Aviatrix Sandbox Starter Tool - Spin up Cloud Networks in Minutes
Introduction
Aviatrix Sandbox Starter tool is a community-based and community-supported tool that deploys a small test/lab cloud network environment in minutes.
This lightweight automation tool walks you through a deployment of Aviatrix Controller in AWS with minimal effort. Once the Controller is up, the tool uses Terraform against the Controller to create Aviatrix transit (Hub and Spoke) topology in AWS (and optionally in Azure).
Moreover few VPCs and test instances will be provisioned as part of the wizard simulating a small cloud network foundational environment that can be used to understand the Aviatrix platform and appreciate its simplicity, automation, visibility, and control.
Additional use-cases can then be added directly from Controller UI or Terraform following step by step tool user guide.
Everything is self-contained in a docker image. Users do not need to install anything besides a docker run time on a laptop/desktop/VM/instance.
Support Model
This community-based and open-source tool is NOT supported by the Aviatrix Enterprise support team. For any questions or issues related to this tool, please use the Aviatrix Community platform.
Cost
This costs less than $1 an hour as shown here:
| Description |
Unit Cost |
Quantity |
Hourly Cost |
Cost for 8 hours |
Cost for 24 hours |
| Aviatrix Controller in AWS (t3.large) |
$0.09 |
1 |
$0.09 |
|
|
| Aviatrix Gateway in AWS (t2.micro) |
$0.01 |
3 |
$0.03 |
|
|
| Test instances in AWS (t2.micro) |
$0.01 |
2 |
$0.02 |
|
|
| Aviatrix Gateways in Azure (B1s) |
$0.01 |
3 |
$0.03 |
|
|
| Aviatrix Encrypted Peering |
$0.16 |
4 |
$0.64 |
|
|
| Aviatrix Transit Peering |
$0.16 |
1 |
$0.16 |
|
|
| Total Cost for resources deployed by Wizard Tool (including minimal network egress charges) |
|
|
$0.97 |
$7.76 |
$23.28 |
Note
- Customers/students/partners are responsible for paying all the cost for running the instances in the Cloud (AWS/Azure/GCP/OCI/etc) and Aviatrix tunnel cost
- The estimated cost for the introductory lab is USD $1 per hour
- Additional use-cases/labs would require additional cost depending on the instances deployed and Aviatrix tunnel build
- The Aviatrix cost breakdown is also listed on the AWS marketplace when you subscribe to the Aviatrix Controller
Further Cost Saving
- If you are running the setup only in AWS then the cost could reduce down to $0.62 per hour
- You may also shut down the entire setup when not using it. That could also significantly bring the cost down
- Make sure to disable Aviatrix's "Single AZ HA" feature, otherwise, the Controller will power-on the Aviatrix Gateways automatically.
Open Source
- Code for this open-source tool is available at https://github.com/AviatrixSystems/terraform-solutions/
- This tool is packaged as a container image that could run locally on the Windows/Linux/MACOS laptop/server/VM or EC2 instances. The container code is available here
Before You Begin
- Docker installed and left running
- AWS Access Key ID and Secret Access Key
- EC2 Key Pair name for AWS Ohio region
- Subscribe to Aviatrix metered software from AWS Marketplace
- Azure account details (optional)
- This procedure works the best for a brand new Aviatrix Controller deployment. If you previously deployed Aviatrix Controller, make sure aviatrix ec2 roles and policies are deleted
- If you are running Sandbox Starter Tool on a cloud Linux instance, make sure inbound TCP port 5000 is open
Launch Web-Based User Interface (UI)
Before launching the UI, run the following commands in the CLI console.
docker volume create TF
docker run -v TF:/root -p 5000:5000 -d aviatrix/sandbox-starter
If you are running Sandbox Starter Tool locally, click here which should take you to http://localhost:5000 and then follow the wizard.
If you are running Sandbox Starter Tool on a cloud Linux instance, visit http://<public-ip-of-Linux-instance>:5000
Standard Mode Wizard
Standard is the recommended workflow. This will deploy the controller and topology in the regions specified in the diagram.
Provide AWS Credentials
You can get the Access Key under the "Security Credential" area in AWS console. If you don't have one, you should create one.
Launch the Controller in AWS
Notes
- It is recommended to provide a corporate email address to request for Aviatrix CoPilot test license
- In the future, we might add the option to launch Controller in other Clouds
Launch Global Transit (Hub) and two Spokes in AWS
Launch Test EC2 instances
Test EC2 (Amazon Linux VMs) will be launched in their respective Spoke VPCs
Provide an Existing Key Pair Name
This must be configured in your AWS account in us-east-2 (Ohio) region as per-requisite. You will need this Key Pair to login to test EC2 instances to verify the end-to-end connectivity.
Select No for "Launch Aviatrix Transit in Azure"
Success Message
Upon success, you will receive the necessary public and private IP addresses. The entire process should take somewhere between 22-30 minutes.
Now you can log in to Aviatrix Controller UI by clicking the controller URL. The user name is admin and the password is the one you selected earlier in the process.
Experience the Platform and Deploy Use Cases
Follow the instructions in the Test Plan to experience the Aviatrix Multi-Cloud platform and deploy recommended use-case.
- Aviatrix CoPilot - Advance visibility, monitoring, and Observability
- Multi-Account / Multi-Region Capabilities for AWS, Azure, GCP, and OCI
- FlightPath - Transit (Hub-Spoke) architecture advance verification
- Packet Capture - Troubleshooting
- Network Validation - Application Availability
- Create Multi-Region VPC
- Track Rogue VPC using VPC Tracker - Compliance
- Egress FQDN Filtering - Secure Egress Traffic
- User / Client VPN - Policy-Based Access for Employees, Developers, and Partners
Besides that, users are highly encouraged to deploy more use-cases based on their needs and requirement by following the official documentation at https://docs.aviatrix.com
Standard Mode Deployment in Detail with AWS and Azure
For Sandbox deployment both in AWS and Azure, please follow the video here
Advance Mode Wizard
Advance mode is for users who would want to change the region, naming convention, and subnet scheme.
Provide AWS Credentials
Before launching the controller, you can change the region and subnet details as shown in the following screenshot
Notes
- It is recommended to provide a corporate email address to request for Aviatrix CoPilot test license
- In the future, we might add the option to launch Controller in other Clouds
Launch Global Transit (Hub) and two Spokes in AWS
Launch Aviatrix Global Transit (Hub) and two Spokes in the AWS region as per your requirement
Launch Test EC2 instances
Test EC2 (Amazon Linux VMs) will be launched in their respective Spoke VPCs
Provide an Existing Key Pair Name
This must be configured in your AWS account in us-east-2 (Ohio) region as per-requisite. You will need this Key Pair to login to test EC2 instances to verify the end-to-end connectivity.
This concludes the deployment in AWS. Optionally you can also deploy Aviatrix Transit network in Azure and provide connectivity between AWS and Azure clouds.
Launch Aviatrix Transit in Azure
Connect AWS and Azure with a Single Click
Success Screen
You should log in to the Controller IP address and start testing.
Experience the Platform and Deploy Use Cases
Follow the instructions in the Test Plan to experience the Aviatrix Multi-Cloud platform and deploy recommended use-case.
- Aviatrix CoPilot - Advance Multi-Cloud Visibility, Monitoring, and Observability
- Multi-Account / Multi-Region / Multi-Cloud Capabilities for AWS, Azure, GCP, and OCI
- FlightPath - Multi-Cloud Transit (Hub-Spoke) Architecture Advance Verification
- Packet Capture - Troubleshooting
- Network Validation - Application Availability
- Create Multi-Cloud VPC/VNET
- Track Rogue VPC/VNET across multiple clouds using VPC Tracker - Compliance
- Egress FQDN Filtering - Secure Egress Traffic
- User / Client VPN - Multi-Cloud and Policy-Based Access for Employees, Developers, and Partners
Besides that, users are highly encouraged to deploy more use-cases based on their needs and requirement by following the official documentation at https://docs.aviatrix.com
Destroy / Delete the entire LAB
Once you are done testing and validating Cloud Networks, you may destroy or delete the entire lab. Use the "Destroy" option on the top right of the browser UI.
Note that if you deployed CoPilot, it must be deleted manually by logging into AWS/Azure Console
Troubleshooting
The debug option or icon inside the UI will provide you necessary run-time logs.
Error Creating IAM Role/Policy
If you have previously deployed Aviatrix Controller under the same AWS account, you will receive the following errors. You need to manually remove those roles and policies before moving forward
Error: Error creating IAM Role aviatrix-role-ec2: EntityAlreadyExists: Role with name aviatrix-role-ec2 already exists.
Error: Error creating IAM Role aviatrix-role-app: EntityAlreadyExists: Role with name aviatrix-role-app already exists.
Error: Error creating IAM policy aviatrix-assume-role-policy: EntityAlreadyExists: A policy called aviatrix-assume-role-policy already exists. Duplicate names are not allowed.
Error: Error creating IAM policy aviatrix-app-policy: EntityAlreadyExists: A policy called aviatrix-app-policy already exists. Duplicate names are not allowed.
You can also check the UI API Status here
http://0.0.0.0:5000/api/v1.0/get-statestatus
ssh Inside the Container Image
shahzadali@shahzad-ali ~ % docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
befa145cc9ca aviatrix/sandbox-starter "/bin/sh -c 'python3…" 7 hours ago Up 7 hours 0.0.0.0:5000->5000/tcp amazing_tool
shahzadali@shahzad-ali ~ %
shahzadali@shahzad-ali /Users % docker exec -it amazing_tool bash
bash-5.0#
Delete Docker Volume
shahzadali@shahzad-ali ~ % docker volume remove TF
Error response from daemon: remove TF: volume is in use - [4a75b428ff5badf368f1dc9761c51b903652d8cfa4da70b2bdd543be3d352fea, 7f54de5c900d28d23ea61965423394534fe40dd769b20ff78f3a31c1fa98987d]
shahzadali@shahzad-ali ~ %
I had to run the following command to delete
shahzadali@shahzad-ali ~ % docker volume remove TF
Error response from daemon: remove TF: volume is in use - [7f54de5c900d28d23ea61965423394534fe40dd769b20ff78f3a31c1fa98987d, 4a75b428ff5badf368f1dc9761c51b903652d8cfa4da70b2bdd543be3d352fea]
shahzadali@shahzad-ali ~ % docker system prune
WARNING! This will remove:
- all stopped containers
- all networks not used by at least one container
- all dangling images
- all dangling build cache
Are you sure you want to continue? [y/N] y
Deleted Containers:
7f54de5c900d28d23ea61965423394534fe40dd769b20ff78f3a31c1fa98987d
4a75b428ff5badf368f1dc9761c51b903652d8cfa4da70b2bdd543be3d352fea
c6de98c3284e8afdf5cff8f9b45266acf1e4bebf34a2ce0f7a20aa92342a43e5
6227ecf90cf4100b1a1391038171e8ae5dd0cff4f3a7007e4f675360396913da
