Using CloudEOS and vEOS Router on the AWS Platform
The CloudEOS and vEOS Router, based on the Arista EOS, runs as a virtual machine instance on AWS EC2. Use the CloudEOS and vEOS Router to create the various types of virtual machine router instances for AWS deployment, for example, gateway routers and transit routers.
CloudEOS and vEOS Router Image Updates
The process to update CloudEOS and vEOS Router images is the standard update process used for EOS images.
For details on the steps to use, refer to the Arista EOS User Manual (see https://www.arista.com/en/support/product-documentation).
Amazon Machine Image (AMI) Specifications
The AMI provided by Arista utilizes the architecture, type of root device, virtualization type, and interface type required to configure the CloudEOS and vEOS Router for a robust AWS deployment.
The specifications of the Arista AMI are:
- Architecture: x86_64
- Virtualization type: HVM
- Root Device Type: EBS
- Network Interface type: SR-IOV, ENA (Elastic Network Adapter)
- Supported Region: All AWS regions except China and Osaka. Please consult the official listing for all AWS regions here: https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
Methods for Launching CloudEOS and vEOS Router Instances
The CloudEOS and vEOS Router supports the use of various methods for launching router instances needed in a typical AWS deployment.
The supported methods are:
Launching CloudEOS and vEOS Router Instances Using AWS CloudFormation
Using AWS CloudFormation to launch CloudEOS and vEOS Router instances involves creating a CloudFormation stack to use to launch the instance. The created stack provides the base configuration for the instance. As part of this task, select a stack template, which defines the base configuration of the instance.
Make sure to select the stack template that provides the resources required for the instances that are launching. Templates can be obtained from https://github.com/aristanetworks. For more information about AWS CloudFormation stacks and using stack templates, refer to the AWS documentation (see https://aws.amazon.com/documentation/cloudformation/).Complete these steps to launch CloudEOS and vEOS Router instances using AWS CloudFormation.
Launching CloudEOS and vEOS Router Instances Using EC2 AWS Marketplace
Launching CloudEOS and vEOS Router instances using the EC2 AWS Marketplace gives the ability to create and configure CloudEOS and vEOS Router instances in the VPCs of your AWS deployment. This method utilizes Amazon Machine Images (AMIs) to configure the operating system of the instance. Obtain the AMI needed for the instance from the AWS Marketplace. This task involves creating an EC2 key pair, selecting the AMI to configure the operating system of the instance, selecting the instance type, and if needed, configuring advanced details (options) for the instance.
Available Options
- Assigning an IAM role to the instance
To enable AWS services on the instance (for example, AWS CloudWatch logs) assign an IAM role to the instance during this procedure. Assign an IAM role to the instance by:
- Selecting an existing IAM role.
- Creating a new IAM role (an option is provided as part of the procedure to create a new IAM role).
Refer to the following AWS documentation for details about creating EC2 key pairs and creating IAM roles:
- Creating EC2 key pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html).
- Creating an IAM role (https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/QuickStartEC2Instance.html).
- Using instance user-data to configure the instance
CloudEOS and vEOS supports the use of CloudEOS and vEOS Router instance user-data to configure CloudEOS and vEOS Router instances at launch. This involves uploading instance user-data to the instance by way of the Advanced Details dialog. There is an option of copying and pasting a configuration into the dialog or attaching a configuration file.
For details on composing user data for CloudEOS and vEOS Router, see Using User-data for Configuration of Entities and CloudEOS and vEOS Router Instances.
Complete the following steps to launch a CloudEOS and vEOS Router instances.
Complete the networking tasks for the CloudEOS and vEOS Router instances in the gateway topology (see Network Configuration Tasks for CloudEOS and vEOS Router Instances).
Configuring the AWS CloudWatch Logs Agent
The AWS CloudWatch Logs Agent is the mechanism that publishes CloudEOS and vEOS Router logs to AWS CloudWatch. Configuring the AWS CloudWatch Logs Agent ensures that the CloudEOS and vEOS Router logs published to AWS CloudWatch conform to the selected requirements. The AWS CloudWatch Logs Agent is packaged with the awslogs.swix CloudEOS and vEOS extension, which is installed and enabled by default when the CloudEOS and vEOS Router instances launch through the AWS Marketplace.
Refer to the “AWS CloudWatch Quick Start Guide” to make sure that the CloudEOS and vEOS Router instance has the right credentials for logging in to AWS.
The location where CloudEOS and vEOS Router logs are published to depends on the AWS CloudWatch Logs configuration. By default, the logs are located under CloudWatch, "log group, name CloudEOS and vEOSlogs.
- Editing configuration files under the /mnt/flash/awslogs/ directory.
- Passing instance user-data. Make sure to use the correct start and end markers, which are:
%AWSLOGS-CONFIG-START% #configuration here %AWSLOGS-CONFIG-END% %AWS-PROXY-START% #configuration here %AWS-PROXY-END%
Note: Restart awslogs using sudo systemctl restart awslogs under bash. The reconfiguration does not take effect until awslogs restarts.
By default, the hostname of the CloudEOS and vEOS Router instance is the filename of all CloudEOS and vEOS Router logs for that instance.
Network Configuration Tasks for CloudEOS and vEOS Router Instances
Complete additional configuration tasks to ensure that the CloudEOS and vEOS Router instances launched have the required networking configuration. The configuration tasks include creating the additional network interfaces required by the topology, attaching the new interfaces to CloudEOS and vEOS Router instances, and configuring the route table of the AWS Specific Cloud Router.
Creating the Additional Network Interfaces
Creating the additional network interfaces required for the topology ensures that there are interfaces available to attach to CloudEOS and vEOS Router instances. When creating the new network interfaces, there is the option of using the subnet and security groups that were automatically assigned to the instance, or specify a different subnet and security groups for the instance.
Pre-requisites:
- Subnet ID
- Names of the security groups
Procedure
Complete these steps to create network interfaces.
Attach the new network interface to a CloudEOS and vEOS Router instance (see Attaching the New Network Interfaces to Instances).
Attaching the New Network Interfaces to Instances
Attaching the new network interfaces to CloudEOS and vEOS Router instances is the second networking configuration task. This task involves selecting the new network interfaces created in the previous procedure and then attaching the interfaces to CloudEOS and vEOS Router instances.
Complete these steps to attach the new network interfaces to CloudEOS and vEOS Router instances.
Configure the route table of the AWS Router (see Configuring the Route Table of the AWS Router).
Configuring the Route Table of the AWS Router
To take advantage of the advanced services provided by CloudEOS and vEOS, configure the route table of the AWS Router so that traffic is forwarded from the AWS Router to CloudEOS and vEOS Router instances. This task involves logging into the AWS Router and modifying route table entries for the CloudEOS and vEOS Router instances to which you want traffic forwarded.
Complete these steps to configure the route table of the AWS router.
Configure the AWS CloudWatch Logs Agent (see Configuring the AWS CloudWatch Logs Agent). Configuring the Agent ensures that the CloudEOS and vEOS Router logs publish to AWS.
CloudEOS Router Startup-Configuration using Instance Custom-Data
CloudEOS and vEOS supports configuration of startup-configuration, AWS CloudWatch, and Cloud HA through the use of user-data. Because user-data can be used to pass in configurations; administrators can take advantage of this feature to quickly configure CloudEOS and vEOS Router instances, AWS CloudWatch, and Cloud HA.
To ensure that the user-data is accepted on upload, make sure the user-data meets the following requirements:
- The configuration must be separated by start and end markers.
- Markers are required at the beginning of the line.
- You must upload either text or configuration files (these are the types of files supported by CloudEOS and vEOS Router).
EOS configuration for all interfaces can be passed in during deployment. The configuration takes effect as new interfaces attach to the CloudEOS and vEOS Router.
This table lists the start and end markers to use when configuring the EOS, AWS, Cloudwatch, and Cloud HA entities. For each specific entity, the configuration file and the location (file path) of the configuration file are given.
Entity / Configuration File / Use | Markers | File Path |
---|---|---|
Entity: EOS File: EOS CLI configuration file Use: Configure CloudEOS and vEOS Router |
%EOS-STARTUP-CONFIG-START%
%EOS-STARTUP-CONFIG-END% |
N/A |
Entity: EOS File: EOS CLI configuration file Use: %FORCE_USER_DATA% will forcibly apply the Arista startup configs in the user custom data under the %EOS-STARTUP-CONFIG-START% and%EOS-STARTUP-CONFIG-END% ) even when it is not a first time boot of the instance. |
%FORCE_USER_DATA% |
N/A |
Entity: AWS Logs File: aws.conf Use: Set up AWS region |
%AWS-CONFIG-START%
%AWS-CONFIG-END% |
/mnt/flash/awslogs/aws.conf |
Entity: AWS Logs File: awslogs.conf Use: Configure logging parameters |
%AWSLOGS-CONFIG-START%
%AWSLOGS-CONFIG-END% |
/mnt/flash/awslogs/awsconf.conf |
Entity: AWS Logs File: proxy.conf Use: Configure proxy settings |
%AWS-PROXY-START%
%AWS-PROXY-END% |
/mnt/flash/awslogs/proxy.conf |
Sample Instance User-data
The following sample user-data contains lines to startup the instance and to configure various entities.
The sample contains lines to configure:
- AWS CloudWatch logs (for the us-east-1 region)
- AWS logging parameters
- AWS proxy settings
Sample
%EOS-STARTUP-CONFIG-START%
! EOS startup config
hostname my-veos
username admin nopassword
username admin sshkey file flash:key.pub
%EOS-STARTUP-CONFIG-END%
%AWS-CONFIG-START%
[plugins]
cwlogs = cwlogs
[default]
region = us-east-1
%AWS-CONFIG-END%
%AWSLOGS-CONFIG-START%
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
datetime_format = %b %d %H:%M:%S
file = /var/log/messages
buffer_duration = 5000
log_group_name = veoslogs
log_stream_name = {hostname}
initial_position = start_of_file
%AWSLOGS-CONFIG-END%
%AWS-PROXY-START%
HTTP_PROXY=http://<your_proxy>:<your_proxy_port>
HTTPS_PROXY=http://<your_proxy>:<your_proxy_port>
NO_PROXY=169.254.169.254
%AWS-PROXY-END%