Ask any question related to cloud networking including AWS, Azure, GCP, OCI, and Aviatrix
Hi, I'm looking to ssh into aviatrix gateways and controller launched as part of the labs/sandbox starter. I don't see a ec2 keys associated with these instances. Is there a way to specify ec2 ssh key when launching the controller/gateways during launch? I don't see the option in the UI. I suspect it's forbidden/disallowed for obvious reasons. But, just trying my luck. Thanks!
Hi there, In the Feature Overview Part 2 of Aviatrix Certified Engineer - Multi-Cloud Network Associate Course, the instructor introduced centralized stateful firewall and said "It's best for single GW use cases supported by single GW HA". Can I ask the reason why? Thanks. JF
Hi guys, In the Azure Networking 101 course/video, the instructor said doing Azure Transit via ExpressRoute Edge Routers can avoid VNet Peering data charge. I don't quite get it as there is data charge still on those two VNet Peering between Spoke VNets and Hub VNet that ExpressRoute terminates, isn't there? Or he actually meant avoiding the data charge of VNet Peering between Spoke VNets? But what is the actual difference from commercial prospective? Traversing two VNet Peering through Hub VNet V.S. traversing one direct VNet Peering between two Spoke VNets. Thanks JF
If a user decides to decommission Aviatrix completely, will the user's multi-cloud environment continue to function like before? Will any gateways and other components created by Aviatrix that are native to a particular cloud remain in place? For example, you may have configured routes or security groups or even launched instances through the Aviatrix controller. Will they remain functional?
Hi everyone, I have an Aviatrix Controller deployed and would like to secure browser access with an SSL certificate. Let's Encrypt seems like an easy and cost effective method, however in order to use it I need SSH access to the Controller, which is disabled. If there's anyone that has successfully implemented this I'd love to hear the details! Thanks, Mark
I was trying to spin up an Aviatrix Cloud Controller at AWS using Sandbox Starter Tool, but keep getting these errors: > The controller will be launched in us-east-1. Initializing modules... Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... --> Controller launch failed, aborting. Registry service unreachable. This may indicate a network issue, or an issue with the requested Terraform Registry. Registry service unreachable. This may indicate a network issue, or an issue with the requested Terraform Registry. registry service is unreachable > If anyone has faced the same issue before, kindly help me to find a solution. I ran starter Tool as docker container in my laptop and accessing to Hashicorp registry is fine from my laptop, not sure why it complains Terraform registry service is unreachable. ===Debug Message== --> Controller SSH key already exists, skipping. --> OK. --> Now going to launch the controlle
Aviatrix support many ways to do this. Build an SD-WAN POP in a VPC/VNET with SD-WAN virtual appliances, and then northbound you build standards-based IPsec/GRE tunnels + BGP over Public or Private peerings to the Aviatrix transit. The aviatrix transits can be instantiated in any region or any cloud, as many as you want, wherever you want. So you can build a nice architecture where your SD-WAN remote sites terminate at the closest POP to where their cloud apps live. You can put the SD-WAN appliances in the same VPC /VNET as aviatrix transit and do IPsec/GRE + BGP OR you can do native BGP with no tunneling for higher throughput. You can connect Aviatrix transits via IPsec/GRE + BGP over the internet/MPLS/direct-connect/express route to an on-premise physical SD-WAN appliance. More details can be found on your Aviatrix Youtube Channel where Dana (SD-WAN Expert) has a lot of videos explaining the design and deploy. You can also send an email to email@example.com
Hi I noticed the section on VPN gateways has stated the following: Note a /24 VPN CIDR block supports about 64 simultaneous VPN clients. This is because for each connected VPN client, VPN gateways reserves 3 virtual addresses. For larger number of clients per VPN gateway, consider making the VPN CIDR block to a /22 or /20 network. Is 'reservation of 3 virtual addresses' by VPN gateways is due to the Load balancing that can be implemented across the gateways? Jeff
Hi After making the unfortunate error of of terminating my 'Sandbox Starter' AMIs via the AWS console, instead of using the Sandbox 'Destroy' menu option, I have just spent some considerable time uninstalling my Desktop Docker, deleting Aviatrix policies, deleting/generating keys, etc in my efforts to get the Sandbox Terraform script to successfully complete it's setup of the Sandbox again. It has proven to be a painful learning and time consuming process. So - I have some questions: 1 - In the the event that I mistakenly terminated a SandBox AMI via the AWS console, is there a script/command available that can be used to rebuild that particular AMI again? 2 - In the event that no such 'rebuild' script/command exists, will using the 'Destroy' option remove all remaining elements of the existing Sandbox, so that a new Sandbox can be successfully installed by running 'Sandbox Starter' again? - or is it not that simple? 3 - Does creation of a new Sandbox
Hi, I have a questions re: clarification of the below statement: "This tool is packaged as a container image that could run locally on the Windows/Linux/MACOS laptop/server/VM or EC2 instances. The container code is available here" If the container image can run locally on a PC/Server does this mean there is no requiremnet to spin up the AWS resources? I'm trying to understand: 1 If the Sandbox tool need both AWS and Docker? 2 Can the Sandbox tool only use AWS? 3 If Sandbox tool need both AWS and Docker, what does it use Docker for? Jeff
I'm considering creating the Azure VNET part of the Sandbox to build on my knowledge of Aviatrix. However - I cannot find any information on the type of minimum build/specification (eg memory, processor, storage, build type) that I need to select to successfully create the transit & spoke gateways. If the this automatically done by the script Sandbox script, I would still like to know what would be selected as I want to know what is the cost of running the Azure instances before I consider going ahead with creating the VNET. Can someone please advice - thanks.
I have question related to Google Cloud Inter-Region Latency, when I went through the table "Latency Measured In Millisecond Between Google Cloud Regions" I found in some rows the source and destination are similar, for example let's take source: us-east1 and destination us-east1 and the latency is 0.555. what do you mean in this number? do you mean the latency inter-zones in the same region " us-east1"?
Hello All, I am already read documentation about both items, however I have some doubts to make difference between two terms and based some topology. CloudWAN -> It related specific feature that can manage device remotely ( Cisco Routers ) via Aviatrix Controller, as well as will have some benefits based if you contracted with AWS ( for example ) Global Accelerator. However, is it necessary to install something to make this deploy or can be considered only feature associated inside Aviatrix Dashboard? CloudN -> It related Aviatrix virtualization router can be deploy in DC via hypervisor or bare metal, in order to make connection of this router with gateway on the cloud doing a IPSEC or HPE if there is necessity connection, being managed by Aviatrix Controller. Is it correct approach for it? The big difference CloudWAN is feature associated inside Controller?
In video lectures it is mentioned that Azure native firewall do not have support for DPI, IDS or IPS but on azure website they it says it has IDS and IPS support. please refer the link below. What should be our answer if the question comes on support of IDS and IPS feature of Azure native firewall? https://azure.microsoft.com/en-in/services/azure-firewall/
Many organisations still believe in everything that the big cloud vendors like AWS, Google, Azure etc are saying. Naturally they each want to sell you their own products and services as being world class, secure and always available. We already know this not to be true with the recent outages … https://techhq.com/2020/12/3-biggest-public-cloud-outages-of-2020/. The reality is they don’t want your organisation to be multi cloud and have public cloud choice. Typically, they want to lock you in and once done, you’ll have little or no say on how to control or secure your data and have poor visibility into events and how that impacts you and your customers until it’s too late. Don’t be fooled into believing them any longer. The next phase of cloud computing is evolving and organisations are waking up to the fact that they do actually need to be multi cloud ready and have choice. Its predicted that in 2021 more than 50% of data will span multi clouds. This is great news f
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.