Terraform module to build hybrid cloud/multi-cloud network for Alibaba Cloud

terraform-alicloud-hybrid-cloud-network

English | 简体中文

This module focuses on the dual-leased line redundancy scheme when there are on-cloud and off-cloud business collaboration or multi-cloud collaboration scenarios, and the business is the core business or has certain requirements for link reliability and performance. The overall scheme is as follows:

• Dual physical dedicated lines & dual access points: apply for resources in 2 access points and establish 2 physical dedicated line connections. The dedicated lines can be used for load balancing ECMP, active and standby, with high access reliability and good performance.
• ECR gateway: Based on full dynamic routing and underlying distributed design, it can improve the efficiency of routing configuration management, shorten the delay from the leased line to the AZ of the available zone, and improve the total bandwidth capacity of the region to access the TR leased line.
• TR realizes effective isolation and on-demand interworking between ECR and VPC.
• BGP BFD interconnection is adopted between IDC/third-party cloud and Alibaba Cloud.

Architecture Diagram:

V2.0:

V1.0：

Usage

create VBR and ECR in cn-hangzhou and create VPC and VSwitch resources in cn-beijing and cn-shanghai.

# cn-hangzhou
provider "alicloud" {
  region = "cn-hangzhou"
  alias  = "hz"
}
data "alicloud_express_connect_physical_connections" "example" {
  provider   = alicloud.hz
  name_regex = "^preserved-NODELETING"
}
module "hz" {
  source  = "alibabacloud-automation/hybrid-cloud-network/alicloud"
  version = "~> 2.0"

  providers = {
    alicloud = alicloud.hz
  }

  create_cen_instance       = true
  cen_instance_config       = var.cen_instance_config
  create_cen_transit_router = true
  tr_config                 = var.tr_config

  create_vbr_resources = true
  vbr_config = [
    {
      vbr = {
        physical_connection_id     = data.alicloud_express_connect_physical_connections.example.connections[0].id
        vlan_id                    = 204
        local_gateway_ip           = "192.168.0.1"
        peer_gateway_ip            = "192.168.0.2"
        peering_subnet_mask        = "255.255.255.252"
        virtual_border_router_name = "vbr_1_name"
        description                = "vbr_1_description"
      },

      vbr_health_check = {
        create_vbr_health_check = true
        health_check_interval   = 2
        healthy_threshold       = 8
      },
      vbr_bgp_group = {
        bgp_group_name = "bgp_1"
        description    = "VPC-idc"
        peer_asn       = 45000
        is_fake_asn    = false
      },
      vbr_bgp_peer = {
        bfd_multi_hop   = "10"
        enable_bfd      = true
        ip_version      = "IPV4"
        peer_ip_address = "1.1.1.1"
      }
    },
    {
      vbr = {
        physical_connection_id     = data.alicloud_express_connect_physical_connections.example.connections[1].id
        vlan_id                    = 205
        local_gateway_ip           = "192.168.1.1"
        peer_gateway_ip            = "192.168.1.2"
        peering_subnet_mask        = "255.255.255.252"
        virtual_border_router_name = "vbr_2_name"
        description                = "vbr_2_description"
      },
      vbr_health_check = {
        create_vbr_health_check = false
      },
      vbr_bgp_group = {
        bgp_group_name = "tf_bgp_2"
        description    = "VPC-idc"
        peer_asn       = 45000
      },
      vbr_bgp_peer = {
        bfd_multi_hop   = "10"
        enable_bfd      = true
        ip_version      = "IPV4"
        peer_ip_address = "1.1.1.1"
      }
    }
  ]

  enable_ecr = true
  ecr_config = {
    alibaba_side_asn                   = 65214
    ecr_name                           = "ecr_name"
    transit_router_ecr_attachment_name = "ecr_tr_attachment_name"
  }

  create_vpc_resources = false
}

# cn-beijing
provider "alicloud" {
  region = "cn-beijing"
  alias  = "bj"
}

module "bj" {
  source  = "alibabacloud-automation/hybrid-cloud-network/alicloud"
  version = "~> 2.0"

  providers = {
    alicloud = alicloud.bj
  }

  create_cen_instance       = false
  cen_instance_id           = module.hz.cen_instance_id
  create_cen_transit_router = true

  create_vbr_resources = false

  create_vpc_resources = true
  vpc_config           = var.bj_vpc_config

}

# cn-shanghai
provider "alicloud" {
  region = "cn-shanghai"
  alias  = "sh"
}

module "sh" {
  source  = "alibabacloud-automation/hybrid-cloud-network/alicloud"
  version = "~> 2.0"

  providers = {
    alicloud = alicloud.sh
  }

  create_cen_instance       = false
  cen_instance_id           = module.hz.cen_instance_id
  create_cen_transit_router = true

  create_vbr_resources = false

  create_vpc_resources = true
  vpc_config           = var.sh_vpc_config
}

create VPC and VBR resources in one region.

data "alicloud_express_connect_physical_connections" "example" {
  name_regex = "^preserved-NODELETING"
}

module "this" {
  source = "alibabacloud-automation/hybrid-cloud-network/alicloud"

  vbr_config = [
    {
      vbr = {
        physical_connection_id = data.alicloud_express_connect_physical_connections.example.connections[0].id
        vlan_id                = 104
        local_gateway_ip       = "192.168.0.1"
        peer_gateway_ip        = "192.168.0.2"
        peering_subnet_mask    = "255.255.255.252"
      },
      vbr_bgp_group = {
        peer_asn = 45000
      },
    },
  ]

  vpc_config = [
    {
      vpc = {
        cidr_block = "10.0.0.0/16"
      },
      vswitches = [
        {
          zone_id    = "cn-beijing-i"
          cidr_block = "10.0.1.0/24"
        },
        {
          zone_id    = "cn-beijing-j"
          cidr_block = "10.0.2.0/24"
        }
      ],
    },
  ]
}

create VBR in cn-hangzhou and create VPC and VSwitch resources in cn-beijing.

provider "alicloud" {
  region = "cn-hangzhou"
  alias  = "hz"
}

data "alicloud_express_connect_physical_connections" "example" {
  provider   = alicloud.hz
  name_regex = "^preserved-NODELETING"
}

module "hz" {
  source = "alibabacloud-automation/hybrid-cloud-network/alicloud"
  providers = {
    alicloud = alicloud.hz
  }

  vbr_config = [
    {
      vbr = {
        physical_connection_id = data.alicloud_express_connect_physical_connections.example.connections[0].id
        vlan_id                = 104
        local_gateway_ip       = "192.168.0.1"
        peer_gateway_ip        = "192.168.0.2"
        peering_subnet_mask    = "255.255.255.252"
      },
      vbr_bgp_group = {
        peer_asn = 45000
      },
    },
  ]

  create_vpc_resources = false
}

provider "alicloud" {
  region = "cn-beijing"
  alias  = "bj"
}

module "bj" {
  source = "alibabacloud-automation/hybrid-cloud-network/alicloud"
  providers = {
    alicloud = alicloud.bj
  }

  create_cen_instance = false
  cen_instance_id     = module.hz.cen_instance_id

  create_vbr_resources = false

  vpc_config = [
    {
      vpc = {
        cidr_block = "10.0.0.0/16"
      },
      vswitches = [
        {
          zone_id    = "cn-beijing-i"
          cidr_block = "10.0.1.0/24"
        },
        {
          zone_id    = "cn-beijing-j"
          cidr_block = "10.0.2.0/24"
        }
      ],
    },
  ]
}

Examples

• Basic Example
• Complete Example
• Complete Example with Express Connect Router

Requirements

Name	Version
terraform	>= 0.13
alicloud	>=1.229.1

Providers

Name	Version
alicloud	>=1.229.1

Modules

Name	Source	Version
vbr	./modules/vbr	n/a
vpc	./modules/vpc	n/a

Resources

Name	Type
alicloud_cen_instance.this	resource
alicloud_cen_transit_router.this	resource
alicloud_cen_transit_router_ecr_attachment.this	resource
alicloud_cen_transit_router_route_table_association.this	resource
alicloud_cen_transit_router_route_table_propagation.this	resource
alicloud_express_connect_router_express_connect_router.this	resource
alicloud_express_connect_router_tr_association.this	resource
alicloud_account.current	data source
alicloud_cen_transit_router_route_tables.this	data source
alicloud_regions.this	data source

Inputs

Name	Description	Type	Default	Required
cen_instance_config	The parameters of cen instance.	object({ cen_instance_name = optional(string, null) protection_level = optional(string, "REDUCED") description = optional(string, null) tags = optional(map(string), {}) })	{}	no
cen_instance_id	The id of an exsiting cen instance.	string	null	no
cen_transit_router_id	The transit router id of an existing transit router.	string	null	no
create_cen_instance	Whether to create cen instance. If false, you can specify an existing cen instance by setting 'cen_instance_id'. Default to 'true'	bool	true	no
create_cen_transit_router	Whether to create transit router. If false, you can specify an existing transit router by setting 'cen_transit_router_id'. Default to 'true'	bool	true	no
create_vbr_resources	Whether to create vbr resources. Default to 'true'	bool	true	no
create_vpc_resources	Whether to create vpc resources. Default to 'true'	bool	true	no
ecr_config	The parameters of ecr.	object({ alibaba_side_asn = number ecr_name = optional(string, null) description = optional(string, null) transit_router_ecr_attachment_name = optional(string, null) transit_router_ecr_attachment_description = optional(string, null) route_table_propagation_enabled = optional(bool, true) route_table_association_enabled = optional(bool, true) })	{ "alibaba_side_asn": null }	no
enable_ecr	Whether to enable ECR between TR and VBRs. Default to 'false'.	bool	false	no
exsiting_ecr_id	Specify an existing ecr id. If not set, a new ecr will be created. If set, the attribute 'alibaba_side_asn' of ecr_config must be set, too.	string	null	no
tr_config	The parameters of transit router.	object({ transit_router_name = optional(string, null) transit_router_description = optional(string, null) support_multicast = optional(string, null) tags = optional(map(string), {}) })	{}	no
vbr_config	The list parameters of vbr resources. The attributes 'vbr', 'vbr_bgp_group' are required.	list(object({ vbr = object({ physical_connection_id = string vlan_id = number local_gateway_ip = string peer_gateway_ip = string peering_subnet_mask = string virtual_border_router_name = optional(string, null) description = optional(string, null) }) tr_vbr_attachment = optional(object({ transit_router_attachment_name = optional(string, null) transit_router_attachment_description = optional(string, null) tags = optional(map(string), {}) auto_publish_route_enabled = optional(bool, true) route_table_propagation_enabled = optional(bool, true) route_table_association_enabled = optional(bool, true) }), {}) vbr_health_check = optional(object({ create_vbr_health_check = optional(bool, true) health_check_interval = optional(number, 2) healthy_threshold = optional(number, 8) }), {}) vbr_bgp_group = object({ peer_asn = string auth_key = optional(string, null) bgp_group_name = optional(string, null) description = optional(string, null) is_fake_asn = optional(bool, false) local_asn = optional(number, null) }) vbr_bgp_peer = optional(object({ bfd_multi_hop = optional(number, 255) enable_bfd = optional(bool, "false") ip_version = optional(string, "IPV4") peer_ip_address = optional(string, null) }), {}) }))	[ { "vbr": { "local_gateway_ip": null, "peer_gateway_ip": null, "peering_subnet_mask": null, "physical_connection_id": null, "vlan_id": null }, "vbr_bgp_group": { "peer_asn": null } } ]	no
vpc_config	The parameters of vpc resources. The attributes 'vpc', 'vswitches' are required.	list(object({ vpc = map(string) vswitches = list(object({ zone_id = string cidr_block = string vswitch_name = optional(string, null) })) tr_vpc_attachment = optional(object({ transit_router_attachment_name = optional(string, null) auto_publish_route_enabled = optional(bool, true) route_table_propagation_enabled = optional(bool, true) route_table_association_enabled = optional(bool, true) }), {}) }))	[]	no

Outputs

Name	Description
bgp_group_id	The id of BGP group.
bgp_group_status	The status of BGP group.
bgp_peer_id	The id of BGP peer.
bgp_peer_name	The name of BGP peer.
bgp_peer_status	The status of BGP peer.
cen_instance_id	The id of CEN instance.
cen_instance_status	The status of CEN instance.
cen_transit_router_id	The id of CEN transit router.
cen_transit_router_support_multicast	The status of CEN transit router.
cen_transit_router_type	The type of CEN transit router.
express_connect_router_id	The id of Express Connect Router.
health_check_id	The id of health check.
tr_ecr_attachment_id	The attachment id between TR and ECR.
tr_vbr_attachment_id	The id of attachment bewteen TR and VBR.
tr_vbr_attachment_status	The status of attachment bewteen TR and VBR.
tr_vbr_route_table_association_id	The id of route table association bewteen TR and VBR.
tr_vbr_route_table_association_status	The status of route table association bewteen TR and VBR.
tr_vbr_route_table_propagation_id	The id of route table propagation bewteen TR and VBR.
tr_vbr_route_table_propagation_status	The status of route table propagation bewteen TR and VBR.
tr_vpc_attachment_id	The id of attachment between TR and VPC.
tr_vpc_attachment_status	The status of attachment between TR and VPC.
tr_vpc_route_table_association_id	The id of route table association bewteen TR and VPC.
tr_vpc_route_table_association_status	The status of route table association bewteen TR and VPC.
tr_vpc_route_table_propagation_id	The id of route table propagation bewteen TR and VPC.
tr_vpc_route_table_propagation_status	The status of route table propagation bewteen TR and VPC.
vbr_id	The ids of VBR.
vbr_route_table_id	The route table id of VBR.
vpc_id	The ids of vpc.
vpc_route_table_id	The route table id of vpc.
vpc_status	The status of vpc.
vswitch_ids	The ids of vswitches.
vswitch_status	The status of vswitches.

Submit Issues

If you have any problems when using this module, please opening a provider issue and let us know.

Note: There does not recommend opening an issue on this repo.

Authors

Created and maintained by Alibaba Cloud Terraform Team([email protected]).

License

MIT Licensed. See LICENSE for full details.

Reference

• Terraform-Provider-Alicloud Github
• Terraform-Provider-Alicloud Release
• Terraform-Provider-Alicloud Docs