Using CloudEOS and vEOS Router on the AWS Platform

The CloudEOS and vEOS Router, based on the Arista EOS, runs as a virtual machine instance on AWS EC2. Use the CloudEOS and vEOS Router to create the various types of virtual machine router instances for AWS deployment, for example, gateway routers and transit routers.

CloudEOS and vEOS Router Image Updates

The process to update CloudEOS and vEOS Router images is the standard update process used for EOS images.

For details on the steps to use, refer to the Arista EOS User Manual (see https://www.arista.com/en/support/product-documentation).

Amazon Machine Image (AMI) Specifications

The AMI provided by Arista utilizes the architecture, type of root device, virtualization type, and interface type required to configure the CloudEOS and vEOS Router for a robust AWS deployment.

The specifications of the Arista AMI are:

Methods for Launching CloudEOS and vEOS Router Instances

Launching CloudEOS and vEOS Router Instances Using AWS CloudFormation

 

Using AWS CloudFormation to launch CloudEOS and vEOS Router instances involves creating a CloudFormation stack to use to launch the instance. The created stack provides the base configuration for the instance. As part of this task, select a stack template, which defines the base configuration of the instance.

Make sure to select the stack template that provides the resources required for the instances that are launching. Templates can be obtained from https://github.com/aristanetworks. For more information about AWS CloudFormation stacks and using stack templates, refer to the AWS documentation (see https://aws.amazon.com/documentation/cloudformation/).

Complete these steps to launch CloudEOS and vEOS Router instances using AWS CloudFormation.

  1. Log in to the Amazon Management Console.
  2. Choose Services > CloudFormation.
    The CloudFormation page appears showing the current stacks available to use.
  3. Click on the Create Stack button.
    The page refreshes to show the templates that are available to use to create a new stack.
  4. Select a nic template for upload, and then click on the Next button.
    Note: Templates can be found in the docs directory. Press Select to choose the desired AMI.
    The page refreshes showing the options for specifying the details for the stack.
  5. Enter the Stack Name, Subnet IP Block for each interface, VPC ID, KeyPair Name, UserData in base64 format, AMI ID. (To convert UserData from text to base64 format, use a base64 command on MacOS or Linux machine.)
    # base64
    %EOS-STARTUP-CONFIG-START%
    hostname myhost
    %EOS-STARTUP-CONFIG-END%
    <Press CTRL+D>
    JUVPUy1TVEFSVFVQLUNPTkZJRy1TVEFSVCUKaG9zdG5hbWUgbXlob3N0CiVFT1MtU
    1RBUlRVUC1DT05GSUctRU5EJQo=
     
  6. Review the details and make changes if needed.
  7. Click the Create button to create the stack.
  8. Wait for the stack creation to complete. Resources created as part of the stack creation process can be viewed in the Resource tab.
  9. Click on the CloudEOS and vEOS Router instance ID to view the status of CloudEOS and vEOS Router instance. The instance ID is shown in the Physical ID column of the Resources tab.

    Recommended Usage

    AWS cannot auto-assign a public IPv4 address if an EC2 instance is launched or started from the stopped state with multiple network interfaces attached to it. In such cases, the user cannot connect to the instance over IPv4 unless an Elastic IP address is assigned to the primary network interface (eth0). If the user does not want to associate an Elastic IP address with the CloudEOS and vEOS Router instance, then it is recommended to attach any additional interface only when the instance is in running state and never to stop and start your instance from thereon. The user may reboot the instance either from AWS console or from within CloudEOS and vEOS Router using the CLI or bash commands because the instance reboot does not cause the public IPv4 address to be released as opposed to instance stop. To associate Elastic IP address to your instance or primary network interface, refer to https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html

Launching CloudEOS and vEOS Router Instances Using EC2 AWS Marketplace

 

Launching CloudEOS and vEOS Router instances using the EC2 AWS Marketplace gives the ability to create and configure CloudEOS and vEOS Router instances in the VPCs of your AWS deployment. This method utilizes Amazon Machine Images (AMIs) to configure the operating system of the instance. Obtain the AMI needed for the instance from the AWS Marketplace. This task involves creating an EC2 key pair, selecting the AMI to configure the operating system of the instance, selecting the instance type, and if needed, configuring advanced details (options) for the instance.

Available Options

During this configuration procedure, choose to configure some options to take advantage of certain features. These optional configuration items are:
  • Assigning an IAM role to the instance
    To enable AWS services on the instance (for example, AWS CloudWatch logs) assign an IAM role to the instance during this procedure. Assign an IAM role to the instance by:
  • Using instance user-data to configure the instance

    CloudEOS and vEOS supports the use of CloudEOS and vEOS Router instance user-data to configure CloudEOS and vEOS Router instances at launch. This involves uploading instance user-data to the instance by way of the Advanced Details dialog. There is an option of copying and pasting a configuration into the dialog or attaching a configuration file.

    For details on composing user data for CloudEOS and vEOS Router, see Using User-data for Configuration of Entities and CloudEOS and vEOS Router Instances.

Complete the following steps to launch a CloudEOS and vEOS Router instances.

  1. Log in to the Amazon Management Console.
  2. Create an EC2 key pair and download the .pem file that contains the private key. (The .pem file may download automatically.)
  3. Go to the EC2 Dashboard.
  4. From the EC2 Dashboard, click Instances in the left pane.
    The Launch Instance page appears.
  5. Click on the Launch Instance button.
    The page appears for you to select an AMI.
  6. Click on AWS Marketplace in the left pane.
    Search for Arista CloudEOS and vEOS Router in the search field to bring up the available CloudEOS and vEOS AMIs to use. Select the appropriate AMI for launching.
  7. A screen appears showing the user highlights, pricing details and instance types available. Press the Continue button to advance.
  8. Click in the left pane.
    The Choose an Instance Type page appears.
  9. Select an instance type that meets the requirements for the CloudEOS and vEOS Router instance.
  10. Click on the Next: Configure Instance Details button (lower right part of the page).
    The Configure Instance Details page appears.
  11. (Optional) Create a new IAM role or select an existing IAM role. (This is required to enable AWS services on the instance, for example, AWS CloudWatch logs.)
  12. (Optional) To configure advanced details for the instance, scroll down to the bottom of the page and click on the Advanced Details button.
    The Advanced Details dialog appears. You use the dialog to upload user-data to configure the instance.

    Do one of the following to configure the instance using user-data:

    • Choose the Text option, and then copy-and-paste startup-config in the text box.
    • Attach the configuration as a file by clicking on the file, and then choose the configuration file to be uploaded.

    For details on composing user data for CloudEOS and vEOS Router, see Using User-data for Configuration of Entities and CloudEOS and vEOS Router Instances.

  13. From the Configure Instance Details page, click the Review and Launch button.
    The Review Instance Launch page appears.
  14. Click on the Launch button.
    A dialog appears for selecting a key pair.
  15. Using the Select a key pair menu, select the key pair created earlier in the procedure. In this example, the key pair is named "systest."
  16. Select the acknowledgment (near the bottom of the dialog), and then click on the Launch Instances button.
    The Launch Status page appears showing the status of the instance. The deployment takes a few minutes to complete.
  17. Click on the blue link to the instance to view details about the instance. (The link is in the "Your instances are now launching" box near the top of the page.)
    The page shows the details for the instance.
  18. Make sure the Instance State shows running. Wait for the status to update to running.
  19. (Optional) To use the existing subnet and security group for the instance, record the subnet and security group. This information is required when configuring the network interfaces to be attached to the instance.
  20. (Optional) Click on the Connect button near the top of the page.
    The Connect to Your Instance dialog appears.
  21. Connect to the instance using the public or private IP address of the instance. The correct syntax is: ssh -i <privateKey.pem> 이 이메일 주소가 스팸봇으로부터 보호됩니다. 확인하려면 자바스크립트 활성화가 필요합니다.
    Example:
    #ssh -i <privateKey.pem> 이 이메일 주소가 스팸봇으로부터 보호됩니다. 확인하려면 자바스크립트 활성화가 필요합니다.

Complete the networking tasks for the CloudEOS and vEOS Router instances in the gateway topology (see Network Configuration Tasks for CloudEOS and vEOS Router Instances).

Configuring the AWS CloudWatch Logs Agent

 

The AWS CloudWatch Logs Agent is the mechanism that publishes CloudEOS and vEOS Router logs to AWS CloudWatch. Configuring the AWS CloudWatch Logs Agent ensures that the CloudEOS and vEOS Router logs published to AWS CloudWatch conform to the selected requirements. The AWS CloudWatch Logs Agent is packaged with the awslogs.swix CloudEOS and vEOS extension, which is installed and enabled by default when the CloudEOS and vEOS Router instances launch through the AWS Marketplace.

Refer to the “AWS CloudWatch Quick Start Guide” to make sure that the CloudEOS and vEOS Router instance has the right credentials for logging in to AWS.

Note: To manually install or uninstall the awslogs.swix CloudEOS and vEOS extension, see https://aristanetworks.force.com/AristaCommunity/s/article/packaging-and-installing-eos-extensions. To obtain the awslogs.swix CloudEOS and vEOS extension, contact Arista TAC if required.
Where to find CloudEOS and vEOS Router logs

The location where CloudEOS and vEOS Router logs are published to depends on the AWS CloudWatch Logs configuration. By default, the logs are located under CloudWatch, "log group, name CloudEOS and vEOSlogs.

Modifying AWS log configuration
Modify the AWS log configuration by:
  • Editing configuration files under the /mnt/flash/awslogs/ directory.
  • Passing instance user-data. Make sure to use the correct start and end markers, which are:
    
    %AWSLOGS-CONFIG-START% 
     #configuration here 
     %AWSLOGS-CONFIG-END% 
     %AWS-PROXY-START% 
     #configuration here 
     %AWS-PROXY-END% 
    Note: Restart awslogs using sudo systemctl restart awslogs under bash. The reconfiguration does not take effect until awslogs restarts.
CloudEOS and vEOS Router log filenames

By default, the hostname of the CloudEOS and vEOS Router instance is the filename of all CloudEOS and vEOS Router logs for that instance.

Network Configuration Tasks for CloudEOS and vEOS Router Instances

Complete additional configuration tasks to ensure that the CloudEOS and vEOS Router instances launched have the required networking configuration. The configuration tasks include creating the additional network interfaces required by the topology, attaching the new interfaces to CloudEOS and vEOS Router instances, and configuring the route table of the AWS Specific Cloud Router.

Creating the Additional Network Interfaces

Creating the additional network interfaces required for the topology ensures that there are interfaces available to attach to CloudEOS and vEOS Router instances. When creating the new network interfaces, there is the option of using the subnet and security groups that were automatically assigned to the instance, or specify a different subnet and security groups for the instance.

Pre-requisites:

To use the existing subnet and security group for the CloudEOS and vEOS Router instance, make sure to have the following information:
  • Subnet ID
  • Names of the security groups
Obtain this information by viewing the instance details.

Procedure

Complete these steps to create network interfaces.

  1. Go to the EC2 Dashboard.
  2. In the NETWORK & SECURITY menu on the left part of the page, select Network Interfaces.
    The page refreshes to show all of the current network interfaces.
  3. Select the Create Network Interface button.
    The Create Network Interface dialog appears.
  4. Do the following:
    1. Enter a description for the network interface.
    2. Select the subnet for the network interface. (This can be the existing subnet for the CloudEOS and vEOS Router instance or a different subnet.)
    3. Type the names of the security groups for the network interface. (Specify the existing security groups for the CloudEOS and vEOS Router instance, or different security groups.)
  5. Select the Yes, Create button.
    The new network interface is added to the list of interfaces on the page.
  6. Repeat steps 3 through 5 to create additional interfaces as needed.
  7. For each network interface created, complete steps a and b:
    1. Select the interface, then choose Actions > Change Source/Dest Check.
      The Change Source/Dest Check dialog appears showing the selected name of the network interface.
    2. Select the Disabled option, then click on the Save button.

Attach the new network interface to a CloudEOS and vEOS Router instance (see Attaching the New Network Interfaces to Instances).

Attaching the New Network Interfaces to Instances

 

Attaching the new network interfaces to CloudEOS and vEOS Router instances is the second networking configuration task. This task involves selecting the new network interfaces created in the previous procedure and then attaching the interfaces to CloudEOS and vEOS Router instances.

Complete these steps to attach the new network interfaces to CloudEOS and vEOS Router instances.

  1. Go to the EC2 Dashboard.
  2. Open the INSTANCES menu on the left side of the page, then click Instances.
    The page lists all of the current network interfaces.
  3. Select the CloudEOS and vEOS Router instance to attach a newly created network interface.
  4. Choose Actions > Networking > Attach Network Interface.
    The Attach Network Interface dialog appears.
  5. Using the Network Interface menu, select the new network interface created to attach to the instance.
  6. Click the Attach button.
  7. Use the show interfaces command on the CloudEOS and vEOS Router instance to view the new network interfaces created.
    Example
    CloudEOS and switch#show interfaces
    Ethernet1 is up, line protocol is up (connected)
     Hardware is Ethernet, address is 0235.4079.d2a8 (bia 0235.4079.d2a8)
     Ethernet mtu 8973 bytes, BW 10000000 kbit
     Full-duplex, 10Gb/s, auto negotiation: off, uni-link: n/a
     Up 20 minutes, 42 seconds
     [...]
    Ethernet2 is up, line protocol is up (connected)
     Hardware is Ethernet, address is 0287.4ba7.1f88 (bia 0287.4ba7.1f88)
     Ethernet mtu 8973 bytes, BW 10000000 kbit
     Full-duplex, 10Gb/s, auto negotiation: off, uni-link: n/a
     Up 20 minutes, 42 seconds
  8. Repeat steps 1 through 7 as needed to attach new network interfaces to instances.

Configure the route table of the AWS Router (see Configuring the Route Table of the AWS Router).

Configuring the Route Table of the AWS Router

 

To take advantage of the advanced services provided by CloudEOS and vEOS, configure the route table of the AWS Router so that traffic is forwarded from the AWS Router to CloudEOS and vEOS Router instances. This task involves logging into the AWS Router and modifying route table entries for the CloudEOS and vEOS Router instances to which you want traffic forwarded.

Complete these steps to configure the route table of the AWS router.

  1. Log in to the AWS Router.
  2. Select the network interface that is attached to a CloudEOS and vEOS Router instance.
  3. Obtain the Subnet ID and the route table ID that corresponds to the subnet in which the CloudEOS and vEOS Router instance resides.
    Example:
    Subnet ID (subnet-1c68b744).
    Route table ID (rtb-934cf9f7).
  4. Edit the route table entry so that it points to the corresponding interface of the CloudEOS and vEOS Router in that subnet.
    Example
    To reach any subnet other than 10.2.0.0/24, enter the Target to be the network interface ID of the locally connected interface of the CloudEOS and vEOS Router.
  5. (Optional) Repeat steps 2 through 4 to modify route table entries for additional CloudEOS and vEOS Router instances.

Configure the AWS CloudWatch Logs Agent (see Configuring the AWS CloudWatch Logs Agent). Configuring the Agent ensures that the CloudEOS and vEOS Router logs publish to AWS.

CloudEOS Router Startup-Configuration using Instance Custom-Data

CloudEOS and vEOS supports configuration of startup-configuration, AWS CloudWatch, and Cloud HA through the use of user-data. Because user-data can be used to pass in configurations; administrators can take advantage of this feature to quickly configure CloudEOS and vEOS Router instances, AWS CloudWatch, and Cloud HA.

Note: It is recommended to test CloudEOS and vEOS Router configurations on a CloudEOS and vEOS Router or EOS device before using them to deploy a new CloudEOS and vEOS Router.
Requirements for Uploading User-data

To ensure that the user-data is accepted on upload, make sure the user-data meets the following requirements:

  • The configuration must be separated by start and end markers.
  • Markers are required at the beginning of the line.
  • You must upload either text or configuration files (these are the types of files supported by CloudEOS and vEOS Router).

EOS configuration for all interfaces can be passed in during deployment. The configuration takes effect as new interfaces attach to the CloudEOS and vEOS Router.

List of Start and End Markers to Use

This table lists the start and end markers to use when configuring the EOS, AWS, Cloudwatch, and Cloud HA entities. For each specific entity, the configuration file and the location (file path) of the configuration file are given.

Table 1. List of Start and End Markers to Use
Entity / Configuration File / Use Markers File Path

Entity: EOS

File: EOS CLI configuration file

Use: Configure CloudEOS and vEOS Router

%EOS-STARTUP-CONFIG-START%

 

%EOS-STARTUP-CONFIG-END%
N/A

Entity: EOS

File: EOS CLI configuration file

Use: %FORCE_USER_DATA% will forcibly apply the Arista startup configs in the user custom data under the %EOS-STARTUP-CONFIG-START% and%EOS-STARTUP-CONFIG-END% ) even when it is not a first time boot of the instance.

%FORCE_USER_DATA% N/A

Entity: AWS Logs

File: aws.conf

Use: Set up AWS region

%AWS-CONFIG-START%

 

%AWS-CONFIG-END%
/mnt/flash/awslogs/aws.conf

Entity: AWS Logs

File: awslogs.conf

Use: Configure logging parameters

%AWSLOGS-CONFIG-START%

 

%AWSLOGS-CONFIG-END%
/mnt/flash/awslogs/awsconf.conf

Entity: AWS Logs

File: proxy.conf

Use: Configure proxy settings

%AWS-PROXY-START%

 

%AWS-PROXY-END%
/mnt/flash/awslogs/proxy.conf

Sample Instance User-data

The following sample user-data contains lines to startup the instance and to configure various entities.

The sample contains lines to configure:

  • AWS CloudWatch logs (for the us-east-1 region)
  • AWS logging parameters
  • AWS proxy settings

Sample


%EOS-STARTUP-CONFIG-START%
! EOS startup config
hostname my-veos
username admin nopassword
username admin sshkey file flash:key.pub
%EOS-STARTUP-CONFIG-END%

%AWS-CONFIG-START%
[plugins]
cwlogs = cwlogs
[default]
region = us-east-1
%AWS-CONFIG-END%

%AWSLOGS-CONFIG-START%
[general]
state_file = /var/awslogs/state/agent-state
[/var/log/messages]
datetime_format = %b %d %H:%M:%S
file = /var/log/messages
buffer_duration = 5000
log_group_name = veoslogs
log_stream_name = {hostname}
initial_position = start_of_file
%AWSLOGS-CONFIG-END%

%AWS-PROXY-START%
HTTP_PROXY=http://<your_proxy>:<your_proxy_port>
HTTPS_PROXY=http://<your_proxy>:<your_proxy_port>
NO_PROXY=169.254.169.254
%AWS-PROXY-END%