├── img1-topology.png
├── img3-fw-and-sdwan.png
├── img4-mrf-multicloud.png
├── 01-Branch1
├── provider.tf
├── vars.tf
└── cloud-init-branch1-r1.user_data
├── 02-Branch2
├── provider.tf
├── vars.tf
├── cloud-init-branch2-r1.user_data
└── branch2.tf
├── img2-wanem-branch1-topology.png
├── 00-SD-WAN-Controllers
├── provider.tf
├── vmanage-cloud-init.user_data
├── vsmart-cloud-init.user_data
├── vbond-cloud-init.user_data
└── vars.tf
├── 03-CSP-Region1-Cloud-App
├── provider.tf
├── vars.tf
└── cloud-app.tf
├── 04-CSP-Region2-Cloud-App
├── provider.tf
├── vars.tf
└── cloud-app.tf
├── 05-Centralized-Firewall-Inspection-and-SD-WAN
├── 04-SD-WAN-VPC
│ ├── provider.tf
│ ├── vars.tf
│ ├── cloud-init-sdwan-r1.user_data
│ └── cloud-init-sdwan-r2.user_data
├── 01-Cloud_App1
│ ├── provider.tf
│ ├── cloud-init-cloud-site_host1.user_data
│ ├── vars.tf
│ └── cloud-app1.tf
├── 02-Cloud-App2
│ ├── provider.tf
│ ├── cloud-init-cloud-site_host2.user_data
│ ├── vars.tf
│ └── cloud-app2.tf
└── 03-Shared_services_VPC
│ ├── provider.tf
│ ├── cloud-init-shared-services_fw1.user_data
│ ├── cloud-init-shared-services_fw2.user_data
│ └── vars.tf
├── 06-MRF-Multicloud
├── provider.tf
├── aws-region-12-vsmart-cloud-init.user_data
├── gcp-region-1b-sdwan-r1-cloud-init.user_data
├── gcp-region-2b-sdwan-r1-cloud-init.user_data
├── aws-region-1a-sdwan-r1-cloud-init.user_data
├── aws-region-2a-sdwan-r1-cloud-init.user_data
├── gcp-core-1b-sdwan-r1-cloud-init.user_data
├── gcp-core-2b-sdwan-r1-cloud-init.user_data
├── aws-core-1a-sdwan-r1-cloud-init.user_data
├── aws-core-2a-sdwan-r1-cloud-init.user_data
├── gcp-core-1b.tf
├── gcp-region-2b.tf
├── gcp-region-1b.tf
├── gcp-core-2b.tf
├── aws-region-12-vsmart.tf
├── aws-region-2a.tf
├── aws-region-1a.tf
├── aws-core-1a.tf
└── aws-core-2a.tf
└── LICENSE
/img1-topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CiscoDevNet/sdwan-cor-labinfra/HEAD/img1-topology.png
--------------------------------------------------------------------------------
/img3-fw-and-sdwan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CiscoDevNet/sdwan-cor-labinfra/HEAD/img3-fw-and-sdwan.png
--------------------------------------------------------------------------------
/img4-mrf-multicloud.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CiscoDevNet/sdwan-cor-labinfra/HEAD/img4-mrf-multicloud.png
--------------------------------------------------------------------------------
/01-Branch1/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "branch1"
3 | region = var.aws_branch1_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/02-Branch2/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "branch2"
3 | region = var.aws_branch2_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/img2-wanem-branch1-topology.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CiscoDevNet/sdwan-cor-labinfra/HEAD/img2-wanem-branch1-topology.png
--------------------------------------------------------------------------------
/00-SD-WAN-Controllers/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "controllers"
3 | region = var.aws_controllers_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/03-CSP-Region1-Cloud-App/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "cloud-site"
3 | region = var.aws_cloud-site_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/04-CSP-Region2-Cloud-App/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "cloud-site"
3 | region = var.aws_cloud-site_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "sdwan"
3 | region = var.aws_sdwan_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "cloud-site"
3 | region = var.aws_cloud-site_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "cloud-site"
3 | region = var.aws_cloud-site_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/provider.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | alias = "shared-services"
3 | region = var.aws_shared-services_region
4 | }
5 |
6 |
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw1.user_data:
--------------------------------------------------------------------------------
1 | {
2 | "Hostname": "fw1",
3 | "AdminPassword": "ChangeThisPassword@123",
4 | "FirewallMode": "routed",
5 | "IPv4Mode": "dhcp",
6 | "ManageLocally":"No",
7 | "FmcIp": "1.2.3.4",
8 | "FmcRegKey": "cisco123reg",
9 | "FmcNatId": "cisco123nat"
10 | }
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/cloud-init-shared-services_fw2.user_data:
--------------------------------------------------------------------------------
1 | {
2 | "Hostname": "fw2",
3 | "AdminPassword": "ChangeThisPassword@123",
4 | "FirewallMode": "routed",
5 | "IPv4Mode": "dhcp",
6 | "ManageLocally":"No",
7 | "FmcIp": "1.2.3.4",
8 | "FmcRegKey": "cisco123reg",
9 | "FmcNatId": "cisco123nat"
10 | }
--------------------------------------------------------------------------------
/06-MRF-Multicloud/provider.tf:
--------------------------------------------------------------------------------
1 | # AWS Provider:
2 |
3 | provider "aws" {
4 | alias = "core_1a"
5 | region = var.aws_core_1a_region
6 | }
7 |
8 | provider "aws" {
9 | alias = "core_2a"
10 | region = "us-east-2"
11 | }
12 |
13 | provider "aws" {
14 | alias = "region_1a"
15 | region = var.aws_region_1a_region
16 | }
17 |
18 | provider "aws" {
19 | alias = "region_2a"
20 | region = var.aws_region_2a_region
21 | }
22 |
23 | provider "aws" {
24 | alias = "region_12_vsmart"
25 | region = var.aws_region_12_vsmart_region
26 | }
27 |
28 |
29 | # GCP Provider:
30 |
31 | provider "google" {
32 | credentials = file(var.gcp["gcp_credential_file"])
33 | project = var.gcp["gcp_project_id"]
34 | }
35 |
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/cloud-init-cloud-site_host1.user_data:
--------------------------------------------------------------------------------
1 | #cloud-config
2 | repo_update: true
3 | repo_upgrade: all
4 |
5 | packages:
6 | - httpd
7 | - mariadb-server
8 |
9 | package_update: true
10 | package_upgrade: true
11 |
12 | runcmd:
13 | - [ sh, -c, "amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2" ]
14 | - systemctl start httpd
15 | - sudo systemctl enable httpd
16 | - [ sh, -c, "usermod -a -G apache ec2-user" ]
17 | - [ sh, -c, "chown -R ec2-user:apache /var/www" ]
18 | - chmod 2775 /var/www
19 | - [ find, /var/www, -type, d, -exec, chmod, 2775, {}, \; ]
20 | - [ find, /var/www, -type, f, -exec, chmod, 0664, {}, \; ]
21 | - [ sh, -c, 'echo "" > /var/www/html/phpinfo.php' ]
22 | - sudo hostnamectl set-hostname host1.local
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/cloud-init-cloud-site_host2.user_data:
--------------------------------------------------------------------------------
1 | #cloud-config
2 | repo_update: true
3 | repo_upgrade: all
4 |
5 | packages:
6 | - httpd
7 | - mariadb-server
8 |
9 | package_update: true
10 | package_upgrade: true
11 |
12 | runcmd:
13 | - [ sh, -c, "amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2" ]
14 | - systemctl start httpd
15 | - sudo systemctl enable httpd
16 | - [ sh, -c, "usermod -a -G apache ec2-user" ]
17 | - [ sh, -c, "chown -R ec2-user:apache /var/www" ]
18 | - chmod 2775 /var/www
19 | - [ find, /var/www, -type, d, -exec, chmod, 2775, {}, \; ]
20 | - [ find, /var/www, -type, f, -exec, chmod, 0664, {}, \; ]
21 | - [ sh, -c, 'echo "" > /var/www/html/phpinfo.php' ]
22 | - sudo hostnamectl set-hostname host2.local
--------------------------------------------------------------------------------
/04-CSP-Region2-Cloud-App/vars.tf:
--------------------------------------------------------------------------------
1 | # Cloud App for SD-WAN demo - consists of one host:
2 |
3 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources
4 | default = "GCP"
5 | }
6 |
7 | variable "aws_cloud-site_region" {
8 | default = "us-west-2"
9 | }
10 |
11 | variable "aws_cloud-site_az" {
12 | default = "us-west-2b"
13 | }
14 |
15 |
16 | variable "aws_cloud-site_vpc_cidr" {
17 | default = "10.53.0.0/16"
18 | }
19 |
20 | variable "aws_cloud-site_vpc_subnet-1_cidr" {
21 | default = "10.53.1.0/24"
22 | }
23 |
24 | variable "aws_cloud-site_vpc_subnet-2_cidr" {
25 | default = "10.53.2.0/24"
26 | }
27 |
28 |
29 | variable "aws_ami_id_host1" {
30 | default = "ami-04f77aa5970939148" # Amazon Linux 2 AMI (HVM), SSD Volume Type (64-bit x86)
31 | }
32 |
33 | variable "aws_ami_type_host1" {
34 | default = "t2.medium"
35 | }
36 |
37 | variable "aws_host1-subnet-1_private_ip" {
38 | default = "10.53.1.101"
39 | }
40 |
41 | variable "aws_host1-subnet-2_private_ip" {
42 | default = "10.53.2.101"
43 | }
44 |
45 |
46 | # SSH Key File:
47 | variable "aws_key_pair_name" {
48 | default = "aws-key-20-3-setup"
49 | }
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | BSD 3-Clause License
2 |
3 | Copyright (c) 2021, Cisco Systems, Inc. and/or its affiliates
4 | All rights reserved.
5 |
6 | Redistribution and use in source and binary forms, with or without
7 | modification, are permitted provided that the following conditions are met:
8 |
9 | * Redistributions of source code must retain the above copyright notice, this
10 | list of conditions and the following disclaimer.
11 |
12 | * Redistributions in binary form must reproduce the above copyright notice,
13 | this list of conditions and the following disclaimer in the documentation
14 | and/or other materials provided with the distribution.
15 |
16 | * Neither the name of the copyright holder nor the names of its
17 | contributors may be used to endorse or promote products derived from
18 | this software without specific prior written permission.
19 |
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 |
--------------------------------------------------------------------------------
/03-CSP-Region1-Cloud-App/vars.tf:
--------------------------------------------------------------------------------
1 | # Cloud App for SD-WAN demo - consists of one Linux host running a web server:
2 |
3 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "Demo Branch1 Subnet-1 Mgmt"
4 | default = "Demo"
5 | }
6 |
7 | variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster
8 | default = "128.107.0.0/16"
9 | }
10 |
11 | variable "aws_cloud-site_region" {
12 | default = "ap-southeast-2" # if you change the default region, please also change AMI IDs below
13 | }
14 |
15 | variable "aws_cloud-site_az" {
16 | default = "ap-southeast-2b"
17 | }
18 |
19 |
20 | variable "aws_cloud-site_vpc_cidr" {
21 | default = "10.53.0.0/16"
22 | }
23 |
24 | variable "aws_cloud-site_vpc_subnet-1_cidr" {
25 | default = "10.53.1.0/24"
26 | }
27 |
28 | variable "aws_cloud-site_vpc_subnet-2_cidr" {
29 | default = "10.53.2.0/24"
30 | }
31 |
32 |
33 | variable "aws_ami_id_host1" {
34 | default = "ami-04f77aa5970939148" # Amazon Linux 2 AMI (HVM), SSD Volume Type (64-bit x86). Please change the AMI if you want to use a different region!
35 | }
36 |
37 | variable "aws_ami_type_host1" {
38 | default = "t2.medium"
39 | }
40 |
41 | variable "aws_host1-subnet-1_private_ip" {
42 | default = "10.53.1.101"
43 | }
44 |
45 | variable "aws_host1-subnet-2_private_ip" {
46 | default = "10.53.2.101"
47 | }
48 |
49 |
50 | # SSH Key File:
51 | variable "aws_key_pair_name" {
52 | default = "aws-key-20-3-setup" # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup"
53 | }
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/01-Cloud_App1/vars.tf:
--------------------------------------------------------------------------------
1 | # Cloud App1 for SD-WAN Security demo - consists of one Linux host running a web client
2 |
3 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "FW-VPC1"
4 | default = "SEC"
5 | }
6 |
7 | variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster, adjust as needed!
8 | default = "128.107.0.0/16"
9 | }
10 |
11 | variable "aws_cloud-site_region" {
12 | default = "us-west-2" # if you change the default region, please also change AMI IDs below
13 | } # set the region like this because terraform does not pickup the region from .aws/configure: export AWS_DEFAULT_REGION=$(aws configure get region --profile default)
14 |
15 |
16 | variable "aws_cloud-site_az" {
17 | default = "us-west-2c"
18 | }
19 |
20 |
21 | variable "aws_cloud-site_vpc_cidr" {
22 | default = "10.72.0.0/16"
23 | }
24 |
25 | variable "aws_cloud-site_vpc_subnet-1_cidr" {
26 | default = "10.72.1.0/24"
27 | }
28 |
29 | variable "aws_cloud-site_vpc_subnet-2_cidr" {
30 | default = "10.72.2.0/24"
31 | }
32 |
33 |
34 | variable "aws_ami_id_host1" {
35 | default = "ami-0e5b6b6a9f3db6db8" # Amazon Linux 2 AMI (HVM), SSD Volume Type (64-bit x86). Please change the AMI if you want to use a different region!
36 | }
37 |
38 | variable "aws_ami_type_host1" {
39 | default = "t2.micro"
40 | }
41 |
42 | variable "aws_host1-subnet-1_private_ip" {
43 | default = "10.72.1.101"
44 | }
45 |
46 | variable "aws_host1-subnet-2_private_ip" {
47 | default = "10.72.2.101"
48 | }
49 |
50 | variable "tgw_amazon_side_asn" {
51 | default = "64522" # please make sure, that this is unique, we will use it as filter
52 | }
53 |
54 | # SSH Key File:
55 | variable "aws_key_pair_name" {
56 | default = "aws-key-20-3-setup" # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup"
57 | }
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/02-Cloud-App2/vars.tf:
--------------------------------------------------------------------------------
1 | # Cloud App2 for SD-WAN Security demo - consists of one Linux host running a web server
2 |
3 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "FW-VPC1"
4 | default = "SEC"
5 | }
6 |
7 | variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster, adjust as needed!
8 | default = "128.107.0.0/16"
9 | }
10 |
11 | variable "aws_cloud-site_region" {
12 | default = "us-west-2" # if you change the default region, please also change AMI IDs below
13 | } # set the region like this because terraform does not pickup the region from .aws/configure: export AWS_DEFAULT_REGION=$(aws configure get region --profile default)
14 |
15 | variable "aws_cloud-site_az" {
16 | default = "us-west-2b"
17 | }
18 |
19 |
20 | variable "aws_cloud-site_vpc_cidr" {
21 | default = "10.73.0.0/16"
22 | }
23 |
24 | variable "aws_cloud-site_vpc_subnet-1_cidr" {
25 | default = "10.73.1.0/24"
26 | }
27 |
28 | variable "aws_cloud-site_vpc_subnet-2_cidr" {
29 | default = "10.73.2.0/24"
30 | }
31 |
32 |
33 | variable "aws_ami_id_host2" {
34 | default = "ami-0e5b6b6a9f3db6db8" # Amazon Linux 2 AMI (HVM), SSD Volume Type (64-bit x86). Please change the AMI if you want to use a different region!
35 | }
36 |
37 | variable "aws_ami_type_host2" {
38 | default = "t2.micro" # Please note that t2.medium is NOT supported in your requested Availability Zone (us-west-2d). Use us-west-2a, us-west-2b, us-west-2c.
39 | }
40 |
41 | variable "aws_host2-subnet-1_private_ip" {
42 | default = "10.73.1.101"
43 | }
44 |
45 | variable "aws_host2-subnet-2_private_ip" {
46 | default = "10.73.2.101"
47 | }
48 |
49 | variable "tgw_amazon_side_asn" {
50 | default = "64522" # please make sure, that this is unique, we will use it as filter
51 | }
52 |
53 | # SSH Key File:
54 | variable "aws_key_pair_name" {
55 | default = "aws-key-20-3-setup" # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup"
56 | }
--------------------------------------------------------------------------------
/02-Branch2/vars.tf:
--------------------------------------------------------------------------------
1 | # SD-WAN Branch 2 - consists of SD-WAN router and one host:
2 |
3 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "Demo Branch1 Subnet-1 Mgmt"
4 | default = "Demo"
5 | }
6 |
7 | variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster
8 | default = "128.107.0.0/16"
9 | }
10 |
11 | variable "aws_branch2_region" {
12 | default = "ap-southeast-2"
13 | }
14 |
15 | variable "aws_branch2_az" {
16 | default = "ap-southeast-2b"
17 | }
18 |
19 | variable "aws_ami_id_branch2_r1" {
20 | default = "ami-032d343a587b0b958" # Cisco-CSR-SDWAN-17.3.2 Marketplace AMI for this region. Please change the AMI if you want to use a different region!
21 | }
22 |
23 | variable "aws_ami_type_branch2_r1" {
24 | default = "c5.xlarge" # please keep in mind, that your AWS instance type needs to support at least 3 NICs.
25 | }
26 |
27 | variable "aws_branch2_vpc_cidr" {
28 | default = "10.112.0.0/16"
29 | }
30 |
31 | variable "aws_branch2_vpc_subnet-1_cidr" {
32 | default = "10.112.1.0/24"
33 | }
34 |
35 | variable "aws_branch2_r1_nic1_private_ip" {
36 | default = "10.112.1.11"
37 | }
38 |
39 | variable "aws_branch2_vpc_subnet-2_cidr" {
40 | default = "10.112.2.0/24"
41 | }
42 |
43 | variable "aws_branch2_r1_nic2_private_ip" {
44 | default = "10.112.2.11"
45 | }
46 |
47 | variable "aws_branch2_vpc_subnet-3_cidr" {
48 | default = "10.112.3.0/24"
49 | }
50 |
51 | variable "aws_branch2_r1_nic3_private_ip" {
52 | default = "10.112.3.11"
53 | }
54 |
55 |
56 | variable "aws_ami_id_host1" {
57 | default = "ami-04f77aa5970939148" # Amazon Linux 2 AMI (HVM), SSD Volume Type (64-bit x86). Please change the AMI if you want to use a different region!
58 | }
59 |
60 | variable "aws_ami_type_host1" {
61 | default = "t2.medium"
62 | }
63 |
64 | variable "aws_host1-subnet-1_private_ip" {
65 | default = "10.112.1.101"
66 | }
67 |
68 | variable "aws_host1-subnet-3_private_ip" {
69 | default = "10.112.3.101"
70 | }
71 |
72 |
73 | # SSH Key File:
74 | variable "aws_key_pair_name" { # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup"
75 | default = "aws-key-20-3-setup"
76 | }
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/vars.tf:
--------------------------------------------------------------------------------
1 | # SD-WAN VPC - consists of two SD-WAN routers connected to SD-WAN Fabric and to AWS TGW
2 |
3 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "Demo Branch1 Subnet-1 Mgmt"
4 | default = "SEC"
5 | }
6 |
7 | variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster
8 | default = "128.107.0.0/16"
9 | }
10 |
11 | variable "aws_sdwan_region" {
12 | default = "us-west-2"
13 | }
14 |
15 | variable "aws_sdwan_az1" {
16 | default = "us-west-2c"
17 | }
18 |
19 | variable "aws_sdwan_az2" {
20 | default = "us-west-2b"
21 | }
22 |
23 | variable "aws_ami_id_sdwan_router" {
24 | default = "ami-087c4c3dcd724a5fd" # Cisco Cat8000v 17.6.1. Marketplace AMI for this region. Please change the AMI if you want to use a different region!
25 | }
26 |
27 | variable "aws_ami_type_sdwan_router" {
28 | default = "c5n.xlarge" # please keep in mind, that your AWS instance type needs to support at least 3 NICs. Going with 4 NICs here.
29 | }
30 |
31 | variable "aws_sdwan_vpc_cidr" {
32 | default = "10.71.0.0/16"
33 | }
34 |
35 | variable "aws_sdwan_vpc_az1_subnet-1_cidr" {
36 | default = "10.71.1.0/24"
37 | }
38 |
39 | variable "aws_sdwan_vpc_az1_subnet-2_cidr" {
40 | default = "10.71.2.0/24"
41 | }
42 |
43 | variable "aws_sdwan_vpc_az1_subnet-3_cidr" {
44 | default = "10.71.3.0/24"
45 | }
46 |
47 | variable "aws_sdwan_vpc_az2_subnet-1_cidr" {
48 | default = "10.71.11.0/24"
49 | }
50 |
51 | variable "aws_sdwan_vpc_az2_subnet-2_cidr" {
52 | default = "10.71.12.0/24"
53 | }
54 |
55 | variable "aws_sdwan_vpc_az2_subnet-3_cidr" {
56 | default = "10.71.13.0/24"
57 | }
58 |
59 | variable "aws_sdwan_r1_nic1_private_ip" {
60 | default = "10.71.1.11"
61 | }
62 |
63 | variable "aws_sdwan_r1_nic2_private_ip" {
64 | default = "10.71.2.11"
65 | }
66 |
67 | variable "aws_sdwan_r1_nic3_private_ip" {
68 | default = "10.71.3.11"
69 | }
70 |
71 | variable "aws_sdwan_r2_nic1_private_ip" {
72 | default = "10.71.11.11"
73 | }
74 |
75 | variable "aws_sdwan_r2_nic2_private_ip" {
76 | default = "10.71.12.11"
77 | }
78 |
79 | variable "aws_sdwan_r2_nic3_private_ip" {
80 | default = "10.71.13.11"
81 | }
82 |
83 | variable "tgw_amazon_side_asn" {
84 | default = "64522" # please make sure, that this is unique, we will use it as filter
85 | }
86 |
87 |
88 | # SSH Key File:
89 | variable "aws_key_pair_name" { # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup"
90 | default = "aws-key-20-3-setup"
91 | }
--------------------------------------------------------------------------------
/00-SD-WAN-Controllers/vmanage-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | #cloud-config
2 | disk_setup:
3 | /dev/nvme1n1:
4 | table_type: mbr
5 | layout: false
6 | overwrite: false
7 | fs_setup:
8 | - device: /dev/nvme1n1
9 | label: data
10 | partition: none
11 | filesystem: ext4
12 | overwrite: false
13 | mounts:
14 | - [ /dev/nvme1n1, /opt/data ]
15 | write_files:
16 | - path: /opt/web-app/etc/persona
17 | owner: vmanage:vmanage-admin
18 | permissions: '0644'
19 | content: '{"persona":"COMPUTE_AND_DATA"}'
20 | - path: /etc/default/personality
21 | content: "vmanage\n"
22 | - path: /etc/default/inited
23 | content: "1\n"
24 | - path: /usr/share/viptela/symantec-root-ca.crt
25 | - path: /etc/confd/init/zcloud.xml
26 | content: |
27 |
28 |
29 | vmanage
30 | vmanage
31 | sdwan-tme-demo
32 | sdwan-tme-demo
33 |
34 | 44.227.177.103
35 | 12346
36 |
37 | 210
38 | 11.210.11.11
39 | vManage
40 | 1
41 |
42 |
43 | admin
44 | admin123
45 | netadmin
46 |
47 |
48 |
49 |
50 |
51 | 0
52 |
53 | eth1
54 |
55 | true
56 |
57 | false
58 |
59 |
60 | ipsec
61 |
62 |
63 | default
64 |
65 |
66 | true
67 | true
68 |
69 |
70 | false
71 |
72 |
73 |
74 |
75 |
76 | 512
77 |
78 | eth0
79 |
80 | true
81 |
82 | false
83 |
84 |
85 |
86 |
87 |
--------------------------------------------------------------------------------
/00-SD-WAN-Controllers/vsmart-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | #cloud-config
2 | write_files:
3 | - path: /etc/default/personality
4 | content: "vsmart\n"
5 | - path: /etc/default/inited
6 | content: "1\n"
7 | - path: /usr/share/viptela/symantec-root-ca.crt
8 | - path: /etc/confd/init/zcloud.xml
9 | content: |
10 |
11 |
12 | vsmart
13 | vsmart
14 | sdwan-tme-demo
15 | sdwan-tme-demo
16 |
17 | 44.227.177.103
18 | 12346
19 |
20 | 210
21 | 11.210.11.13
22 | vSmart
23 | 1
24 |
25 |
26 | admin
27 | SJC24-tme
28 | netadmin
29 |
30 |
31 |
32 |
33 |
34 | 0
35 |
36 |
37 | 0.0.0.0/0
38 |
39 | 10.201.2.1
40 |
41 |
42 |
43 |
44 | eth1
45 |
46 | 10.201.2.13/24
47 |
48 |
49 |
50 | ipsec
51 |
52 |
53 | default
54 |
55 |
56 | true
57 | true
58 |
59 |
60 | false
61 |
62 |
63 |
64 |
65 |
66 | 512
67 |
68 |
69 | 0.0.0.0/0
70 |
71 | 10.201.1.1
72 |
73 |
74 |
75 |
76 | eth0
77 |
78 | 10.201.1.13/24
79 |
80 | false
81 |
82 |
83 |
84 |
--------------------------------------------------------------------------------
/00-SD-WAN-Controllers/vbond-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | #cloud-config
2 | write_files:
3 | - path: /etc/default/personality
4 | content: "vedge\n"
5 | - path: /etc/default/inited
6 | content: "1\n"
7 | - path: /usr/share/viptela/symantec-root-ca.crt
8 | - path: /etc/confd/init/zcloud.xml
9 | content: |
10 |
11 |
12 | vedge
13 | vedge-cloud
14 | sdwan-tme-demo
15 | sdwan-tme-demo
16 |
17 |
18 | 44.227.177.103
19 | 12346
20 |
21 | 210
22 | 11.210.11.12
23 | vBond
24 | 1
25 |
26 |
27 | admin
28 | SJC24-tme
29 | netadmin
30 |
31 |
32 |
33 |
34 |
35 | 0
36 |
37 |
38 | 0.0.0.0/0
39 |
40 | 10.201.2.1
41 |
42 |
43 |
44 |
45 | ge0/0
46 |
47 | 10.201.2.12/24
48 |
49 |
50 |
51 | ipsec
52 |
53 |
54 | default
55 |
56 |
57 | true
58 | true
59 |
60 |
61 | false
62 |
63 |
64 |
65 |
66 |
67 | 512
68 |
69 |
70 | 0.0.0.0/0
71 |
72 | 10.201.1.1
73 |
74 |
75 |
76 |
77 | eth0
78 |
79 | 10.201.1.12/24
80 |
81 | false
82 |
83 |
84 |
85 |
--------------------------------------------------------------------------------
/01-Branch1/vars.tf:
--------------------------------------------------------------------------------
1 | # SD-WAN Branch 1 - consists of SD-WAN router, one WAN emulator (linux VM) and one linux host as app simulation:
2 |
3 | variable "aws_branch1_region" {
4 | default = "us-west-2" # if you change the default region, please also change AMI IDs below
5 | }
6 |
7 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "Demo Branch1 Subnet-1 Mgmt"
8 | default = "Demo"
9 | }
10 |
11 | variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster
12 | default = "128.107.0.0/16"
13 | }
14 |
15 | variable "aws_branch1_az" {
16 | default = "us-west-2b"
17 | }
18 |
19 | variable "aws_ami_id_branch1_r1" {
20 | default = "ami-0c1961e24860d740c" # Cisco-CSR-SDWAN-17.3.2 Marketplace AMI for this region. Please change the AMI if you want to use a different region!
21 | }
22 |
23 | variable "aws_ami_type_branch1_r1" {
24 | default = "c5.xlarge" # please keep in mind, that your AWS instance type needs to support at least 3 NICs.
25 | }
26 |
27 | variable "aws_branch1_vpc_cidr" {
28 | default = "10.111.0.0/16"
29 | }
30 |
31 | variable "aws_branch1_vpc_subnet1_cidr" {
32 | default = "10.111.1.0/24"
33 | }
34 |
35 | variable "aws_branch1_r1_nic1_private_ip" {
36 | default = "10.111.1.11"
37 | }
38 |
39 | variable "aws_branch1_vpc_subnet2_cidr" {
40 | default = "10.111.2.0/24"
41 | }
42 |
43 | variable "aws_branch1_r1_nic2_private_ip" {
44 | default = "10.111.2.11"
45 | }
46 |
47 | variable "aws_branch1_vpc_subnet3_cidr" {
48 | default = "10.111.3.0/24"
49 | }
50 |
51 | variable "aws_branch1_r1_nic3_private_ip" {
52 | default = "10.111.3.11"
53 | }
54 |
55 | variable "aws_branch1_vpc_subnet4_cidr" { # WAN Emulator CIDR out to public internet
56 | default = "10.111.4.0/24"
57 | }
58 |
59 | variable "aws_ami_id_host1" {
60 | default = "ami-00f9f4069d04c0c6e" # Amazon Linux 2 AMI (HVM), SSD Volume Type (64-bit x86). Please change the AMI if you want to use a different region!
61 | }
62 |
63 | variable "aws_ami_type_host1" {
64 | default = "t2.medium"
65 | }
66 |
67 | variable "aws_host1-subnet1_private_ip" {
68 | default = "10.111.1.101"
69 | }
70 |
71 | variable "aws_host1-subnet3_private_ip" {
72 | default = "10.111.3.101"
73 | }
74 |
75 |
76 | variable "aws_branch1_wanem_nic1_private_ip" {
77 | default = "10.111.1.10"
78 | }
79 |
80 | variable "aws_branch1_wanem_nic2_private_ip" {
81 | default = "10.111.2.10"
82 | }
83 |
84 | variable "aws_branch1_wanem_nic3_private_ip" {
85 | default = "10.111.4.10"
86 | }
87 |
88 |
89 | # SSH Key File:
90 | variable "aws_key_pair_name" {
91 | default = "aws-key-20-3-setup" # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup"
92 | }
--------------------------------------------------------------------------------
/06-MRF-Multicloud/aws-region-12-vsmart-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | #cloud-config
2 | write_files:
3 | - path: /etc/default/personality
4 | content: "vsmart\n"
5 | - path: /etc/default/inited
6 | content: "1\n"
7 | - path: /usr/share/viptela/symantec-root-ca.crt
8 | - path: /etc/confd/init/zcloud.xml
9 | content: |
10 |
11 |
12 | vsmart
13 | vsmart
14 | mrf-multicloud-demo
15 | mrf-multicloud-demo
16 |
17 | 44.227.177.103
18 | 12346
19 |
20 | 110
21 | 11.110.11.1
22 | Region-2-vSmart
23 | 1
24 |
25 |
26 | admin
27 | $6$089428be2645bbfa$xU5B.R6XJXV3/RnYWHIilmQFl/3sD01IxaEBRtHy8Z/oTwEM1VkmhL2xjuZS6XKTqH82Op1PafRFhzuAAA.t90
28 | netadmin
29 |
30 |
31 |
32 |
33 |
34 | 0
35 |
36 |
37 | 0.0.0.0/0
38 |
39 | 10.110.2.1
40 |
41 |
42 |
43 |
44 | eth1
45 |
46 | 10.110.2.11/24
47 |
48 |
49 |
50 | ipsec
51 |
52 |
53 | default
54 |
55 |
56 | true
57 | true
58 |
59 |
60 | false
61 |
62 |
63 |
64 |
65 |
66 | 512
67 |
68 |
69 | 0.0.0.0/0
70 |
71 | 10.110.1.1
72 |
73 |
74 |
75 |
76 | eth0
77 |
78 | 10.110.1.11/24
79 |
80 | false
81 |
82 |
83 |
84 |
--------------------------------------------------------------------------------
/00-SD-WAN-Controllers/vars.tf:
--------------------------------------------------------------------------------
1 | # SD-WAN Controllers:
2 |
3 | variable "aws_controllers_region" {
4 | default = "us-west-2"
5 | }
6 |
7 | variable "aws_controllers_az" {
8 | default = "us-west-2a"
9 | }
10 |
11 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "Demo Branch1 Subnet-1 Mgmt"
12 | default = "Test"
13 | }
14 |
15 | variable "aws_ami_id_vmanage" {
16 | default = "ami-038a84f798016c28d" # 20.12 eng. image, available only in us-west-2. Must be shared by Cisco as private AMI.
17 | }
18 |
19 | variable "aws_ami_type_vmanage" {
20 | default = "c7i.4xlarge"
21 | }
22 |
23 | variable "aws_ami_id_vsmart" {
24 | default = "ami-0d3a38565cad7e9a8" # 20.12 eng. image, available only in us-west-2. Must be shared by Cisco as private AMI.
25 | }
26 |
27 | variable "aws_ami_type_vsmart" {
28 | default = "t3.medium" # Changed from t2 to t3 in order to have console access via AWS UI
29 | }
30 |
31 | variable "aws_ami_id_vbond" {
32 | default = "ami-03bdae9b1edc67cce" # 20.12 eng. image, available only in us-west-2. Must be shared by Cisco as private AMI.
33 | }
34 |
35 | variable "aws_ami_type_vbond" {
36 | default = "t3.medium" # Changed from t2 to t3 in order to have console access via AWS UI
37 | }
38 |
39 | variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster, adjust as needed!
40 | default = "128.107.0.0/16"
41 | }
42 |
43 | variable "https_allow_cidr" { # allow https only from Cisco San Jose VPN Cluster, adjust as needed!
44 | default = "128.107.0.0/16"
45 | }
46 |
47 |
48 | variable "aws_controllers_vpc_cidr" {
49 | default = "10.201.0.0/16"
50 | }
51 |
52 | variable "aws_controllers_subnet-1_cidr" { // vpn512
53 | default = "10.201.1.0/24"
54 | }
55 |
56 | variable "aws_controllers_subnet-2_cidr" { // vpn0
57 | default = "10.201.2.0/24"
58 | }
59 |
60 | variable "aws_vmanage-subnet-1_private_ip" { // vpn512
61 | default = "10.201.1.11"
62 | }
63 |
64 | variable "aws_vbond-subnet-1_private_ip" { // vpn512
65 | default = "10.201.1.12"
66 | }
67 |
68 | variable "aws_vsmart-subnet-1_private_ip" { // vpn512
69 | default = "10.201.1.13"
70 | }
71 |
72 | variable "aws_vsmart2-subnet-1_private_ip" { // vpn512
73 | default = "10.201.1.15"
74 | }
75 |
76 | variable "aws_vmanage-subnet-2_private_ip" { // vpn0
77 | default = "10.201.2.11"
78 | }
79 |
80 | variable "aws_vbond-subnet-2_private_ip" { // vpn0
81 | default = "10.201.2.12"
82 | }
83 |
84 | variable "aws_vsmart-subnet-2_private_ip" { // vpn0
85 | default = "10.201.2.13"
86 | }
87 |
88 | variable "aws_vsmart2-subnet-2_private_ip" { // vpn0
89 | default = "10.201.2.15"
90 | }
91 |
92 |
93 | # SSH Key File. Please note, that this key file is NOT included into the repo, you will need to use your own key pair!
94 | variable "aws_key_pair_name" {
95 | default = "aws-key-20-3-setup"
96 | }
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/03-Shared_services_VPC/vars.tf:
--------------------------------------------------------------------------------
1 | # Shared Services for SD-WAN Security demo - consists of two FTDv Firewall VMs running in a different AZ with GWLB
2 | # Please note, that FMCv controller should be deployed in a different VPC, ideally next to SD-WAN Controllers.
3 | # FMCv deployment is NOT part of this script.
4 |
5 | variable "bucket_prefix" { # use this a prefix in descriptions of ressources, which will be prepended to the name of all ressources. Example "FW-VPC1"
6 | default = "SEC"
7 | }
8 |
9 | variable "ssh_allow_cidr" { # allow ssh only from Cisco San Jose VPN Cluster, adjust as needed!
10 | default = "128.107.0.0/16"
11 | }
12 |
13 | variable "aws_shared-services_region" {
14 | default = "us-west-2" # if you change the default region, please also change AMI IDs below
15 | }
16 |
17 | variable "aws_shared-services_az1" {
18 | default = "us-west-2c"
19 | }
20 |
21 | variable "aws_shared-services_az2" {
22 | default = "us-west-2b"
23 | }
24 |
25 | variable "aws_shared-services_vpc_cidr" {
26 | default = "10.70.0.0/16"
27 | }
28 |
29 | variable "aws_shared-services_vpc_az1_subnet-1_cidr" {
30 | default = "10.70.1.0/24"
31 | }
32 |
33 | variable "aws_shared-services_vpc_az1_subnet-2_cidr" {
34 | default = "10.70.2.0/24"
35 | }
36 |
37 | variable "aws_shared-services_vpc_az1_subnet-3_cidr" {
38 | default = "10.70.3.0/24"
39 | }
40 |
41 | variable "aws_shared-services_vpc_az2_subnet-1_cidr" {
42 | default = "10.70.11.0/24"
43 | }
44 |
45 | variable "aws_shared-services_vpc_az2_subnet-2_cidr" {
46 | default = "10.70.12.0/24"
47 | }
48 |
49 | variable "aws_shared-services_vpc_az2_subnet-3_cidr" {
50 | default = "10.70.13.0/24"
51 | }
52 |
53 | variable "aws_shared-services_vpc_az1_cidr_route_back_to_tgw" {
54 | default = "0.0.0.0/0" # tweak this if you want to route back to TGW only SD-WAN networks
55 | }
56 |
57 | variable "aws_shared-services_vpc_az2_cidr_route_back_to_tgw" {
58 | default = "0.0.0.0/0" # tweak this if you want to route back to TGW only SD-WAN networks
59 | }
60 |
61 | variable "aws_ami_id_fw" {
62 | default = "ami-0bb9a899312d2bade" # FTDv Cisco-internal IFT version 7.1.0-61. Please change the AMI if you want to use a different region!
63 | }
64 |
65 | variable "aws_ami_type_fw" {
66 | default = "c5.xlarge"
67 | }
68 |
69 | variable "aws_fw1_subnet-1_private_ip" {
70 | default = "10.70.1.101"
71 | }
72 |
73 | variable "aws_fw1_subnet-2_private_ip" {
74 | default = "10.70.2.101"
75 | }
76 |
77 | variable "aws_fw1_subnet-3_private_ip" {
78 | default = "10.70.3.101"
79 | }
80 |
81 | variable "aws_fw2_subnet-1_private_ip" {
82 | default = "10.70.11.101"
83 | }
84 |
85 | variable "aws_fw2_subnet-2_private_ip" {
86 | default = "10.70.12.101"
87 | }
88 |
89 | variable "aws_fw2_subnet-3_private_ip" {
90 | default = "10.70.13.101"
91 | }
92 |
93 | variable "tgw_amazon_side_asn" {
94 | default = "64522" # please make sure, that this is unique, we will use it as filter
95 | }
96 |
97 | # SSH Key File:
98 | variable "aws_key_pair_name" {
99 | default = "aws-key-20-3-setup" # Please change to your AWS pem ssh key file! It will NOT work with the default value "aws-key-20-3-setup"
100 | }
--------------------------------------------------------------------------------
/01-Branch1/cloud-init-branch1-r1.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - uuid :
10 | - org :
11 | - vbond :
12 | - otp :
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Branch4-R1
20 | !
21 | system
22 | system-ip 10.111.1.11
23 | site-id 111
24 | organization-name
25 | vbond
26 | !
27 | !
28 | vrf definition 10
29 | rd 1:10
30 | address-family ipv4
31 | route-target export 64550:1
32 | route-target import 64550:1
33 | exit-address-family
34 | !
35 | address-family ipv6
36 | exit-address-family
37 | !
38 | !
39 | vrf definition Mgmt-intf
40 | description Management
41 | rd 1:512
42 | address-family ipv4
43 | route-target export 1:512
44 | route-target import 1:512
45 | exit-address-family
46 | !
47 | address-family ipv6
48 | exit-address-family
49 | !
50 | !
51 | interface GigabitEthernet1
52 | no shutdown
53 | vrf forwarding Mgmt-intf
54 | ip address dhcp client-id GigabitEthernet1
55 | ip dhcp client default-router distance 1
56 | ip mtu 1500
57 | mtu 1500
58 | negotiation auto
59 | exit
60 | !
61 | interface GigabitEthernet2
62 | no shut
63 | ip address dhcp client-id GigabitEthernet2
64 | ip dhcp client default-router distance 1
65 | ip mtu 1500
66 | mtu 1500
67 | negotiation auto
68 | !
69 | !
70 | interface GigabitEthernet3
71 | no shut
72 | !
73 | !
74 | interface Tunnel2
75 | no shutdown
76 | ip unnumbered GigabitEthernet2
77 | no ip redirects
78 | ipv6 unnumbered GigabitEthernet2
79 | no ipv6 redirects
80 | tunnel source GigabitEthernet2
81 | tunnel mode sdwan
82 | exit
83 | !
84 | !
85 | sdwan
86 | interface GigabitEthernet2
87 | tunnel-interface
88 | encapsulation ipsec weight 1
89 | no border
90 | color default
91 | no last-resort-circuit
92 | no low-bandwidth-link
93 | no vbond-as-stun-server
94 | vmanage-connection-preference 5
95 | port-hop
96 | carrier default
97 | nat-refresh-interval 5
98 | hello-interval 1000
99 | hello-tolerance 12
100 | allow-service all
101 | no allow-service bgp
102 | allow-service dhcp
103 | allow-service dns
104 | allow-service icmp
105 | allow-service sshd
106 | allow-service netconf
107 | allow-service ntp
108 | no allow-service ospf
109 | no allow-service stun
110 | allow-service https
111 | no allow-service snmp
112 | exit
113 | exit
114 | appqoe
115 | no tcpopt enable
116 | !
117 | omp
118 | no shutdown
119 | send-path-limit 4
120 | ecmp-limit 4
121 | graceful-restart
122 | no as-dot-notation
123 | timers
124 | holdtime 60
125 | advertisement-interval 1
126 | graceful-restart-timer 43200
127 | eor-timer 300
128 | exit
129 | address-family ipv4
130 | advertise bgp
131 | advertise connected
132 | advertise static
133 | !
134 | address-family ipv6
135 | advertise bgp
136 | advertise connected
137 | advertise static
138 | !
139 | !
140 | !
141 | !
142 | --==BOUNDARY==
--------------------------------------------------------------------------------
/02-Branch2/cloud-init-branch2-r1.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - uuid :
10 | - org :
11 | - vbond :
12 | - otp :
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Branch2-R1
20 | !
21 | system
22 | system-ip 10.112.1.11
23 | site-id 112
24 | organization-name
25 | vbond
26 | !
27 | !
28 | vrf definition 10
29 | rd 1:10
30 | address-family ipv4
31 | route-target export 64550:1
32 | route-target import 64550:1
33 | exit-address-family
34 | !
35 | address-family ipv6
36 | exit-address-family
37 | !
38 | !
39 | vrf definition Mgmt-intf
40 | description Management
41 | rd 1:512
42 | address-family ipv4
43 | route-target export 1:512
44 | route-target import 1:512
45 | exit-address-family
46 | !
47 | address-family ipv6
48 | exit-address-family
49 | !
50 | !
51 | interface GigabitEthernet1
52 | no shutdown
53 | vrf forwarding Mgmt-intf
54 | ip address dhcp client-id GigabitEthernet1
55 | ip dhcp client default-router distance 1
56 | ip mtu 1500
57 | mtu 1500
58 | negotiation auto
59 | exit
60 | !
61 | interface GigabitEthernet2
62 | no shut
63 | ip address dhcp client-id GigabitEthernet2
64 | ip dhcp client default-router distance 1
65 | ip mtu 1500
66 | mtu 1500
67 | negotiation auto
68 | !
69 | !
70 | interface GigabitEthernet3
71 | no shut
72 | !
73 | !
74 | interface Tunnel2
75 | no shutdown
76 | ip unnumbered GigabitEthernet2
77 | no ip redirects
78 | ipv6 unnumbered GigabitEthernet2
79 | no ipv6 redirects
80 | tunnel source GigabitEthernet2
81 | tunnel mode sdwan
82 | exit
83 | !
84 | !
85 | sdwan
86 | interface GigabitEthernet2
87 | tunnel-interface
88 | encapsulation ipsec weight 1
89 | no border
90 | color default
91 | no last-resort-circuit
92 | no low-bandwidth-link
93 | no vbond-as-stun-server
94 | vmanage-connection-preference 5
95 | port-hop
96 | carrier default
97 | nat-refresh-interval 5
98 | hello-interval 1000
99 | hello-tolerance 12
100 | allow-service all
101 | no allow-service bgp
102 | allow-service dhcp
103 | allow-service dns
104 | allow-service icmp
105 | allow-service sshd
106 | allow-service netconf
107 | allow-service ntp
108 | no allow-service ospf
109 | no allow-service stun
110 | allow-service https
111 | no allow-service snmp
112 | exit
113 | exit
114 | appqoe
115 | no tcpopt enable
116 | !
117 | omp
118 | no shutdown
119 | send-path-limit 4
120 | ecmp-limit 4
121 | graceful-restart
122 | no as-dot-notation
123 | timers
124 | holdtime 60
125 | advertisement-interval 1
126 | graceful-restart-timer 43200
127 | eor-timer 300
128 | exit
129 | address-family ipv4
130 | advertise bgp
131 | advertise connected
132 | advertise static
133 | !
134 | address-family ipv6
135 | advertise bgp
136 | advertise connected
137 | advertise static
138 | !
139 | !
140 | !
141 | !
142 | --==BOUNDARY==
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r1.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - uuid :
10 | - org :
11 | - vbond :
12 | - otp :
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname SDWAN-VPC-R1
20 | !
21 | system
22 | system-ip 10.172.1.11
23 | site-id 172
24 | organization-name
25 | vbond
26 | !
27 | !
28 | vrf definition 10
29 | rd 1:10
30 | address-family ipv4
31 | route-target export 64550:1
32 | route-target import 64550:1
33 | exit-address-family
34 | !
35 | address-family ipv6
36 | exit-address-family
37 | !
38 | !
39 | vrf definition Mgmt-intf
40 | description Management
41 | rd 1:512
42 | address-family ipv4
43 | route-target export 1:512
44 | route-target import 1:512
45 | exit-address-family
46 | !
47 | address-family ipv6
48 | exit-address-family
49 | !
50 | !
51 | interface GigabitEthernet1
52 | no shutdown
53 | vrf forwarding Mgmt-intf
54 | ip address dhcp client-id GigabitEthernet1
55 | ip dhcp client default-router distance 1
56 | ip mtu 1500
57 | mtu 1500
58 | negotiation auto
59 | exit
60 | !
61 | interface GigabitEthernet2
62 | no shut
63 | ip address dhcp client-id GigabitEthernet2
64 | ip dhcp client default-router distance 1
65 | ip mtu 1500
66 | mtu 1500
67 | negotiation auto
68 | !
69 | !
70 | interface GigabitEthernet3
71 | no shut
72 | !
73 | !
74 | interface Tunnel2
75 | no shutdown
76 | ip unnumbered GigabitEthernet2
77 | no ip redirects
78 | ipv6 unnumbered GigabitEthernet2
79 | no ipv6 redirects
80 | tunnel source GigabitEthernet2
81 | tunnel mode sdwan
82 | exit
83 | !
84 | !
85 | sdwan
86 | interface GigabitEthernet2
87 | tunnel-interface
88 | encapsulation ipsec weight 1
89 | no border
90 | color default
91 | no last-resort-circuit
92 | no low-bandwidth-link
93 | no vbond-as-stun-server
94 | vmanage-connection-preference 5
95 | port-hop
96 | carrier default
97 | nat-refresh-interval 5
98 | hello-interval 1000
99 | hello-tolerance 12
100 | allow-service all
101 | no allow-service bgp
102 | allow-service dhcp
103 | allow-service dns
104 | allow-service icmp
105 | allow-service sshd
106 | allow-service netconf
107 | allow-service ntp
108 | no allow-service ospf
109 | no allow-service stun
110 | allow-service https
111 | no allow-service snmp
112 | exit
113 | exit
114 | appqoe
115 | no tcpopt enable
116 | !
117 | omp
118 | no shutdown
119 | send-path-limit 4
120 | ecmp-limit 4
121 | graceful-restart
122 | no as-dot-notation
123 | timers
124 | holdtime 60
125 | advertisement-interval 1
126 | graceful-restart-timer 43200
127 | eor-timer 300
128 | exit
129 | address-family ipv4
130 | advertise bgp
131 | advertise connected
132 | advertise static
133 | !
134 | address-family ipv6
135 | advertise bgp
136 | advertise connected
137 | advertise static
138 | !
139 | !
140 | !
141 | !
142 | --==BOUNDARY==
--------------------------------------------------------------------------------
/05-Centralized-Firewall-Inspection-and-SD-WAN/04-SD-WAN-VPC/cloud-init-sdwan-r2.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - uuid :
10 | - org :
11 | - vbond :
12 | - otp :
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname SDWAN-VPC-R2
20 | !
21 | system
22 | system-ip 10.172.1.12
23 | site-id 172
24 | organization-name
25 | vbond
26 | !
27 | !
28 | vrf definition 10
29 | rd 1:10
30 | address-family ipv4
31 | route-target export 64550:1
32 | route-target import 64550:1
33 | exit-address-family
34 | !
35 | address-family ipv6
36 | exit-address-family
37 | !
38 | !
39 | vrf definition Mgmt-intf
40 | description Management
41 | rd 1:512
42 | address-family ipv4
43 | route-target export 1:512
44 | route-target import 1:512
45 | exit-address-family
46 | !
47 | address-family ipv6
48 | exit-address-family
49 | !
50 | !
51 | interface GigabitEthernet1
52 | no shutdown
53 | vrf forwarding Mgmt-intf
54 | ip address dhcp client-id GigabitEthernet1
55 | ip dhcp client default-router distance 1
56 | ip mtu 1500
57 | mtu 1500
58 | negotiation auto
59 | exit
60 | !
61 | interface GigabitEthernet2
62 | no shut
63 | ip address dhcp client-id GigabitEthernet2
64 | ip dhcp client default-router distance 1
65 | ip mtu 1500
66 | mtu 1500
67 | negotiation auto
68 | !
69 | !
70 | interface GigabitEthernet3
71 | no shut
72 | !
73 | !
74 | interface Tunnel2
75 | no shutdown
76 | ip unnumbered GigabitEthernet2
77 | no ip redirects
78 | ipv6 unnumbered GigabitEthernet2
79 | no ipv6 redirects
80 | tunnel source GigabitEthernet2
81 | tunnel mode sdwan
82 | exit
83 | !
84 | !
85 | sdwan
86 | interface GigabitEthernet2
87 | tunnel-interface
88 | encapsulation ipsec weight 1
89 | no border
90 | color default
91 | no last-resort-circuit
92 | no low-bandwidth-link
93 | no vbond-as-stun-server
94 | vmanage-connection-preference 5
95 | port-hop
96 | carrier default
97 | nat-refresh-interval 5
98 | hello-interval 1000
99 | hello-tolerance 12
100 | allow-service all
101 | no allow-service bgp
102 | allow-service dhcp
103 | allow-service dns
104 | allow-service icmp
105 | allow-service sshd
106 | allow-service netconf
107 | allow-service ntp
108 | no allow-service ospf
109 | no allow-service stun
110 | allow-service https
111 | no allow-service snmp
112 | exit
113 | exit
114 | appqoe
115 | no tcpopt enable
116 | !
117 | omp
118 | no shutdown
119 | send-path-limit 4
120 | ecmp-limit 4
121 | graceful-restart
122 | no as-dot-notation
123 | timers
124 | holdtime 60
125 | advertisement-interval 1
126 | graceful-restart-timer 43200
127 | eor-timer 300
128 | exit
129 | address-family ipv4
130 | advertise bgp
131 | advertise connected
132 | advertise static
133 | !
134 | address-family ipv6
135 | advertise bgp
136 | advertise connected
137 | advertise static
138 | !
139 | !
140 | !
141 | !
142 | --==BOUNDARY==
--------------------------------------------------------------------------------
/06-MRF-Multicloud/gcp-region-1b-sdwan-r1-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - otp : 835411f466934c2dadbc739ab234714d
10 | - vbond : 44.227.177.103
11 | - org : mrf-multicloud-demo
12 | - uuid : C8K-7E9DFD60-D49C-140A-D17C-9E787BAABBC6
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Reg1-Sub2-ER1
20 | !
21 | username admin privilege 15 password Cisco123#
22 | !
23 | system
24 | system-ip 21.1.1.1
25 | site-id 21
26 | organization-name mrf-multicloud-demo
27 | vbond 44.227.177.103
28 | region 1
29 | !
30 | !
31 | vrf definition 10
32 | rd 1:10
33 | address-family ipv4
34 | route-target export 64550:1
35 | route-target import 64550:1
36 | exit-address-family
37 | !
38 | address-family ipv6
39 | exit-address-family
40 | !
41 | !
42 | vrf definition Mgmt-intf
43 | description Management
44 | rd 1:512
45 | address-family ipv4
46 | route-target export 1:512
47 | route-target import 1:512
48 | exit-address-family
49 | !
50 | address-family ipv6
51 | exit-address-family
52 | !
53 | !
54 | interface GigabitEthernet1
55 | no shutdown
56 | vrf forwarding Mgmt-intf
57 | ip address dhcp client-id GigabitEthernet1
58 | ip dhcp client default-router distance 1
59 | ip mtu 1500
60 | mtu 1500
61 | negotiation auto
62 | exit
63 | !
64 | interface GigabitEthernet2
65 | no shut
66 | ip address dhcp client-id GigabitEthernet2
67 | ip dhcp client default-router distance 1
68 | ip mtu 1500
69 | mtu 1500
70 | negotiation auto
71 | !
72 | interface GigabitEthernet3
73 | no shut
74 | ip address dhcp
75 | !
76 | interface Loopback10
77 | no shutdown
78 | vrf forwarding 10
79 | ip address 10.21.1.11 255.255.255.255
80 | !
81 | ip route 0.0.0.0 0.0.0.0 10.21.2.1
82 | !
83 | interface Tunnel2
84 | no shutdown
85 | ip unnumbered GigabitEthernet2
86 | no ip redirects
87 | ipv6 unnumbered GigabitEthernet2
88 | no ipv6 redirects
89 | tunnel source GigabitEthernet2
90 | tunnel mode sdwan
91 | exit
92 | !
93 | sdwan
94 | interface GigabitEthernet2
95 | tunnel-interface
96 | encapsulation ipsec weight 1
97 | no border
98 | color public-internet
99 | no last-resort-circuit
100 | no low-bandwidth-link
101 | max-control-connections 2
102 | no vbond-as-stun-server
103 | vmanage-connection-preference 5
104 | port-hop
105 | carrier default
106 | nat-refresh-interval 5
107 | hello-interval 1000
108 | hello-tolerance 12
109 | allow-service all
110 | no allow-service bgp
111 | allow-service dhcp
112 | allow-service dns
113 | allow-service icmp
114 | allow-service sshd
115 | allow-service netconf
116 | allow-service ntp
117 | no allow-service ospf
118 | no allow-service stun
119 | allow-service https
120 | no allow-service snmp
121 | exit
122 | exit
123 | appqoe
124 | no tcpopt enable
125 | !
126 | omp
127 | no shutdown
128 | send-path-limit 4
129 | ecmp-limit 4
130 | graceful-restart
131 | no as-dot-notation
132 | timers
133 | holdtime 60
134 | advertisement-interval 1
135 | graceful-restart-timer 43200
136 | eor-timer 300
137 | exit
138 | address-family ipv4
139 | advertise bgp
140 | advertise connected
141 | advertise static
142 | !
143 | address-family ipv6
144 | advertise bgp
145 | advertise connected
146 | advertise static
147 | !
148 | !
149 | !
150 | !
151 | --==BOUNDARY==
--------------------------------------------------------------------------------
/06-MRF-Multicloud/gcp-region-2b-sdwan-r1-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - otp : d59b97bf2d564e89916e2f1020aa8e98
10 | - vbond : 44.227.177.103
11 | - org : mrf-multicloud-demo
12 | - uuid : C8K-84B4CE76-EF38-66BC-43EB-A58E70A3CD14
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Reg2-Sub2-ER1
20 | !
21 | username admin privilege 15 password Cisco123#
22 | !
23 | system
24 | system-ip 221.1.1.11
25 | site-id 221
26 | organization-name mrf-multicloud-demo
27 | vbond 44.227.177.103
28 | region 2
29 | !
30 | !
31 | vrf definition 10
32 | rd 1:10
33 | address-family ipv4
34 | route-target export 64550:1
35 | route-target import 64550:1
36 | exit-address-family
37 | !
38 | address-family ipv6
39 | exit-address-family
40 | !
41 | !
42 | vrf definition Mgmt-intf
43 | description Management
44 | rd 1:512
45 | address-family ipv4
46 | route-target export 1:512
47 | route-target import 1:512
48 | exit-address-family
49 | !
50 | address-family ipv6
51 | exit-address-family
52 | !
53 | !
54 | interface GigabitEthernet1
55 | no shutdown
56 | vrf forwarding Mgmt-intf
57 | ip address dhcp client-id GigabitEthernet1
58 | ip dhcp client default-router distance 1
59 | ip mtu 1500
60 | mtu 1500
61 | negotiation auto
62 | exit
63 | !
64 | interface GigabitEthernet2
65 | no shut
66 | ip address dhcp client-id GigabitEthernet2
67 | ip dhcp client default-router distance 1
68 | ip mtu 1500
69 | mtu 1500
70 | negotiation auto
71 | !
72 | interface GigabitEthernet3
73 | no shut
74 | ip address dhcp
75 | !
76 | interface Loopback10
77 | no shutdown
78 | vrf forwarding 10
79 | ip address 10.221.1.11 255.255.255.255
80 | !
81 | ip route 0.0.0.0 0.0.0.0 10.221.2.1
82 | !
83 | interface Tunnel2
84 | no shutdown
85 | ip unnumbered GigabitEthernet2
86 | no ip redirects
87 | ipv6 unnumbered GigabitEthernet2
88 | no ipv6 redirects
89 | tunnel source GigabitEthernet2
90 | tunnel mode sdwan
91 | exit
92 | !
93 | sdwan
94 | interface GigabitEthernet2
95 | tunnel-interface
96 | encapsulation ipsec weight 1
97 | no border
98 | color public-internet
99 | no last-resort-circuit
100 | no low-bandwidth-link
101 | max-control-connections 2
102 | no vbond-as-stun-server
103 | vmanage-connection-preference 5
104 | port-hop
105 | carrier default
106 | nat-refresh-interval 5
107 | hello-interval 1000
108 | hello-tolerance 12
109 | allow-service all
110 | no allow-service bgp
111 | allow-service dhcp
112 | allow-service dns
113 | allow-service icmp
114 | allow-service sshd
115 | allow-service netconf
116 | allow-service ntp
117 | no allow-service ospf
118 | no allow-service stun
119 | allow-service https
120 | no allow-service snmp
121 | exit
122 | exit
123 | appqoe
124 | no tcpopt enable
125 | !
126 | omp
127 | no shutdown
128 | send-path-limit 4
129 | ecmp-limit 4
130 | graceful-restart
131 | no as-dot-notation
132 | timers
133 | holdtime 60
134 | advertisement-interval 1
135 | graceful-restart-timer 43200
136 | eor-timer 300
137 | exit
138 | address-family ipv4
139 | advertise bgp
140 | advertise connected
141 | advertise static
142 | !
143 | address-family ipv6
144 | advertise bgp
145 | advertise connected
146 | advertise static
147 | !
148 | !
149 | !
150 | !
151 | --==BOUNDARY==
--------------------------------------------------------------------------------
/06-MRF-Multicloud/aws-region-1a-sdwan-r1-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - otp : f4768ac87c194b819f354db8d51dc0a9
10 | - vbond : 44.227.177.103
11 | - org : mrf-multicloud-demo
12 | - uuid : C8K-2FD9D8D5-01F3-EE7D-1640-E74056A93C4A
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Reg1-Sub1-ER1
20 | !
21 | username admin privilege 15 secret 9 $14$TCb8$6ue4SRg7Km1YVU$Wk8NIGjd.5r0Uap3NBckoiCWE3O/KbU/B4LfZGgKaME
22 | username npitaev privilege 15 secret 9 $14$7jZw$gU7w9XsLqhm50U$lW.NfvcSzZwuDi3vwjQLJMwKHTy/t69EzFeqs46LdRo
23 | !
24 | system
25 | system-ip 11.1.1.1
26 | site-id 11
27 | organization-name mrf-multicloud-demo
28 | vbond 44.227.177.103
29 | region 1
30 | !
31 | !
32 | vrf definition 10
33 | rd 1:10
34 | address-family ipv4
35 | route-target export 64550:1
36 | route-target import 64550:1
37 | exit-address-family
38 | !
39 | address-family ipv6
40 | exit-address-family
41 | !
42 | !
43 | vrf definition Mgmt-intf
44 | description Management
45 | rd 1:512
46 | address-family ipv4
47 | route-target export 1:512
48 | route-target import 1:512
49 | exit-address-family
50 | !
51 | address-family ipv6
52 | exit-address-family
53 | !
54 | !
55 | interface GigabitEthernet1
56 | no shutdown
57 | vrf forwarding Mgmt-intf
58 | ip address dhcp client-id GigabitEthernet1
59 | ip dhcp client default-router distance 1
60 | ip mtu 1500
61 | mtu 1500
62 | negotiation auto
63 | exit
64 | !
65 | interface GigabitEthernet2
66 | no shut
67 | ip address dhcp client-id GigabitEthernet2
68 | ip dhcp client default-router distance 1
69 | ip mtu 1500
70 | mtu 1500
71 | negotiation auto
72 | !
73 | interface GigabitEthernet3
74 | no shut
75 | ip address dhcp
76 | !
77 | interface Loopback10
78 | no shutdown
79 | vrf forwarding 10
80 | ip address 10.11.1.11 255.255.255.255
81 | !
82 | !
83 | interface Tunnel2
84 | no shutdown
85 | ip unnumbered GigabitEthernet2
86 | no ip redirects
87 | ipv6 unnumbered GigabitEthernet2
88 | no ipv6 redirects
89 | tunnel source GigabitEthernet2
90 | tunnel mode sdwan
91 | exit
92 | !
93 | sdwan
94 | interface GigabitEthernet2
95 | tunnel-interface
96 | encapsulation ipsec weight 1
97 | no border
98 | color public-internet
99 | no last-resort-circuit
100 | no low-bandwidth-link
101 | max-control-connections 2
102 | no vbond-as-stun-server
103 | vmanage-connection-preference 5
104 | port-hop
105 | carrier default
106 | nat-refresh-interval 5
107 | hello-interval 1000
108 | hello-tolerance 12
109 | allow-service all
110 | no allow-service bgp
111 | allow-service dhcp
112 | allow-service dns
113 | allow-service icmp
114 | allow-service sshd
115 | allow-service netconf
116 | allow-service ntp
117 | no allow-service ospf
118 | no allow-service stun
119 | allow-service https
120 | no allow-service snmp
121 | exit
122 | exit
123 | appqoe
124 | no tcpopt enable
125 | !
126 | omp
127 | no shutdown
128 | send-path-limit 4
129 | ecmp-limit 4
130 | graceful-restart
131 | no as-dot-notation
132 | timers
133 | holdtime 60
134 | advertisement-interval 1
135 | graceful-restart-timer 43200
136 | eor-timer 300
137 | exit
138 | address-family ipv4
139 | advertise bgp
140 | advertise connected
141 | advertise static
142 | !
143 | address-family ipv6
144 | advertise bgp
145 | advertise connected
146 | advertise static
147 | !
148 | !
149 | !
150 | !
151 | --==BOUNDARY==
--------------------------------------------------------------------------------
/06-MRF-Multicloud/aws-region-2a-sdwan-r1-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - otp : b94f07fc8ba94e0098a17ede0cd6811e
10 | - vbond : 44.227.177.103
11 | - org : mrf-multicloud-demo
12 | - uuid : C8K-4A291D7C-EFDD-3F2F-B48A-5BA1E5A3C8E6
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Reg2-Sub1-ER1
20 | !
21 | username admin privilege 15 secret 9 $14$TCb8$6ue4SRg7Km1YVU$Wk8NIGjd.5r0Uap3NBckoiCWE3O/KbU/B4LfZGgKaME
22 | username npitaev privilege 15 secret 9 $14$7jZw$gU7w9XsLqhm50U$lW.NfvcSzZwuDi3vwjQLJMwKHTy/t69EzFeqs46LdRo
23 | !
24 | system
25 | system-ip 211.1.1.1
26 | site-id 211
27 | organization-name mrf-multicloud-demo
28 | vbond 44.227.177.103
29 | region 2
30 | !
31 | !
32 | vrf definition 10
33 | rd 1:10
34 | address-family ipv4
35 | route-target export 64550:1
36 | route-target import 64550:1
37 | exit-address-family
38 | !
39 | address-family ipv6
40 | exit-address-family
41 | !
42 | !
43 | vrf definition Mgmt-intf
44 | description Management
45 | rd 1:512
46 | address-family ipv4
47 | route-target export 1:512
48 | route-target import 1:512
49 | exit-address-family
50 | !
51 | address-family ipv6
52 | exit-address-family
53 | !
54 | !
55 | interface GigabitEthernet1
56 | no shutdown
57 | vrf forwarding Mgmt-intf
58 | ip address dhcp client-id GigabitEthernet1
59 | ip dhcp client default-router distance 1
60 | ip mtu 1500
61 | mtu 1500
62 | negotiation auto
63 | exit
64 | !
65 | interface GigabitEthernet2
66 | no shut
67 | ip address dhcp client-id GigabitEthernet2
68 | ip dhcp client default-router distance 1
69 | ip mtu 1500
70 | mtu 1500
71 | negotiation auto
72 | !
73 | interface GigabitEthernet3
74 | no shut
75 | ip address dhcp
76 | !
77 | interface Loopback10
78 | no shutdown
79 | vrf forwarding 10
80 | ip address 10.211.1.11 255.255.255.255
81 | !
82 | !
83 | interface Tunnel2
84 | no shutdown
85 | ip unnumbered GigabitEthernet2
86 | no ip redirects
87 | ipv6 unnumbered GigabitEthernet2
88 | no ipv6 redirects
89 | tunnel source GigabitEthernet2
90 | tunnel mode sdwan
91 | exit
92 | !
93 | sdwan
94 | interface GigabitEthernet2
95 | tunnel-interface
96 | encapsulation ipsec weight 1
97 | no border
98 | color public-internet
99 | no last-resort-circuit
100 | no low-bandwidth-link
101 | max-control-connections 2
102 | no vbond-as-stun-server
103 | vmanage-connection-preference 5
104 | port-hop
105 | carrier default
106 | nat-refresh-interval 5
107 | hello-interval 1000
108 | hello-tolerance 12
109 | allow-service all
110 | no allow-service bgp
111 | allow-service dhcp
112 | allow-service dns
113 | allow-service icmp
114 | allow-service sshd
115 | allow-service netconf
116 | allow-service ntp
117 | no allow-service ospf
118 | no allow-service stun
119 | allow-service https
120 | no allow-service snmp
121 | exit
122 | exit
123 | appqoe
124 | no tcpopt enable
125 | !
126 | omp
127 | no shutdown
128 | send-path-limit 4
129 | ecmp-limit 4
130 | graceful-restart
131 | no as-dot-notation
132 | timers
133 | holdtime 60
134 | advertisement-interval 1
135 | graceful-restart-timer 43200
136 | eor-timer 300
137 | exit
138 | address-family ipv4
139 | advertise bgp
140 | advertise connected
141 | advertise static
142 | !
143 | address-family ipv6
144 | advertise bgp
145 | advertise connected
146 | advertise static
147 | !
148 | !
149 | !
150 | !
151 | --==BOUNDARY==
--------------------------------------------------------------------------------
/06-MRF-Multicloud/gcp-core-1b-sdwan-r1-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - uuid : C8K-4FC0C6DA-2690-984A-832D-C5B377E8F3D6
10 | - otp : 1a1bec7108ec412990fc22c948e967fc
11 | - vbond : 44.227.177.103
12 | - org : mrf-multicloud-demo
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Core-West-GCP-BR1
20 | !
21 | username admin privilege 15 password Cisco123#
22 | !
23 | ntp server 169.254.169.123
24 | !
25 | system
26 | system-ip 103.1.1.1
27 | site-id 103
28 | organization-name "mrf-multicloud-demo"
29 | sp-organization-name "mrf-multicloud-demo"
30 | vbond 44.227.177.103 port 12346
31 | !
32 | vrf definition 10
33 | rd 1:10
34 | address-family ipv4
35 | route-target export 64550:1
36 | route-target import 64550:1
37 | exit-address-family
38 | !
39 | address-family ipv6
40 | exit-address-family
41 | !
42 | !
43 | vrf definition Mgmt-intf
44 | description Management
45 | rd 1:512
46 | address-family ipv4
47 | route-target export 1:512
48 | route-target import 1:512
49 | exit-address-family
50 | !
51 | address-family ipv6
52 | exit-address-family
53 | !
54 | !
55 | interface GigabitEthernet1
56 | description TRANSPORT - INET
57 | ip address dhcp
58 | negotiation auto
59 | no mop enabled
60 | no mop sysid
61 | !
62 | interface GigabitEthernet2
63 | description TRANSPORT - CORE
64 | ip address dhcp
65 | negotiation auto
66 | no mop enabled
67 | no mop sysid
68 | !
69 | interface Tunnel1
70 | ip unnumbered GigabitEthernet1
71 | tunnel source GigabitEthernet1
72 | tunnel mode sdwan
73 | !
74 | interface Tunnel2
75 | ip unnumbered GigabitEthernet2
76 | tunnel source GigabitEthernet2
77 | tunnel mode sdwan
78 | !
79 | interface Loopback10
80 | no shutdown
81 | vrf forwarding 10
82 | ip address 10.103.1.11 255.255.255.255
83 | !
84 | sdwan
85 | interface GigabitEthernet1
86 | tunnel-interface
87 | encapsulation ipsec weight 1
88 | no border
89 | color public-internet
90 | no last-resort-circuit
91 | no low-bandwidth-link
92 | max-control-connections 2
93 | no vbond-as-stun-server
94 | vmanage-connection-preference 5
95 | port-hop
96 | carrier default
97 | nat-refresh-interval 5
98 | hello-interval 1000
99 | hello-tolerance 12
100 | allow-service all
101 | no allow-service bgp
102 | allow-service dhcp
103 | allow-service dns
104 | allow-service icmp
105 | allow-service sshd
106 | allow-service netconf
107 | allow-service ntp
108 | no allow-service ospf
109 | no allow-service stun
110 | allow-service https
111 | no allow-service snmp
112 | exit
113 | exit
114 | interface GigabitEthernet2
115 | tunnel-interface
116 | encapsulation ipsec weight 1
117 | no border
118 | color private2 restrict
119 | no last-resort-circuit
120 | no low-bandwidth-link
121 | max-control-connections 0
122 | no vbond-as-stun-server
123 | vmanage-connection-preference 5
124 | port-hop
125 | carrier default
126 | nat-refresh-interval 5
127 | hello-interval 1000
128 | hello-tolerance 12
129 | allow-service all
130 | no allow-service bgp
131 | allow-service dhcp
132 | allow-service dns
133 | allow-service icmp
134 | allow-service sshd
135 | allow-service netconf
136 | allow-service ntp
137 | no allow-service ospf
138 | no allow-service stun
139 | allow-service https
140 | no allow-service snmp
141 | exit
142 | exit
143 | !
144 | line vty 0 4
145 | transport input ssh
146 | !
147 | --==BOUNDARY==
148 |
--------------------------------------------------------------------------------
/06-MRF-Multicloud/gcp-core-2b-sdwan-r1-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - uuid : C8K-58106A81-7160-402E-FDA6-83C5B09577BD
10 | - otp : 7f76c8e5d3524f609c48e39c13f68af1
11 | - vbond : 44.227.177.103
12 | - org : mrf-multicloud-demo
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Core-East-GCP-BR1
20 | !
21 | username admin privilege 15 password Cisco123#
22 | !
23 | ntp server 169.254.169.123
24 | !
25 | system
26 | system-ip 104.1.1.1
27 | site-id 104
28 | organization-name "mrf-multicloud-demo"
29 | sp-organization-name "mrf-multicloud-demo"
30 | vbond 44.227.177.103 port 12346
31 | !
32 | vrf definition 10
33 | rd 1:10
34 | address-family ipv4
35 | route-target export 64550:1
36 | route-target import 64550:1
37 | exit-address-family
38 | !
39 | address-family ipv6
40 | exit-address-family
41 | !
42 | !
43 | vrf definition Mgmt-intf
44 | description Management
45 | rd 1:512
46 | address-family ipv4
47 | route-target export 1:512
48 | route-target import 1:512
49 | exit-address-family
50 | !
51 | address-family ipv6
52 | exit-address-family
53 | !
54 | !
55 | interface GigabitEthernet1
56 | description TRANSPORT - INET
57 | ip address dhcp
58 | negotiation auto
59 | no mop enabled
60 | no mop sysid
61 | !
62 | interface GigabitEthernet2
63 | description TRANSPORT - CORE
64 | ip address dhcp
65 | negotiation auto
66 | no mop enabled
67 | no mop sysid
68 | !
69 | interface Tunnel1
70 | ip unnumbered GigabitEthernet1
71 | tunnel source GigabitEthernet1
72 | tunnel mode sdwan
73 | !
74 | interface Tunnel2
75 | ip unnumbered GigabitEthernet2
76 | tunnel source GigabitEthernet2
77 | tunnel mode sdwan
78 | !
79 | interface Loopback10
80 | no shutdown
81 | vrf forwarding 10
82 | ip address 10.104.1.11 255.255.255.255
83 | !
84 | sdwan
85 | interface GigabitEthernet1
86 | tunnel-interface
87 | encapsulation ipsec weight 1
88 | no border
89 | color public-internet
90 | no last-resort-circuit
91 | no low-bandwidth-link
92 | max-control-connections 2
93 | no vbond-as-stun-server
94 | vmanage-connection-preference 5
95 | port-hop
96 | carrier default
97 | nat-refresh-interval 5
98 | hello-interval 1000
99 | hello-tolerance 12
100 | allow-service all
101 | no allow-service bgp
102 | allow-service dhcp
103 | allow-service dns
104 | allow-service icmp
105 | allow-service sshd
106 | allow-service netconf
107 | allow-service ntp
108 | no allow-service ospf
109 | no allow-service stun
110 | allow-service https
111 | no allow-service snmp
112 | exit
113 | exit
114 | interface GigabitEthernet2
115 | tunnel-interface
116 | encapsulation ipsec weight 1
117 | no border
118 | color private2 restrict
119 | no last-resort-circuit
120 | no low-bandwidth-link
121 | max-control-connections 0
122 | no vbond-as-stun-server
123 | vmanage-connection-preference 5
124 | port-hop
125 | carrier default
126 | nat-refresh-interval 5
127 | hello-interval 1000
128 | hello-tolerance 12
129 | allow-service all
130 | no allow-service bgp
131 | allow-service dhcp
132 | allow-service dns
133 | allow-service icmp
134 | allow-service sshd
135 | allow-service netconf
136 | allow-service ntp
137 | no allow-service ospf
138 | no allow-service stun
139 | allow-service https
140 | no allow-service snmp
141 | exit
142 | exit
143 | !
144 | line vty 0 4
145 | transport input ssh
146 | !
147 | --==BOUNDARY==
148 |
--------------------------------------------------------------------------------
/06-MRF-Multicloud/aws-core-1a-sdwan-r1-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - otp : 75499bc305d44f24b3dd6cf7a0623bdf
10 | - vbond : 44.227.177.103
11 | - org : mrf-multicloud-demo
12 | - uuid : C8K-0BE68732-4F94-0624-F0D7-659785D2240C
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Core-West-AWS-BR1
20 | !
21 | username admin privilege 15 secret 9 $14$TCb8$6ue4SRg7Km1YVU$Wk8NIGjd.5r0Uap3NBckoiCWE3O/KbU/B4LfZGgKaME
22 | username npitaev privilege 15 secret 9 $14$7jZw$gU7w9XsLqhm50U$lW.NfvcSzZwuDi3vwjQLJMwKHTy/t69EzFeqs46LdRo
23 | !
24 | system
25 | system-ip 101.1.1.1
26 | site-id 101
27 | organization-name mrf-multicloud-demo
28 | vbond 44.227.177.103
29 | !
30 | !
31 | vrf definition 10
32 | rd 1:10
33 | address-family ipv4
34 | route-target export 64550:1
35 | route-target import 64550:1
36 | exit-address-family
37 | !
38 | address-family ipv6
39 | exit-address-family
40 | !
41 | !
42 | vrf definition Mgmt-intf
43 | description Management
44 | rd 1:512
45 | address-family ipv4
46 | route-target export 1:512
47 | route-target import 1:512
48 | exit-address-family
49 | !
50 | address-family ipv6
51 | exit-address-family
52 | !
53 | !
54 | interface GigabitEthernet1
55 | no shutdown
56 | vrf forwarding Mgmt-intf
57 | ip address dhcp client-id GigabitEthernet1
58 | ip dhcp client default-router distance 1
59 | ip mtu 1500
60 | mtu 1500
61 | negotiation auto
62 | exit
63 | !
64 | interface GigabitEthernet2
65 | no shut
66 | ip address dhcp client-id GigabitEthernet2
67 | ip dhcp client default-router distance 1
68 | ip mtu 1500
69 | mtu 1500
70 | negotiation auto
71 | !
72 | interface GigabitEthernet3
73 | no shut
74 | ip address dhcp
75 | !
76 | interface Loopback10
77 | no shutdown
78 | vrf forwarding 10
79 | ip address 10.101.1.11 255.255.255.255
80 | !
81 | !
82 | interface Tunnel2
83 | no shutdown
84 | ip unnumbered GigabitEthernet2
85 | no ip redirects
86 | ipv6 unnumbered GigabitEthernet2
87 | no ipv6 redirects
88 | tunnel source GigabitEthernet2
89 | tunnel mode sdwan
90 | exit
91 | !
92 | interface Tunnel3
93 | no shutdown
94 | ip unnumbered GigabitEthernet3
95 | no ip redirects
96 | ipv6 unnumbered GigabitEthernet3
97 | no ipv6 redirects
98 | tunnel source GigabitEthernet3
99 | tunnel mode sdwan
100 | exit
101 | !
102 | sdwan
103 | interface GigabitEthernet2
104 | tunnel-interface
105 | encapsulation ipsec weight 1
106 | no border
107 | color public-internet
108 | no last-resort-circuit
109 | no low-bandwidth-link
110 | max-control-connections 2
111 | no vbond-as-stun-server
112 | vmanage-connection-preference 5
113 | port-hop
114 | carrier default
115 | nat-refresh-interval 5
116 | hello-interval 1000
117 | hello-tolerance 12
118 | allow-service all
119 | no allow-service bgp
120 | allow-service dhcp
121 | allow-service dns
122 | allow-service icmp
123 | allow-service sshd
124 | allow-service netconf
125 | allow-service ntp
126 | no allow-service ospf
127 | no allow-service stun
128 | allow-service https
129 | no allow-service snmp
130 | exit
131 | exit
132 | interface GigabitEthernet3
133 | tunnel-interface
134 | encapsulation ipsec weight 1
135 | no border
136 | color private1 restrict
137 | no last-resort-circuit
138 | no low-bandwidth-link
139 | max-control-connections 0
140 | no vbond-as-stun-server
141 | vmanage-connection-preference 5
142 | port-hop
143 | carrier default
144 | nat-refresh-interval 5
145 | hello-interval 1000
146 | hello-tolerance 12
147 | allow-service all
148 | no allow-service bgp
149 | allow-service dhcp
150 | allow-service dns
151 | allow-service icmp
152 | allow-service sshd
153 | allow-service netconf
154 | allow-service ntp
155 | no allow-service ospf
156 | no allow-service stun
157 | allow-service https
158 | no allow-service snmp
159 | exit
160 | exit
161 | appqoe
162 | no tcpopt enable
163 | !
164 | omp
165 | no shutdown
166 | send-path-limit 4
167 | ecmp-limit 4
168 | graceful-restart
169 | no as-dot-notation
170 | timers
171 | holdtime 60
172 | advertisement-interval 1
173 | graceful-restart-timer 43200
174 | eor-timer 300
175 | exit
176 | address-family ipv4
177 | advertise bgp
178 | advertise connected
179 | advertise static
180 | !
181 | address-family ipv6
182 | advertise bgp
183 | advertise connected
184 | advertise static
185 | !
186 | !
187 | !
188 | !
189 | --==BOUNDARY==
--------------------------------------------------------------------------------
/06-MRF-Multicloud/aws-core-2a-sdwan-r1-cloud-init.user_data:
--------------------------------------------------------------------------------
1 | Content-Type: multipart/mixed; boundary="==BOUNDARY=="
2 | MIME-Version: 1.0
3 |
4 | --==BOUNDARY==
5 | Content-Type: text/cloud-config; charset="us-ascii"
6 |
7 | #cloud-config
8 | vinitparam:
9 | - otp : e5bf369aea56432488367d700cdc1956
10 | - vbond : 44.227.177.103
11 | - org : mrf-multicloud-demo
12 | - uuid : C8K-0BFD0646-55A9-DA40-BE21-B70BADD184FE
13 |
14 | --==BOUNDARY==
15 | Content-Type: text/cloud-boothook; charset="us-ascii"
16 |
17 | #cloud-boothook
18 |
19 | hostname Core-East-AWS-BR1
20 | !
21 | username adminuser privilege 15 secret 9 $14$TCb8$6ue4SRg7Km1YVU$Wk8NIGjd.5r0Uap3NBckoiCWE3O/KbU/B4LfZGgKaME
22 | username npitaev privilege 15 secret 9 $14$7jZw$gU7w9XsLqhm50U$lW.NfvcSzZwuDi3vwjQLJMwKHTy/t69EzFeqs46LdRo
23 | !
24 | system
25 | system-ip 102.1.1.1
26 | site-id 102
27 | organization-name mrf-multicloud-demo
28 | vbond 44.227.177.103
29 | !
30 | !
31 | vrf definition 10
32 | rd 1:10
33 | address-family ipv4
34 | route-target export 64550:1
35 | route-target import 64550:1
36 | exit-address-family
37 | !
38 | address-family ipv6
39 | exit-address-family
40 | !
41 | !
42 | vrf definition Mgmt-intf
43 | description Management
44 | rd 1:512
45 | address-family ipv4
46 | route-target export 1:512
47 | route-target import 1:512
48 | exit-address-family
49 | !
50 | address-family ipv6
51 | exit-address-family
52 | !
53 | !
54 | interface GigabitEthernet1
55 | no shutdown
56 | vrf forwarding Mgmt-intf
57 | ip address dhcp client-id GigabitEthernet1
58 | ip dhcp client default-router distance 1
59 | ip mtu 1500
60 | mtu 1500
61 | negotiation auto
62 | exit
63 | !
64 | interface GigabitEthernet2
65 | no shut
66 | ip address dhcp client-id GigabitEthernet2
67 | ip dhcp client default-router distance 1
68 | ip mtu 1500
69 | mtu 1500
70 | negotiation auto
71 | !
72 | interface GigabitEthernet3
73 | no shut
74 | ip address dhcp
75 | !
76 | interface Loopback10
77 | no shutdown
78 | vrf forwarding 10
79 | ip address 10.102.1.11 255.255.255.255
80 | !
81 | interface Tunnel2
82 | no shutdown
83 | ip unnumbered GigabitEthernet2
84 | no ip redirects
85 | ipv6 unnumbered GigabitEthernet2
86 | no ipv6 redirects
87 | tunnel source GigabitEthernet2
88 | tunnel mode sdwan
89 | exit
90 | !
91 | interface Tunnel3
92 | no shutdown
93 | ip unnumbered GigabitEthernet3
94 | no ip redirects
95 | ipv6 unnumbered GigabitEthernet3
96 | no ipv6 redirects
97 | tunnel source GigabitEthernet3
98 | tunnel mode sdwan
99 | exit
100 | !
101 | sdwan
102 | interface GigabitEthernet2
103 | tunnel-interface
104 | encapsulation ipsec weight 1
105 | no border
106 | color public-internet restrict
107 | no last-resort-circuit
108 | no low-bandwidth-link
109 | max-control-connections 2
110 | no vbond-as-stun-server
111 | vmanage-connection-preference 5
112 | port-hop
113 | carrier default
114 | nat-refresh-interval 5
115 | hello-interval 1000
116 | hello-tolerance 12
117 | allow-service all
118 | no allow-service bgp
119 | allow-service dhcp
120 | allow-service dns
121 | allow-service icmp
122 | allow-service sshd
123 | allow-service netconf
124 | allow-service ntp
125 | no allow-service ospf
126 | no allow-service stun
127 | allow-service https
128 | no allow-service snmp
129 | exit
130 | exit
131 | interface GigabitEthernet3
132 | tunnel-interface
133 | encapsulation ipsec weight 1
134 | no border
135 | color private1 restrict
136 | no last-resort-circuit
137 | no low-bandwidth-link
138 | max-control-connections 0
139 | no vbond-as-stun-server
140 | vmanage-connection-preference 5
141 | port-hop
142 | carrier default
143 | nat-refresh-interval 5
144 | hello-interval 1000
145 | hello-tolerance 12
146 | allow-service all
147 | no allow-service bgp
148 | allow-service dhcp
149 | allow-service dns
150 | allow-service icmp
151 | allow-service sshd
152 | allow-service netconf
153 | allow-service ntp
154 | no allow-service ospf
155 | no allow-service stun
156 | allow-service https
157 | no allow-service snmp
158 | exit
159 | exit
160 | appqoe
161 | no tcpopt enable
162 | !
163 | omp
164 | no shutdown
165 | send-path-limit 4
166 | ecmp-limit 4
167 | graceful-restart
168 | no as-dot-notation
169 | timers
170 | holdtime 60
171 | advertisement-interval 1
172 | graceful-restart-timer 43200
173 | eor-timer 300
174 | exit
175 | address-family ipv4
176 | advertise bgp
177 | advertise connected
178 | advertise static
179 | !
180 | address-family ipv6
181 | advertise bgp
182 | advertise connected
183 | advertise static
184 | !
185 | !
186 | !
187 | !
188 | --==BOUNDARY==
--------------------------------------------------------------------------------
/03-CSP-Region1-Cloud-App/cloud-app.tf:
--------------------------------------------------------------------------------
1 | # This file will create AWS Infrastructure (VPC, Subnets, IGW, Route Tables, etc) for SD-WAN Branch 1 with host and SD-WAN router for the ${var.bucket_prefix} demo
2 |
3 | # Create Branch VPC:
4 |
5 | resource "aws_vpc" "vpc_cloud-site" {
6 | cidr_block = var.aws_cloud-site_vpc_cidr
7 | provider = aws.cloud-site
8 | tags = {
9 | Name = "${var.bucket_prefix} Cloud App VPC"
10 | }
11 | }
12 |
13 | # Create Subnets:
14 |
15 | resource "aws_subnet" "cloud-site_vpc_subnet-1" {
16 | vpc_id = aws_vpc.vpc_cloud-site.id
17 | cidr_block = var.aws_cloud-site_vpc_subnet-1_cidr
18 | map_public_ip_on_launch = "true" //it makes this a public subnet
19 | availability_zone = var.aws_cloud-site_az
20 | tags = {
21 | Name = "${var.bucket_prefix} Cloud App Subnet-1 Mgmt"
22 | }
23 | }
24 |
25 | resource "aws_subnet" "cloud-site_vpc_subnet-2" {
26 | vpc_id = aws_vpc.vpc_cloud-site.id
27 | cidr_block = var.aws_cloud-site_vpc_subnet-2_cidr
28 | availability_zone = var.aws_cloud-site_az
29 | tags = {
30 | Name = "${var.bucket_prefix} Cloud App Subnet-2"
31 | }
32 | }
33 |
34 |
35 | # Create IGW for Internet Access:
36 |
37 | resource "aws_internet_gateway" "cloud-site_vpc_igw" {
38 | vpc_id = aws_vpc.vpc_cloud-site.id
39 | tags = {
40 | Name = "${var.bucket_prefix} Cloud App VPC IGW"
41 | }
42 | }
43 |
44 |
45 | # Create route tables and default route pointing to IGW in VPN512 and VPN0:
46 |
47 | resource "aws_route_table" "cloud-site_vpc_mgmt_rt" {
48 | vpc_id = aws_vpc.vpc_cloud-site.id
49 | route {
50 | //associated subnet can reach everywhere
51 | cidr_block = "0.0.0.0/0" //CRT uses this IGW to reach internet
52 | gateway_id = aws_internet_gateway.cloud-site_vpc_igw.id
53 | }
54 | tags = {
55 | Name = "${var.bucket_prefix} Cloud App VPC Mgmt RT"
56 | }
57 | }
58 |
59 |
60 | resource "aws_route_table" "cloud-site_vpc_rt_vpn10" {
61 | vpc_id = aws_vpc.vpc_cloud-site.id
62 | tags = {
63 | Name = "${var.bucket_prefix} Cloud App VPC RT Service VPN 10"
64 | }
65 | }
66 |
67 |
68 | # Associate CRT and Subnet for Mgmt and Traffic:
69 |
70 | resource "aws_route_table_association" "cloud-site_vpc_rta_subnet-1"{
71 | subnet_id = aws_subnet.cloud-site_vpc_subnet-1.id
72 | route_table_id = aws_route_table.cloud-site_vpc_mgmt_rt.id
73 | }
74 |
75 | resource "aws_route_table_association" "cloud-site_vpc_rta_subnet-2"{
76 | subnet_id = aws_subnet.cloud-site_vpc_subnet-2.id
77 | route_table_id = aws_route_table.cloud-site_vpc_rt_vpn10.id
78 | }
79 |
80 |
81 | # Create security group:
82 |
83 | resource "aws_security_group" "cloud-site_vpc_mgmt_sg" {
84 | vpc_id = aws_vpc.vpc_cloud-site.id
85 |
86 | egress {
87 | from_port = 0
88 | to_port = 0
89 | protocol = -1
90 | cidr_blocks = ["0.0.0.0/0"]
91 | }
92 |
93 | ingress {
94 | from_port = 22
95 | to_port = 22
96 | protocol = "tcp"
97 | cidr_blocks = [var.ssh_allow_cidr]
98 | }
99 |
100 | ingress {
101 | from_port = 8 #allow ping
102 | to_port = 0
103 | protocol = "icmp"
104 | cidr_blocks = [var.ssh_allow_cidr]
105 | }
106 |
107 | ingress {
108 | from_port = 8 #allow ping
109 | to_port = 0
110 | protocol = "icmp"
111 | cidr_blocks = ["10.0.0.0/8"]
112 | }
113 |
114 | ingress {
115 | from_port = 0
116 | to_port = 0
117 | protocol = "-1"
118 | self = "true"
119 | }
120 |
121 | tags = {
122 | Name = "${var.bucket_prefix} Cloud App Mgmt SG"
123 | }
124 | }
125 |
126 |
127 | resource "aws_security_group" "cloud-site_vpc_sg" {
128 | vpc_id = aws_vpc.vpc_cloud-site.id
129 |
130 | egress {
131 | from_port = 0
132 | to_port = 0
133 | protocol = -1
134 | cidr_blocks = ["0.0.0.0/0"]
135 | }
136 |
137 | ingress {
138 | from_port = 22
139 | to_port = 22
140 | protocol = "tcp"
141 | cidr_blocks = [var.ssh_allow_cidr]
142 | }
143 |
144 | ingress {
145 | from_port = 8 #allow ping
146 | to_port = 0
147 | protocol = "icmp"
148 | cidr_blocks = [var.ssh_allow_cidr]
149 | }
150 |
151 | ingress {
152 | from_port = 8 #allow ping
153 | to_port = 0
154 | protocol = "icmp"
155 | cidr_blocks = ["10.0.0.0/8"]
156 | }
157 |
158 | ingress {
159 | from_port = 8001
160 | to_port = 8009
161 | protocol = "tcp"
162 | // For TE Probing
163 | cidr_blocks = ["0.0.0.0/0"]
164 | }
165 |
166 | tags = {
167 | Name = "${var.bucket_prefix} Cloud App VPC SG"
168 | }
169 | }
170 |
171 |
172 | # Create NICs for the host:
173 |
174 | resource "aws_network_interface" "host1_nic1" {
175 | subnet_id = aws_subnet.cloud-site_vpc_subnet-1.id
176 | private_ips = [var.aws_host1-subnet-1_private_ip]
177 | security_groups = [aws_security_group.cloud-site_vpc_mgmt_sg.id]
178 | source_dest_check = false
179 | description = "${var.bucket_prefix} Cloud App Host1 NIC1 MGMT"
180 | tags = {
181 | Name = "${var.bucket_prefix} Cloud App Host1 NIC1 MGMT"
182 | }
183 | }
184 |
185 | resource "aws_network_interface" "host1_nic2" {
186 | subnet_id = aws_subnet.cloud-site_vpc_subnet-2.id
187 | private_ips = [var.aws_host1-subnet-2_private_ip]
188 | security_groups = [aws_security_group.cloud-site_vpc_sg.id]
189 | source_dest_check = false
190 | description = "${var.bucket_prefix} Cloud App Host1 NIC2"
191 | tags = {
192 | Name = "${var.bucket_prefix} Cloud App Host1 NIC2"
193 | }
194 | }
195 |
196 |
197 | # Create Host VM:
198 |
199 | resource "aws_instance" "cloud-site_host1" {
200 | ami = var.aws_ami_id_host1
201 | instance_type = var.aws_ami_type_host1
202 | key_name = var.aws_key_pair_name
203 | availability_zone = var.aws_cloud-site_az
204 |
205 | network_interface {
206 | device_index = 0
207 | network_interface_id = aws_network_interface.host1_nic1.id
208 | delete_on_termination = false
209 | }
210 |
211 | network_interface {
212 | device_index = 1
213 | network_interface_id = aws_network_interface.host1_nic2.id
214 | delete_on_termination = false
215 | }
216 |
217 | tags = {
218 | Name = "${var.bucket_prefix} Cloud App Host1"
219 | }
220 |
221 | }
222 |
223 |
224 | # Allocate and assign public IP address to the mgmt interface for the host
225 |
226 | resource "aws_eip" "host1_nic1_eip_mgmt" {
227 | vpc = true
228 | network_interface = aws_network_interface.host1_nic1.id
229 | associate_with_private_ip = var.aws_host1-subnet-1_private_ip
230 | depends_on = [aws_instance.cloud-site_host1]
231 | tags = {
232 | Name = "${var.bucket_prefix} Cloud App Host1 Mgmt EIP"
233 | }
234 | }
235 |
--------------------------------------------------------------------------------
/04-CSP-Region2-Cloud-App/cloud-app.tf:
--------------------------------------------------------------------------------
1 | # This file will create AWS Infrastructure (VPC, Subnets, IGW, Route Tables, etc) for SD-WAN Branch 1 with host and SD-WAN router for the ${var.bucket_prefix} demo
2 |
3 | # Create Branch VPC:
4 |
5 | resource "aws_vpc" "vpc_cloud-site" {
6 | cidr_block = var.aws_cloud-site_vpc_cidr
7 | provider = aws.cloud-site
8 | tags = {
9 | Name = "${var.bucket_prefix} Cloud App VPC"
10 | }
11 | }
12 |
13 | # Create Subnets:
14 |
15 | resource "aws_subnet" "cloud-site_vpc_subnet-1" {
16 | vpc_id = aws_vpc.vpc_cloud-site.id
17 | cidr_block = var.aws_cloud-site_vpc_subnet-1_cidr
18 | map_public_ip_on_launch = "true" //it makes this a public subnet
19 | availability_zone = var.aws_cloud-site_az
20 | tags = {
21 | Name = "${var.bucket_prefix} Cloud App Subnet-1 Mgmt"
22 | }
23 | }
24 |
25 | resource "aws_subnet" "cloud-site_vpc_subnet-2" {
26 | vpc_id = aws_vpc.vpc_cloud-site.id
27 | cidr_block = var.aws_cloud-site_vpc_subnet-2_cidr
28 | availability_zone = var.aws_cloud-site_az
29 | tags = {
30 | Name = "${var.bucket_prefix} Cloud App Subnet-2"
31 | }
32 | }
33 |
34 |
35 | # Create IGW for Internet Access:
36 |
37 | resource "aws_internet_gateway" "cloud-site_vpc_igw" {
38 | vpc_id = aws_vpc.vpc_cloud-site.id
39 | tags = {
40 | Name = "${var.bucket_prefix} Cloud App VPC IGW"
41 | }
42 | }
43 |
44 |
45 | # Create route tables and default route pointing to IGW in VPN512 and VPN0:
46 |
47 | resource "aws_route_table" "cloud-site_vpc_mgmt_rt" {
48 | vpc_id = aws_vpc.vpc_cloud-site.id
49 | route {
50 | //associated subnet can reach everywhere
51 | cidr_block = "0.0.0.0/0" //CRT uses this IGW to reach internet
52 | gateway_id = aws_internet_gateway.cloud-site_vpc_igw.id
53 | }
54 | tags = {
55 | Name = "${var.bucket_prefix} Cloud App VPC Mgmt RT"
56 | }
57 | }
58 |
59 |
60 | resource "aws_route_table" "cloud-site_vpc_rt_vpn10" {
61 | vpc_id = aws_vpc.vpc_cloud-site.id
62 | tags = {
63 | Name = "${var.bucket_prefix} Cloud App VPC RT Service VPN 10"
64 | }
65 | }
66 |
67 |
68 | # Associate CRT and Subnet for Mgmt and Traffic:
69 |
70 | resource "aws_route_table_association" "cloud-site_vpc_rta_subnet-1"{
71 | subnet_id = aws_subnet.cloud-site_vpc_subnet-1.id
72 | route_table_id = aws_route_table.cloud-site_vpc_mgmt_rt.id
73 | }
74 |
75 | resource "aws_route_table_association" "cloud-site_vpc_rta_subnet-2"{
76 | subnet_id = aws_subnet.cloud-site_vpc_subnet-2.id
77 | route_table_id = aws_route_table.cloud-site_vpc_rt_vpn10.id
78 | }
79 |
80 |
81 | # Create security group:
82 |
83 | resource "aws_security_group" "cloud-site_vpc_mgmt_sg" {
84 | vpc_id = aws_vpc.vpc_cloud-site.id
85 |
86 | egress {
87 | from_port = 0
88 | to_port = 0
89 | protocol = -1
90 | cidr_blocks = ["0.0.0.0/0"]
91 | }
92 |
93 | ingress {
94 | from_port = 22
95 | to_port = 22
96 | protocol = "tcp"
97 | // This means, only Cisco San Jose and RTP VPN Cluster addresses are allowed!
98 | cidr_blocks = ["128.107.0.0/16","173.38.0.0/16"]
99 | }
100 |
101 | ingress {
102 | from_port = 8 #allow ping
103 | to_port = 0
104 | protocol = "icmp"
105 | cidr_blocks = ["128.107.0.0/16","173.38.0.0/16"]
106 | }
107 |
108 | ingress {
109 | from_port = 8 #allow ping
110 | to_port = 0
111 | protocol = "icmp"
112 | cidr_blocks = ["10.0.0.0/8"]
113 | }
114 |
115 | ingress {
116 | from_port = 0
117 | to_port = 0
118 | protocol = "-1"
119 | self = "true"
120 | }
121 |
122 | tags = {
123 | Name = "${var.bucket_prefix} Cloud App Mgmt SG"
124 | }
125 | }
126 |
127 |
128 | resource "aws_security_group" "cloud-site_vpc_sg" {
129 | vpc_id = aws_vpc.vpc_cloud-site.id
130 |
131 | egress {
132 | from_port = 0
133 | to_port = 0
134 | protocol = -1
135 | cidr_blocks = ["0.0.0.0/0"]
136 | }
137 |
138 | ingress {
139 | from_port = 22
140 | to_port = 22
141 | protocol = "tcp"
142 | // This means, only Cisco San Jose and RTP VPN Cluster addresses are allowed!
143 | cidr_blocks = ["128.107.0.0/16","173.38.0.0/16"]
144 | }
145 |
146 | ingress {
147 | from_port = 8 #allow ping
148 | to_port = 0
149 | protocol = "icmp"
150 | cidr_blocks = ["128.107.0.0/16","173.38.0.0/16"]
151 | }
152 |
153 | ingress {
154 | from_port = 8 #allow ping
155 | to_port = 0
156 | protocol = "icmp"
157 | cidr_blocks = ["10.0.0.0/8"]
158 | }
159 |
160 | ingress {
161 | from_port = 8001
162 | to_port = 8009
163 | protocol = "tcp"
164 | // For TE Probing
165 | cidr_blocks = ["0.0.0.0/0"]
166 | }
167 |
168 | ingress {
169 | from_port = 8001
170 | to_port = 8009
171 | protocol = "udp"
172 | // For TE Probing
173 | cidr_blocks = ["0.0.0.0/0"]
174 | }
175 |
176 | tags = {
177 | Name = "${var.bucket_prefix} Cloud App VPC SG"
178 | }
179 | }
180 |
181 |
182 | # Create NICs for the host:
183 |
184 | resource "aws_network_interface" "host1_nic1" {
185 | subnet_id = aws_subnet.cloud-site_vpc_subnet-1.id
186 | private_ips = [var.aws_host1-subnet-1_private_ip]
187 | security_groups = [aws_security_group.cloud-site_vpc_mgmt_sg.id]
188 | source_dest_check = false
189 | description = "${var.bucket_prefix} Cloud App Host1 NIC1 MGMT"
190 | tags = {
191 | Name = "${var.bucket_prefix} Cloud App Host1 NIC1 MGMT"
192 | }
193 | }
194 |
195 | resource "aws_network_interface" "host1_nic2" {
196 | subnet_id = aws_subnet.cloud-site_vpc_subnet-2.id
197 | private_ips = [var.aws_host1-subnet-2_private_ip]
198 | security_groups = [aws_security_group.cloud-site_vpc_sg.id]
199 | source_dest_check = false
200 | description = "${var.bucket_prefix} Cloud App Host1 NIC2"
201 | tags = {
202 | Name = "${var.bucket_prefix} Cloud App Host1 NIC2"
203 | }
204 | }
205 |
206 |
207 | # Create Host VM:
208 |
209 | resource "aws_instance" "cloud-site_host1" {
210 | ami = var.aws_ami_id_host1
211 | instance_type = var.aws_ami_type_host1
212 | key_name = var.aws_key_pair_name
213 | availability_zone = var.aws_cloud-site_az
214 |
215 | network_interface {
216 | device_index = 0
217 | network_interface_id = aws_network_interface.host1_nic1.id
218 | delete_on_termination = false
219 | }
220 |
221 | network_interface {
222 | device_index = 1
223 | network_interface_id = aws_network_interface.host1_nic2.id
224 | delete_on_termination = false
225 | }
226 |
227 | tags = {
228 | Name = "${var.bucket_prefix} Cloud App Host1"
229 | }
230 |
231 | }
232 |
233 |
234 | # Allocate and assign public IP address to the mgmt interface for the host
235 |
236 | resource "aws_eip" "host1_nic1_eip_mgmt" {
237 | vpc = true
238 | network_interface = aws_network_interface.host1_nic1.id
239 | associate_with_private_ip = var.aws_host1-subnet-1_private_ip
240 | depends_on = [aws_instance.cloud-site_host1]
241 | tags = {
242 | Name = "${var.bucket_prefix} Cloud App Host1 Mgmt EIP"
243 | }
244 | }
245 |
--------------------------------------------------------------------------------
/06-MRF-Multicloud/gcp-core-1b.tf:
--------------------------------------------------------------------------------
1 | # This file will create GCP Infrastructure for SD-WAN MRF Multicloud Core Area (aka core-1b) like US-West
2 | # Based on https://gist.github.com/rtortori/dda3711d7e49cf8da858f8b84e49bc72
3 |
4 | # Make sure, that your ssh keys are in right format and valid!
5 | locals {
6 | gce_ssh_pub_key_file_clean_core_1b = "${replace(file(var.core_1b_sdwan_router_instance["gce_ssh_pub_key_file"]), "\n", "")}"
7 | }
8 |
9 |
10 | provider "google" {
11 | credentials = file(var.gcp["gcp_credential_file"])
12 | project = var.gcp["gcp_project_id"]
13 | region = var.core_1b_gcp["gcp_core_1b"]
14 | zone = var.core_1b_gcp["gcp_core_1b_zone"]
15 | alias = "gcp_core_1b"
16 | }
17 |
18 |
19 | # Creating VPC networks (one VPV per NIC required):
20 | resource "google_compute_network" "core_1b_vpc_network_vpn512" {
21 | name = var.core_1b_networking["gce_core_1b_sdwan_vpc_name_vpn512"]
22 | auto_create_subnetworks = "false"
23 | }
24 |
25 | resource "google_compute_network" "core_1b_vpc_network_vpn0" {
26 | name = var.core_1b_networking["gce_core_1b_sdwan_vpc_name_vpn0"]
27 | auto_create_subnetworks = "false"
28 | }
29 |
30 | resource "google_compute_network" "core_1b_vpc_network_vpn10" {
31 | name = var.core_1b_networking["gce_core_1b_sdwan_vpc_name_vpn10"]
32 | auto_create_subnetworks = "false"
33 | }
34 |
35 |
36 | # Creating Subnets for vpn512 (management), vpn0 (wan) and vpn10 (service):
37 | resource "google_compute_subnetwork" "core_1b_sdwan_r1_subnet_vpn512" {
38 | name = var.core_1b_networking["gce_core_1b_sdwan_r1_subnet_vpn512"]
39 | ip_cidr_range = var.core_1b_networking["gce_core_1b_sdwan_vpc_net_cidr_vpn512"]
40 | region = var.core_1b_gcp["gcp_core_1b"]
41 | network = google_compute_network.core_1b_vpc_network_vpn512.name
42 | }
43 |
44 | resource "google_compute_subnetwork" "core_1b_sdwan_r1_subnet_vpn0" {
45 | name = var.core_1b_networking["gce_core_1b_sdwan_r1_subnet_vpn0"]
46 | ip_cidr_range = var.core_1b_networking["gce_core_1b_sdwan_vpc_net_cidr_vpn0"]
47 | region = var.core_1b_gcp["gcp_core_1b"]
48 | network = google_compute_network.core_1b_vpc_network_vpn0.name
49 | }
50 |
51 | resource "google_compute_subnetwork" "core_1b_sdwan_r1_subnet_vpn10" {
52 | name = var.core_1b_networking["gce_core_1b_sdwan_r1_subnet_vpn10"]
53 | ip_cidr_range = var.core_1b_networking["gce_core_1b_sdwan_vpc_net_cidr_vpn10"]
54 | region = var.core_1b_gcp["gcp_core_1b"]
55 | network = google_compute_network.core_1b_vpc_network_vpn10.name
56 | }
57 |
58 |
59 | # Creating public IPv4 address:
60 | resource "google_compute_address" "core-1b-r1-public-ip-vpn512" {
61 | name = var.core_1b_networking["gce_core_1b_sdwan_r1_ext_ip_name_vpn512"]
62 | region = var.core_1b_gcp["gcp_core_1b"]
63 | }
64 |
65 | resource "google_compute_address" "core-1b-r1-public-ip-vpn0" {
66 | name = var.core_1b_networking["gce_core_1b_sdwan_r1_ext_ip_name_vpn0"]
67 | region = var.core_1b_gcp["gcp_core_1b"]
68 | }
69 |
70 |
71 | # Creating basic firewall rules permitting ping, ssh and SD-WAN ports:
72 | resource "google_compute_firewall" "core-1b-fw-rules-vpn512" {
73 | project = var.gcp["gcp_project_id"]
74 | name = var.core_1b_security["gce_core_1b_firewall_rule_vpn512"]
75 | network = google_compute_network.core_1b_vpc_network_vpn512.name
76 | description = "Core 1b basic firewall rules VPN512"
77 |
78 | allow {
79 | protocol = "icmp"
80 | }
81 |
82 | allow {
83 | protocol = "tcp"
84 | ports = ["22", "23456-24156"]
85 | }
86 |
87 | allow {
88 | protocol = "udp"
89 | ports = ["12346-13046"]
90 | }
91 |
92 | source_ranges = ["128.107.0.0/16", "10.0.0.0/8"]
93 |
94 | }
95 |
96 | resource "google_compute_firewall" "core-1b-fw-rules-vpn0" {
97 | project = var.gcp["gcp_project_id"]
98 | name = var.core_1b_security["gce_core_1b_firewall_rule_vpn0"]
99 | network = google_compute_network.core_1b_vpc_network_vpn0.name
100 | description = "Core 1b basic firewall rules VPN0"
101 |
102 | allow {
103 | protocol = "icmp"
104 | }
105 |
106 | allow {
107 | protocol = "tcp"
108 | ports = ["22", "23456-24156"]
109 | }
110 |
111 | allow {
112 | protocol = "udp"
113 | ports = ["12346-13046"]
114 | }
115 |
116 | source_ranges = ["128.107.0.0/16", "10.0.0.0/8"]
117 |
118 | }
119 |
120 | resource "google_compute_firewall" "core-1b-fw-rules-vpn10" {
121 | project = var.gcp["gcp_project_id"]
122 | name = var.core_1b_security["gce_core_1b_firewall_rule_vpn10"]
123 | network = google_compute_network.core_1b_vpc_network_vpn10.name
124 | description = "Core 1b basic firewall rules VPN10"
125 |
126 | allow {
127 | protocol = "icmp"
128 | }
129 |
130 | allow {
131 | protocol = "tcp"
132 | ports = ["22", "23456-24156"]
133 | }
134 |
135 | allow {
136 | protocol = "udp"
137 | ports = ["12346-13046"]
138 | }
139 |
140 | source_ranges = ["128.107.0.0/16", "10.0.0.0/8"]
141 |
142 | }
143 |
144 |
145 | # Creating router with multiple NICs:
146 | resource "google_compute_instance" "core_1b_sdwan_r1_vm_instance" {
147 | name = var.core_1b_sdwan_router_instance["gce_instance_name"]
148 | machine_type = var.core_1b_sdwan_router_instance["gce_router_vm_flavor"]
149 | zone = var.core_1b_gcp["gcp_core_1b_zone"]
150 | can_ip_forward = true
151 |
152 | boot_disk {
153 | initialize_params {
154 | image = var.core_1b_sdwan_router_instance["gce_router_image"]
155 | type = "pd-ssd"
156 | }
157 | }
158 |
159 | network_interface {
160 | subnetwork = google_compute_subnetwork.core_1b_sdwan_r1_subnet_vpn512.self_link
161 | access_config {
162 | nat_ip = google_compute_address.core-1b-r1-public-ip-vpn512.address
163 | network_tier = "PREMIUM"
164 | }
165 | }
166 |
167 | network_interface {
168 | subnetwork = google_compute_subnetwork.core_1b_sdwan_r1_subnet_vpn0.self_link
169 | access_config {
170 | nat_ip = google_compute_address.core-1b-r1-public-ip-vpn0.address
171 | network_tier = "PREMIUM"
172 | }
173 | }
174 |
175 | network_interface {
176 | subnetwork = google_compute_subnetwork.core_1b_sdwan_r1_subnet_vpn10.self_link
177 | access_config {
178 | network_tier = "PREMIUM"
179 | }
180 | }
181 |
182 | # Pass Day 0 cloud init file with basic SD-WAN router configuration:
183 | metadata_startup_script = file(var.core_1b_sdwan_router_instance["gce_day0_sdwan_router_core_1b_config_file"])
184 |
185 | metadata = {
186 | ssh-keys = <