summaryrefslogtreecommitdiff
path: root/Terraform/AWS/ha-instances-with-configs/readme.md
diff options
context:
space:
mode:
Diffstat (limited to 'Terraform/AWS/ha-instances-with-configs/readme.md')
-rw-r--r--Terraform/AWS/ha-instances-with-configs/readme.md89
1 files changed, 1 insertions, 88 deletions
diff --git a/Terraform/AWS/ha-instances-with-configs/readme.md b/Terraform/AWS/ha-instances-with-configs/readme.md
index ad1c5bd..0dc53d5 100644
--- a/Terraform/AWS/ha-instances-with-configs/readme.md
+++ b/Terraform/AWS/ha-instances-with-configs/readme.md
@@ -148,94 +148,7 @@ To manage the VyOS instance, use the `vyos_public_ip` from `terraform output`:
```sh
ssh vyos@<vyos_public_ip> -i keys/vyos_lab_private_key.pem
```
-The on-premises VyOS configuration can be found in `files/on-prem-vyos-config.txt`.
-
-## Post-Deployment Operations
-
-**VPC Route Server** is not managed by Terraform and must be deployed manually.
-
-### References
-
-- [How it Works](https://docs.aws.amazon.com/vpc/latest/userguide/route-server-how-it-works.html)
-- [Dynamic Routing Guide](https://docs.aws.amazon.com/vpc/latest/userguide/dynamic-routing-route-server.html)
-- [Tutorial](https://docs.aws.amazon.com/vpc/latest/userguide/route-server-tutorial.html)
-
-## Manual Steps
-
-### Step 1: Required IAM Permissions
-
-```json
-{
- "Version": "2012-10-17",
- "Statement": [
- {"Sid": "CreateRouteServer","Effect": "Allow","Action": ["sns:CreateTopic"],"Resource": "*"},
- {"Sid": "DeleteRouteServer","Effect": "Allow","Action": ["sns:DeleteTopic"],"Resource": "*"},
- {"Sid": "CreateRouteServerEndpoint","Effect": "Allow","Action": [
- "ec2:CreateNetworkInterface","ec2:CreateNetworkInterfacePermission","ec2:CreateSecurityGroup",
- "ec2:DescribeSecurityGroups","ec2:AuthorizeSecurityGroupIngress","ec2:CreateTags","ec2:DeleteTags"
- ],"Resource": "*"},
- {"Sid": "DeleteRouteServerEndpoint","Effect": "Allow","Action": [
- "ec2:DeleteNetworkInterface","ec2:DeleteSecurityGroup","ec2:RevokeSecurityGroupIngress",
- "ec2:CreateTags","ec2:DeleteTags"
- ],"Resource": "*"},
- {"Sid": "CreateRouteServerPeer","Effect": "Allow","Action": ["ec2:AuthorizeSecurityGroupIngress"],"Resource": "*"},
- {"Sid": "DeleteRouteServerPeer","Effect": "Allow","Action": ["ec2:RevokeSecurityGroupIngress"],"Resource": "*"}
- ]
-}
-```
-
-### Step 2–7: Route Server Setup (Summarized)
-
-#### Step 2: Create Route Server
-- Go to AWS Console > VPC > Route Servers > Create
-- Set name, ASN (e.g., `65011`), no persist routes
-
-#### Step 3: Associate with VPC
-
-#### Step 4: Create Route Server Endpoints
-- Create 2 endpoints (1 per VyOS)
-
-#### Step 5: Enable Route Propagation
-- From the Route Server UI → Propagations → Enable
-
-#### Step 6: Create Route Server Peers
-- Create peer for each VyOS using endpoint IP, ASN (65001), BFD
-
-### Step 7: Configure VyOS BGP Sessions
-
-#### VyOS-01
-
-```vyos
-delete protocols bfd peer 172.16.11.115
-set protocols bfd peer <VPC ROUTE SRV ENDPOINT-01 IP> interval multiplier '3'
-set protocols bfd peer <VPC ROUTE SRV ENDPOINT-01 IP> interval receive '300'
-set protocols bfd peer <VPC ROUTE SRV ENDPOINT-01 IP> interval transmit '300'
-
-delete protocols bgp neighbor 172.16.11.115
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-01 IP> address-family ipv4-unicast route-map export 'AS65011-OUT'
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-01 IP> address-family ipv4-unicast soft-reconfiguration inbound
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-01 IP> bfd
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-01 IP> disable-connected-check
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-01 IP> remote-as '65011'
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-01 IP> timers holdtime '30'
-```
-
-#### VyOS-02
-
-```vyos
-delete protocols bfd peer 172.16.21.177
-set protocols bfd peer <VPC ROUTE SRV ENDPOINT-02 IP> interval multiplier '3'
-set protocols bfd peer <VPC ROUTE SRV ENDPOINT-02 IP> interval receive '300'
-set protocols bfd peer <VPC ROUTE SRV ENDPOINT-02 IP> interval transmit '300'
-
-delete protocols bgp neighbor 172.16.21.177
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-02 IP> address-family ipv4-unicast route-map export 'AS65011-OUT'
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-02 IP> address-family ipv4-unicast soft-reconfiguration inbound
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-02 IP> bfd
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-02 IP> disable-connected-check
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-02 IP> remote-as '65011'
-set protocols bgp neighbor <VPC ROUTE SRV ENDPOINT-02 IP> timers holdtime '30'
-```
+The on-premises VyOS configuration can be found in `files/on-prem-vyos-config.txt`
## Destroying Resources
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-17 18:24:39 +0000