/terraform-alicloud-hybrid-cloud-network

Primary LanguageHCLApache License 2.0Apache-2.0

Terraform module to build hybrid cloud/multi-cloud network for Alibaba Cloud

terraform-alicloud-hybrid-cloud-network

English | 简体中文

This Module focuses on scenarios where it is necessary to orchestrate business collaboration across on-premises and cloud environments or across multiple clouds. We will explore how to leverage direct physical lines and Alibaba Cloud's networking products to rapidly construct a secure, stable, and elastic network for hybrid/multi-cloud collaboration. This is intended to facilitate and satisfy our clients’ cloud adoption journey.

Operational Workflow Overview:

  1. Establish connectivity between IDC/third-party cloud providers and Alibaba Cloud's Direct Connect endpoints using physical dedicated lines.
  2. Based on the dedicated connection, create Virtual Border Routers (VBRs) on demand, ensuring logical isolation between different VBRs.
  3. Enable high-speed channel connectivity between the VBR and cloud-based Virtual Private Clouds (VPCs) through the Transit Router (TR), allowing secure and stable interconnectivity between multi-regional VPCs and IDCs or third-party cloud resources spread across various locations.
  4. Finalize the configuration of VPCs, Virtual Switches (VSWs), VBRs, TRs, etc., to ensure network integration is complete.

Architecture Diagram:

image

Usage

create VPC and VBR resources in one region.

data "alicloud_express_connect_physical_connections" "example" {
  name_regex = "^preserved-NODELETING"
}

module "this" {
  source = "alibabacloud-automation/hybrid-cloud-network/alicloud"

  vbr_config = [
    {
      vbr = {
        physical_connection_id = data.alicloud_express_connect_physical_connections.example.connections[0].id
        vlan_id                = 104
        local_gateway_ip       = "192.168.0.1"
        peer_gateway_ip        = "192.168.0.2"
        peering_subnet_mask    = "255.255.255.252"
      },
      vbr_bgp_group = {
        peer_asn = 45000
      },
    },
  ]

  vpc_config = [
    {
      vpc = {
        cidr_block = "10.0.0.0/16"
      },
      vswitches = [
        {
          zone_id    = "cn-beijing-i"
          cidr_block = "10.0.1.0/24"
        },
        {
          zone_id    = "cn-beijing-j"
          cidr_block = "10.0.2.0/24"
        }
      ],
    },
  ]
}

create VBR in cn-hangzhou and create VPC and VSwitch resources in cn-beijing.

provider "alicloud" {
  region = "cn-hangzhou"
  alias  = "hz"
}

data "alicloud_express_connect_physical_connections" "example" {
  provider   = alicloud.hz
  name_regex = "^preserved-NODELETING"
}

module "hz" {
  source = "alibabacloud-automation/hybrid-cloud-network/alicloud"
  providers = {
    alicloud = alicloud.hz
  }

  vbr_config = [
    {
      vbr = {
        physical_connection_id = data.alicloud_express_connect_physical_connections.example.connections[0].id
        vlan_id                = 104
        local_gateway_ip       = "192.168.0.1"
        peer_gateway_ip        = "192.168.0.2"
        peering_subnet_mask    = "255.255.255.252"
      },
      vbr_bgp_group = {
        peer_asn = 45000
      },
    },
  ]

  create_vpc_resources = false
}

provider "alicloud" {
  region = "cn-beijing"
  alias  = "bj"
}

module "bj" {
  source = "alibabacloud-automation/hybrid-cloud-network/alicloud"
  providers = {
    alicloud = alicloud.bj
  }

  create_cen_instance = false
  cen_instance_id     = module.hz.cen_instance_id

  create_vbr_resources = false

  vpc_config = [
    {
      vpc = {
        cidr_block = "10.0.0.0/16"
      },
      vswitches = [
        {
          zone_id    = "cn-beijing-i"
          cidr_block = "10.0.1.0/24"
        },
        {
          zone_id    = "cn-beijing-j"
          cidr_block = "10.0.2.0/24"
        }
      ],
    },
  ]
}

Examples

Requirements

Name Version
terraform >= 0.13
alicloud >=1.229.1

Providers

Name Version
alicloud >=1.229.1

Modules

Name Source Version
vbr ./modules/vbr n/a
vpc ./modules/vpc n/a

Resources

Name Type
alicloud_cen_instance.this resource
alicloud_cen_transit_router.this resource

Inputs

Name Description Type Default Required
cen_instance_config The parameters of cen instance. 
object({
    cen_instance_name = optional(string, null)
    protection_level  = optional(string, "REDUCED")
    description       = optional(string, null)
    tags              = optional(map(string), {})
  })
 {} no
cen_instance_id The id of an exsiting cen instance. string null no
cen_transit_router_id The transit router id of an existing transit router. string null no
create_cen_instance Whether to create cen instance. If false, you can specify an existing cen instance by setting 'cen_instance_id'. Default to 'true' bool true no
create_cen_transit_router Whether to create transit router. If false, you can specify an existing transit router by setting 'cen_transit_router_id'. Default to 'true' bool true no
create_vbr_resources Whether to create vbr resources. Default to 'true' bool true no
create_vpc_resources Whether to create vpc resources. Default to 'true' bool true no
tr_config The parameters of transit router. 
object({
    transit_router_name        = optional(string, null)
    transit_router_description = optional(string, null)
    support_multicast          = optional(string, null)
    tags                       = optional(map(string), {})
  })
 {} no
vbr_config The list parameters of vbr resources. The attributes 'vbr', 'vbr_bgp_group' are required. 
list(object({
    vbr = object({
      physical_connection_id     = string
      vlan_id                    = number
      local_gateway_ip           = string
      peer_gateway_ip            = string
      peering_subnet_mask        = string
      virtual_border_router_name = optional(string, null)
      description                = optional(string, null)
    })
    tr_vbr_attachment = optional(object({
      transit_router_attachment_name        = optional(string, null)
      transit_router_attachment_description = optional(string, null)
      tags                                  = optional(map(string), {})
      auto_publish_route_enabled            = optional(bool, true)
      route_table_propagation_enabled       = optional(bool, true)
      route_table_association_enabled       = optional(bool, true)
    }), {})
    vbr_health_check = optional(object({
      create_vbr_health_check = optional(bool, true)
      health_check_interval   = optional(number, 2)
      healthy_threshold       = optional(number, 8)
    }), {})
    vbr_bgp_group = object({
      peer_asn       = string
      auth_key       = optional(string, null)
      bgp_group_name = optional(string, null)
      description    = optional(string, null)
      is_fake_asn    = optional(bool, false)
    })
    vbr_bgp_peer = optional(object({
      bfd_multi_hop   = optional(number, 255)
      enable_bfd      = optional(bool, "false")
      ip_version      = optional(string, "IPV4")
      peer_ip_address = optional(string, null)
    }), {})
  }))
 
[
  {
    "vbr": {
      "local_gateway_ip": null,
      "peer_gateway_ip": null,
      "peering_subnet_mask": null,
      "physical_connection_id": null,
      "vlan_id": null
    },
    "vbr_bgp_group": {
      "peer_asn": null
    }
  }
]
 no
vpc_config The parameters of vpc resources. The attributes 'vpc', 'vswitches' are required. 
list(object({
    vpc = map(string)
    vswitches = list(object({
      zone_id      = string
      cidr_block   = string
      vswitch_name = optional(string, null)
    }))
    tr_vpc_attachment = optional(object({
      transit_router_attachment_name  = optional(string, null)
      auto_publish_route_enabled      = optional(bool, true)
      route_table_propagation_enabled = optional(bool, true)
      route_table_association_enabled = optional(bool, true)
    }), {})
  }))
 [] no

Outputs

Name Description
bgp_group_id The id of BGP group.
bgp_group_status The status of BGP group.
bgp_peer_id The id of BGP peer.
bgp_peer_name The name of BGP peer.
bgp_peer_status The status of BGP peer.
cen_instance_id The id of CEN instance.
cen_instance_status The status of CEN instance.
cen_transit_router_id The id of CEN transit router.
cen_transit_router_support_multicast The status of CEN transit router.
cen_transit_router_type The type of CEN transit router.
health_check_id The id of health check.
tr_vbr_attachment_id The id of attachment bewteen TR and VBR.
tr_vbr_attachment_status The status of attachment bewteen TR and VBR.
tr_vbr_route_table_association_id The id of route table association bewteen TR and VBR.
tr_vbr_route_table_association_status The status of route table association bewteen TR and VBR.
tr_vbr_route_table_propagation_id The id of route table propagation bewteen TR and VBR.
tr_vbr_route_table_propagation_status The status of route table propagation bewteen TR and VBR.
tr_vpc_attachment_id The id of attachment between TR and VPC.
tr_vpc_attachment_status The status of attachment between TR and VPC.
tr_vpc_route_table_association_id The id of route table association bewteen TR and VPC.
tr_vpc_route_table_association_status The status of route table association bewteen TR and VPC.
tr_vpc_route_table_propagation_id The id of route table propagation bewteen TR and VPC.
tr_vpc_route_table_propagation_status The status of route table propagation bewteen TR and VPC.
vbr_id The ids of VBR.
vbr_route_table_id The route table id of VBR.
vpc_id The ids of vpc.
vpc_route_table_id The route table id of vpc.
vpc_status The status of vpc.
vswitch_ids The ids of vswitches.
vswitch_status The status of vswitches.

Submit Issues

If you have any problems when using this module, please opening a provider issue and let us know.

Note: There does not recommend opening an issue on this repo.

Authors

Created and maintained by Alibaba Cloud Terraform Team(terraform@alibabacloud.com).

License

MIT Licensed. See LICENSE for full details.

Reference