https://console.aws.amazon.com/vpc/. + - In the left navigation pane, choose **Route Tables**. + +- **Create a New Route Table:** + + - In the **Route Tables** section, choose **Create Route Table**. + + - Configure the route table: + + - **Name**: ``Public RT``. + + - **VPC**: Select the ``VyOS-VPC``. + + - Click **Create Route Table**. + + .. figure:: /_static/images/cloud-aws-route-01.png + +- **Add a Route to the Internet Gateway:** + + - Go to the **Routes** tab and click **Edit Routes**. + + - Click **Add Route** and enter: + + - **Destination**: ``0.0.0.0/0`` (Default route to all IPs). + + - **Target**: Select the **Internet Gateway** (``VyOS-IGW``) you created earlier. + + - Click **Save Routes**. + + .. figure:: /_static/images/cloud-aws-route-02.png + +- **Associate the Public Subnet:** + + - Go to the **Subnet Associations** tab and click **Edit Subnet Associations**. + + - Select the **Public Subnet** (``VyOS-Public-Subnet``). + + - Click **Save associations**. + + .. figure:: /_static/images/cloud-aws-route-03.png + + +Step 6: Allocate and Attach Elastic IP (EIP) +----------- + +An **Elastic IP (EIP)** is a static, public IPv4 address designed for dynamic cloud computing. Elastic IP addresses can help maintain consistent connectivity to instances, even if they are stopped, rebooted, or replaced. + +- Elastic IP addresses are **public IPv4 addresses** and are reachable from the internet. +- They can be quickly remapped to different instances or network interfaces within your AWS account to mask failures. + +For more details, refer to the official AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html. + + +Steps to Allocate and Attach Elastic IP +^^^^^^^^^^^^^^ + +1. Allocate Elastic IP +"""""""""" + +- Open the **Amazon EC2 Console** at https://console.aws.amazon.com/ec2/. + +- In the navigation pane, choose **Elastic IPs**. + +- Choose **Allocate Elastic IP address**. + +- **Elastic IP address settings**: + - For **Public IPv4 address pool**, select **Amazon's pool of IPv4 addresses**. + +- (Optional) Add a tag: + - **Key**: ``Name``, **Value**: ``VyOS-EIP``. + +- Choose **Allocate**. + +.. figure:: /_static/images/cloud-aws-eip-01.png + +2. Attach Elastic IP to Public ENI +"""""""""" + +- Go to **EC2 > Elastic IPs**. + +- Select the **Elastic IP** you just allocated. + +- Choose **Actions > Associate Elastic IP address**. + +- **Configure Association**: + + - **Resource type**: Choose **Network Interface**. + + - **Network Interface**: Select the **VyOS-Public-ENI** created earlier. + + - **Private IPv4 Address**: Ensure it is correctly selected. + +- (Optional) Select **Allow the Elastic IP address to be reassociated** if the EIP is already associated with another resource. + +- Choose **Associate**. + +.. figure:: /_static/images/cloud-aws-eip-02.png + +**Why Use Elastic IP?** + +- **Consistency**: The EIP remains static, even if the instance stops or is replaced. + +- **Failover**: If an instance fails, you can remap the EIP to a new instance to restore services quickly. + +- **DNS Integration**: You can point your domain to the Elastic IP for consistent public access. + +For additional details, refer to the AWS documentation: + +https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/working-with-eips.html + + +Launch VyOS Instance +======== + +Follow the detailed instructions below to launch a VyOS instance in your AWS environment with two ENIs (Public and Private). + +- Open the **Amazon EC2 Console** at https://console.aws.amazon.com/ec2/. + +- In the EC2 dashboard, choose **Launch Instance**. + +- **Configure Instance Details**: + + - **Name and Tags**: + + - Under **Name and tags**, enter a descriptive name for your instance, e.g., ``VyOS-Instance``. + + .. figure:: /_static/images/cloud-aws-vyos-01.png + + - **Application and OS Images (AMI)**: + + - Choose **Browse more AMIs**. + + - Go to the **AWS Marketplace** tab and search for **VyOS**. + + - Choose the VyOS AMI that matches your requirements and click **Select**. + + .. figure:: /_static/images/cloud-aws-vyos-02.png + + .. figure:: /_static/images/cloud-aws-vyos-03.png + + - **Instance Type**: + - Select the instance type that fits your workload. For example: + + - ``c5n.large`` (or larger recommended for VyOS). + + .. figure:: /_static/images/cloud-aws-vyos-04.png + + - **Key pair (login)**: + + - For **Key pair name**, select the key pair you created earlier (``vyos-keypair``). + + - If you do not have a key pair, create a new one and download the private key file. + + .. figure:: /_static/images/cloud-aws-vyos-05.png + + - **Network Settings**: + + - **VPC**: Select ``VyOS-VPC``. + + - **Subnet**: Select the **Public Subnet** (``VyOS-Public-Subnet``). + + - **Auto-assign Public IP**: **Disable**. + + - **Firewall (security groups)**: Select the **Select existing security group**. + + - **Common security groups**: Live empty (Do not select any security groups). + + .. figure:: /_static/images/cloud-aws-vyos-09.png + + - **Advanced network configuration** + + - **Network interface 1** select ``VyOS-Public-ENI`` + + .. figure:: /_static/images/cloud-aws-vyos-07.png + + - Click to the **Add network interface** button + + - **Network interface 2** select ``VyOS-Private-ENI`` + + .. figure:: /_static/images/cloud-aws-vyos-08.png + + - In **Subnet** deselect subnet + + .. figure:: /_static/images/cloud-aws-vyos-10.png + +- Review the instance configuration in the **Summary** panel and choose **Launch Instance**. + +- Wait until the instance status changes to **Running**. + +.. figure:: /_static/images/cloud-aws-vyos-11.png + + +Connect to the VyOS instance +----------- + + You can only connect to the VyOS instance via **SSH** protocol. Use the default username **vyos**, **Elastic IP** and **SSH Key Pair** to connect to the VyOS instance via SSH: + + .. code-block:: none + + ssh -i vyos-keypair.pem vyos@35.152.131.62 + + +Deployment of VyOS Instance and Required Resources via CloudFormation Template +======== + +These CloudFormation templates automate the deployment of a VyOS instance on AWS, configuring essential components such as: + +- VPC +- Public and private subnets +- Internet Gateway +- Route Tables +- Elastic IPs +- Security Groups + +You can download or clone these templates from the GitHub repository and use them in your environment: + +https://github.com/vyos/vyos-automation/tree/main/CloudFormation - .. code-block:: none - ssh -i ~/.ssh/amazon.pem vyos@203.0.113.3 - vyos@ip-192-0-2-10:~$ Amazon CloudWatch Agent Usage ----------------------------- diff --git a/docs/installation/cloud/azure.rst b/docs/installation/cloud/azure.rst index e19df9862f..81c0507729 100644 --- a/docs/installation/cloud/azure.rst +++ b/docs/installation/cloud/azure.rst @@ -1,72 +1,433 @@ -##### -Azure -##### +########## +Microsoft Azure +########## -Deploy VM ---------- -Deploy VyOS on Azure. +This manual provides detailed step-by-step instructions for deploying a VyOS instance and required resources (Virtual Networks, Network Interfaces, Subnets, Security Groups) on Azure via the Azure Portal. -1. Go to the Azure services and Click to **Add new Virtual machine** +Prerequisites for Deploying VyOS on Azure +======== -2. Choose vm name, resource group, region and click **Browse all public and - private images** +Azure Account +----------- -.. figure:: /_static/images/cloud-azure-01.png +Ensure you have an active Azure subscription. -3. On the marketplace search ``VyOS`` and choose the appropriate subscription +Microsoft Entra ID Permissions +----------- -.. figure:: /_static/images/cloud-azure-02.png +To manage resources in **Azure Entra ID** (formerly Azure AD), you need appropriate permissions to handle **Virtual Networks**, **Public IP Addresses**, **Subnets**, and **Virtual Machines**. -4. Generate new SSH key pair or use existing. +**Reference Documentation:** -.. figure:: /_static/images/cloud-azure-03.png +https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/manage-roles-portal -5. Define network, subnet, Public IP. Or it will be created by default. +https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal -.. figure:: /_static/images/cloud-azure-04.png +https://learn.microsoft.com/en-us/azure/role-based-access-control/overview -6. Click ``Review + create``. After a few seconds your deployment will be complete +Deployment Steps +======== -.. figure:: /_static/images/cloud-azure-05.png +Step 1: Create a Resource Group +----------- -7. Click to your new vm and find out your Public IP address. +A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. -.. figure:: /_static/images/cloud-azure-06.png +Create resource groups +^^^^^^^^^^^^^^ -8. Connect to the instance by SSH key. +- Go to the Azure Portal https://portal.azure.com/. + +- Sign in with your Azure account credentials. + +- In the portal, search for and select **Resource groups**. + +- Select **Create**. + +.. figure:: /_static/images/cloud-azure-rg-01.png + +- Enter the following values: + +- **Subscription**: Select your Azure subscription. + +- **Resource group**: Enter a new resource group name, e.g., ``VyOSResourceGroup``. + +- **Region**: Select an Azure location, such as Central US. + +- Select **Review + Create** + +- Select **Create**. It takes a few seconds to create a resource group. + +.. figure:: /_static/images/cloud-azure-rg-02.png + + +Step 2: Create a Virtual Network (VNet) and Subnets +----------- + +Sign in to the Azure portal with your Azure account https://portal.azure.com/ + +- In the portal, search for and select **Virtual networks**. + +- On the **Virtual networks** page, select **+ Create**. + +- On the **Basics** tab of **Create virtual network**, enter, or select the following information: + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select e.g., ``VyOSResourceGroup`` + +- **Name**: e.g., ``VyOS-VirtualNetwork`` + +- **Region**: e.g., ``West Europe``. + +.. figure:: /_static/images/cloud-azure-vnet-01.png + +**IP addresses**: + +- Address Space: ``10.1.0.0/16`` + +.. figure:: /_static/images/cloud-azure-vnet-02.png + +**Add two subnets**: + +- Name: e.g., ``VyOS-Private-Subnet`` + + Starting address: e.g., ``10.1.1.0`` + + Size: ``/24`` + +- Name: e.g., ``VyOS-Public-Subnet`` + + Starting address: e.g., ``10.1.11.0`` + + Size: ``/24`` + +.. figure:: /_static/images/cloud-azure-vnet-03.png + +.. figure:: /_static/images/cloud-azure-vnet-04.png + +.. figure:: /_static/images/cloud-azure-vnet-05.png + +- Click **Review + Create** and then **Create**. + + +Step 3: Create and configure Network Security Group (NSG) +----------- + +- In the Azure Portal, search for and select **Network Security Groups**. + +- On the **Network Security Groups** page, select **+ Create**. + +Enter the details: + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select ``VyOSResourceGroup`` + +- **Name**: e.g., ``VyOS-SecurityGroup`` + +- **Region**: e.g., ``West Europe``. + +.. figure:: /_static/images/cloud-azure-sg-01.png + +- Click **Review + Create** and then **Create**. + +**Add inbound rules**: + +- Navigate to the **Network Security Groups** select **VyOS-SecurityGroup** go to **Inbound security rules** under **Settings** + +.. figure:: /_static/images/cloud-azure-sg-02.png + +**Add Rule Example:** + +- **Rule 1**: AllowSSH + + - **Port**: 22 + + - **Protocol**: TCP + + - **Source**: Any + + - **Priority**: 1001 + +**Add Additional Rules**: + +You can add inbound rules based on your specific services, such as: + + - ESP + + - OpenVPN + + - WireGuard, etc. + +.. figure:: /_static/images/cloud-azure-sg-03.png + +**Associate subnets**: + +- Navigate to the **Network Security Groups**, select **Subnets** click **+ Associate** button. Then select your virtual network and the subnet to which you want to associate the NSG. Select **OK**: + +.. figure:: /_static/images/cloud-azure-sg-04.png + + +Step 4: Create Public IP Address +----------- + +- In the Azure Portal, search for and select **Public IP Addresses**. + +- On the **Public IP Addresses** page, select **+ Create**. + +- Provide the following details: + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select ``VyOSResourceGroup`` + +- **Region**: ``West Europe`` + +.. figure:: /_static/images/cloud-azure-pub-ip-01.png + +- **Name**: ``VyOS-Pub-IP`` + +- **IP Version**: ``IPv4`` + +- **SKU**: ``Standard`` + +- **Availability zone**: Select Availability Zone + +.. figure:: /_static/images/cloud-azure-pub-ip-02.png + +- **IP address assignment**: ``Static`` + +- **Idle timeout (minutes)** ``30`` (max) + +.. figure:: /_static/images/cloud-azure-pub-ip-03.png + +- Click **Review + Create**, then **Create**. + + +Step 5: Deploy the VyOS Network Virtual Machine (NVA) +----------- + +- In the Azure Portal, search for and select **Virtual Machines**. + +- On the **Virtual Machines** page, click **+ Create** and select **Azure virtual machine**. + +- Provide the following details: + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select ``VyOSResourceGroup`` + +- **Virtual machine name**: e.g., ``VyOS`` + +- **Region**: e.g., ``West Europe`` + +- **Security type**: ``Standard`` + +- **Image**: ``VyOS`` (On the marketplace search ``VyOS`` and choose the appropriate subscription). + +.. figure:: /_static/images/cloud-azure-vm-01.png + +- **Size**: Select a VM size to support the workload that you want to run. The size that you choose then determines factors such as processing power, memory, and storage capacity. + +.. figure:: /_static/images/cloud-azure-vm-02.png + +- **Password/SSH Key**: Choose whether the administrator account will use username/password or SSH keys for authentication. + +- **Username**: The administrator username for the VM, e.g., ``vyos``. + +- **SSH Key**: You can use your existing SSH key pair or Azure automatically generates it for you and allows you to store it for future use. + +.. figure:: /_static/images/cloud-azure-vm-03.png + +- **Virtual network**: Select ``VyOS-VirtualNetwork``. + +- **Subnet**: Select ``VyOS-Public-Subnet``. + +- **Public IP**: Select public IP address which created before ``VyOS-Pub-IP``. + +.. figure:: /_static/images/cloud-azure-vm-04.png + +- **Configure network security group**: Select existing Security Group ``VyOS-SecurityGroup``. + +.. figure:: /_static/images/cloud-azure-vm-05.png + +- Click **Review + Create**, then **Create**. + +- Click **Download the private key and create resource** this will download private key to your computer and start creating Virtual Machine. + +.. figure:: /_static/images/cloud-azure-vm-06.png + +- Wait until deployment is complete. After the deployment complete navigate to **Virtual Machines** click new created Virtual Machine. Check **Public IP address**. + +.. figure:: /_static/images/cloud-azure-vm-07.png + + +Step 6: Access the VyOS instance +----------- + +- Access the VyOS instance using **SSH** protocol, **Public IP Address**, **Private Key**: .. code-block:: none - ssh -i ~/.ssh/vyos_azure vyos@203.0.113.3 - vyos@vyos-doc-r1:~$ + $ ssh vyos@51.124.120.235 -i vyos_key.pem + vyos@VyOS:~$ -Add interface +Step 7: Enable IP Forwarding in Network Interface +----------- + +This option allows the virtual machine on this network interface to act as a router and receive traffic addressed to other destinations. + +- On the **Virtual Machines** page, select ``VyOS`` VM, under **Networking** tab select **Network settings**, click network interface. + +.. figure:: /_static/images/cloud-azure-vm-12.png + +- Enable IP forwarding and click the **Apply** button. + +.. figure:: /_static/images/cloud-azure-vm-13.png + +Step 8: Create and attach the second network interface (optional) ------------- -If instance was deployed with one **eth0** ``WAN`` interface and want to add +Now instance has been deployed with one **eth0** ``WAN`` interface and want to add new one. To add new interface an example **eth1** ``LAN`` you need shutdown the instance. Attach the interface in the Azure portal and then start the instance. .. note:: Azure does not allow you attach interface when the instance in the **Running** state. -Absorbing Routes + +Create network interface: +^^^^^^^^^^^^^^ + +- In the Azure Portal, search for and select **Network Interfaces**. + +- On the **Network Interfaces** page, select **+ Create**. + +.. figure:: /_static/images/cloud-azure-nic-01.png + +- **Subscription**: Select your Subscription + +- **Resource Group**: Select ``VyOSResourceGroup`` + +- **Name**: ``VyOS-PRIV-NIC`` + +- **Subnet**: ``VyOS-Private-Subnet`` + +- **Private IP**: ``Dynamic`` + +- Click **Review + Create**, then **Create** + +.. figure:: /_static/images/cloud-azure-nic-02.png + +- Enable **IP Forwarding** + +- Navigate to **Network Interfaces** select ``VyOS-PRIV-NIC`` + +.. figure:: /_static/images/cloud-azure-nic-03.png + +- Go to **Settings**, select **IP configurations**. Enable IP Forwarding and select **Apply**. + +.. figure:: /_static/images/cloud-azure-nic-04.png + + +Attach reate network interface: +^^^^^^^^^^^^^^ + +- Navigate to **Virtual Machines**, click new created Virtual Machine and click the **Stop** button + +.. figure:: /_static/images/cloud-azure-vm-08.png + +- Go to **Networking** select **Network settings** and then select **Attach network interface** + +.. figure:: /_static/images/cloud-azure-vm-09.png + +- Select existing (before created) network interface ``VyOS-PRIV-NIC`` and click the **OK** button. + +.. figure:: /_static/images/cloud-azure-vm-10.png + +- Now you have attached second interface to your instance and you can start Virtual Machine. + +- Go to **Overview** and click the **Start** button. + +.. figure:: /_static/images/cloud-azure-vm-11.png + + +Setp 8: Absorbing Routes ---------------- -If using as a router, you will want your LAN interface to absorb some or all of the traffic from your VNET by using a route table applied to the subnet. +To route traffic from your Virtual Network (VNET) through the LAN interface of your VyOS Network Virtual Appliance (NVA), you need to create and configure a custom route table in Azure. + +- Step-by-Step Instructions: + +- Navigate to **Route Tables** and click **+ Create**. + +Provide the following details: + + - **Subscription**: Select your Subscription + + - **Resource Group**: Select ``VyOSResourceGroup`` + + - **Name**: ``Route-VyOS`` + + - **Region**: e.g., ``West Europe`` + +.. figure:: /_static/images/cloud-azure-route-01.png + +- Click **Review + Create**, then **Create**. -1. Create a route table and browse to **Configuration** +**Add a Route**: -2. Add one or more routes for networks you want to pass through the VyOS VM. Next hop type **Virtual Appliance** with the **Next Hop Address** of the VyOS ``LAN`` interface. +- Navigate to **Route Tables** and click the new created route (``Route-VyOS``). + +- Go to **Routes** and click **+ Add** button. + +.. figure:: /_static/images/cloud-azure-route-02.png + +Add following parameters: + +- **Name**: ``Default-Route`` + +- **Destination type**: ``IP Addresses`` + +- **Destination IP addresses/CIDR ranges**: ``0.0.0.0/0`` + +- **Next Hop Type**: ``Virtual Appliance`` + +- **Next Hop IP Address**: ``10.1.11.4`` (The private Network Interface Card IP Address) + +.. figure:: /_static/images/cloud-azure-route-03.png + +- Click the **Add** button. + +**Associate the Route Table with subnet**: + +- Navigate to **Route Tables** and click the new created route (``VyOSResourceGroup``). + +- Go to **Subnets** and click **+ Associate** button. + +.. figure:: /_static/images/cloud-azure-route-04.png + +- **Virtual network**: Select ``VyOS-VirtualNetwork``. + +- **Subnet**: Select ``VyOS-Public-Subnet``. + +.. figure:: /_static/images/cloud-azure-route-05.png .. note:: If you want to create a new default route for VMs on the subnet, use **Address Prefix** ``0.0.0.0/0`` Also note that if you want to use this as a typical edge device, you'll want masquerade NAT for the ``WAN`` interface. -Serial Console + +Deploy VyOS Instance and Required Resources Automatically (via Terraform) -------------- -Azure has a way to access the serial console of a VM, but this needs to be configured on the VyOS. It's there by default, but keep it in mind if you are replacing config.boot and rebooting: ``set system console device ttyS0 speed '9600'`` +You can deploy a VyOS instance and its associated resources in **Azure** using Terraform modules available in the GitHub repository. +All necessary parameters will be configured automatically, and you will receive **management and access information** from the outputs. + +You can also edit/change these parameters based on your requirements. + +- Download/Clone the Repository following GitHub repository: + +https://github.com/vyos/vyos-automation/tree/main/Terraform/Azure + -References ----------- -https://azure.microsoft.com