Create an Aviatrix Edge

Aviatrix Edge Device Video

An Aviatrix Edge device can be created on Network Edge. You can create single or redundant devices.

To create a single Aviatrix Edge device:

  1. Sign in to the Network Edge Marketplace. If the Identity and Access Management (IAM) feature is enabled for your account, make sure to switch to the intended Project Name/ID before proceeding to the device creation workflow.
  2. Click Select and Continue on the Aviatrix card to start the device creation workflow.

    Note: Click View Details to see deployment options, device management, resource flavors, license information.

  3. Before you click Continue, review the steps for creating the Edge device and click Create Aviatrix Device. The Bootstrap Configuration File (a default config file for Aviatrix) needs to be generated in the Aviatrix Edge Controller portal. The generated file is called cloudinit ZTP file (.txt file format). See Deploying Aviatrix Edge for more information.
  4. Select a Deployment Type (Single or Redundant device). If you select Redundant Device, follow the workflow and select the Redundancy option. (Create a new pair of redundant devices or add an additional device to an existing device.)
  5. Deployment Type Description
    Single Provision a single device that operates as a standalone device. Another single device can be paired with the existing single device (requires same resource configuration) to form a local redundancy (redundancy in single metro) or geo-redundancy (each device operates in different metro).
    Redundant Provision two firewall devices. Each device operates individually, and you are responsible for configuring those in an Active-Active fashion. You have the option of deploying both devices in two different metros (recommended) to achieve distributed architecture or keep both devices in the same metro.
  6. Click Begin Creating Edge Devices.
  7. In the Select Single Edge Location section, click a location.
  8. In the Account section, select a billing account from the Your accounts in this metro drop-down.

    Note: Metro selection is linked to your billing account country. For example, if you select Silicon Valley for deployment metro, your will need to have a billing account in the United States. If you need to deploy the VNF to a different metro such as Tokyo, you need to create a billing account in Japan.

    If you do not have a billing account for the selected metro, a message will display.

    To create a billing account, click Go to Account Management, and then click Create New Billing Account. Without selecting an account, you will not be able to create your device. For more information, see Billing Account Management.

  9. Click Next: Device Details.

  10. In the Connectivity Type section, select either With Equinix Public IP Address or Without Equinix Public IP Address. For more information, see the Connectivity Options for Management section to determine which connectivity type is right for your deployment.

  11. Note: If you select the Without Equinix Public IP Address type, Internet connectivity needs to be provided through the supporting device, which is connected to the Aviatrix Edge device using Device Link Group (DLG) within 24 hours. The cloudinit ZTP file from Aviatrix is only valid for 24 hours after the generation. If the Edge device cannot connect to the Aviatrix controller within 24 hours due to unavailability of the Internet, the cloudinit ZTP file needs to be re-generated and the device needs to be recreated. Devices With Equinix Public IP Address do not require cloudinit ZTP file validity as long as the Aviatrix Edge device has the Internet connectivity from its own interface or through a supporting device.
  12. Licensing defaults to Bring your own License. The license along with other configuration variables are included in the configuration file generated from the Aviatrix Controller portal. Upload this file in the Device Configuration File section.

  13. In the Device Resources section, select the virtual machine resource type, along with the Software Package and Software Version.

    Important: Aviatrix version 6.9 is limited with up to 3 interfaces and requires an additional supporting device for Layer 3 routing functionality. This means that if you select version 6.9, you need to have an additional support device (such as router) connected via DLG, to connect to the CSP. This requirement is removed when 7.1 version is used. Version 7.1 release supports multiple virtual connections with up to 10 interfaces, BGP support on the WAN interface to support CSP private circuits connectivity. This version requires 7.1 controller.

  14. In the Device Details section, enter:

    • Device Name – The name for the device used to identify it in the portal.

      Click to see the naming rules.

  15. In the Interfaces section, keep the default number of interfaces available on the VNF. Then you have options to automatically map WAN/SSH interfaces to the next available interface, or manually select a specific interface for WAN/SSH use.

  16. In the Device Status Notifications box, enter the email addresses of anyone who should receive email notifications regarding device status.
  17. Note: We strongly recommend adding multiple email addresses so that more than one user receives any notification for this device.

  18. (Optional) In the Optional Details box, enter the Purchase Order Number and Order Reference/Identifier.

  19. In the Term Length drop-down menu, select a term length.

  20. Click Next: Additional Services to add any additional services. The following table summarizes Additional Services options based on the connectivity types.

    Configuration With Equinix Public IP Address

    Without Equinix Public IP Address

    Access Control List Template ü N/A
    Additional Internet Bandwidth ü N/A
    • Access Control List Template(s) – This access list is used to control ingress traffic toward the virtual device. Access list is applied to the adjacent gateway device where this virtual device WAN interface is connected.

      Note: By default, the communication required for initial bootstrap (DNS, NTP, License Server communication, SD-WAN controller communication, etc.) is allowed in order to properly configure the initial VNF configuration. Additional protocols such as SSH need to be intentionally permitted using a custom ACL template. If you need to create a template to apply to your device, click Create Access Control List Template. See Configure Access Controls on Virtual Devices for more information.
    • Additional Internet Bandwidth – Add between 25 and 5000 additional Mbps of internet bandwidth (for a fee). 15 Mbps of Internet Bandwidth is included free in the package by default.

  21. Click Next: Review.
  22. In the Terms & Conditions box, click Review and Accept Order Terms.
  23. Select I have read and understand these terms and click Accept.
  24. Click Create Edge Device.

Connectivity Options for Management

The Connectivity Type feature is available for the Aviatrix Edge VNF. This feature provides options to include a virtual interface with or without a Public IP address from Equinix. The option to have a VNF come up without a public IP address addresses the use case where the virtual device may need to be isolated from the Internet. Users can then manage the devices from their private network or virtual connection. The following table summarizes the options and the difference between the two.

  With Equinix Public IP Address Without Equinix Public IP Address
Use Cases This option comes with Public IP Addresses from Equinix and does not need additional Virtual Connection to manage the virtual device.  This option removes Equinix-assigned Public IP Address assignment and will isolate VNF from the Internet after the device creation. This option is suitable for a scenario where the device needs to be managed by software running in the Colo cage or via private virtual connection. 
Internet Connectivity Type Public IP Address from Equinix are assigned to the interface and accessible from the Internet.  User can also connect Aviatrix device to a supporting device (e.g., another router VNF) which already has the Internet connectivity. No public IP Address from Equinix is included. As a prerequisite, a supporting device (e.g. a router with Equinix Public IP Address) needs to be created first with a Device Link Group (DLG) created. An Aviatrix Edge device without an Equinix IP Address can then be connected to the DLG so that it can immediately connect to the Aviatrix Controller.
Access Control List Create an Access Control List (ACL) to limit traffic to the VNF interface.  ACL option is not available. Additional compensating controls can be implemented for traffic from any private virtual connection.
Interface Mapping

Eth0 to Eth9 (10 interfaces in total) are available for Aviatrix Edge device with Equinix IP Address. Eth2 is exclusively reserved as the WAN interface where public IP Address is assigned.
Eth0 to Eth1, Eth3 to Eth9 can be used to map to DLG. Eth0, Eth3 to Eth9 can be connected to the CSP or virtual connection.

Eth0 to Eth9 (10 interfaces in total) are available for Aviatrix Edge device without Equinix IP Address.
Eth0 to Eth9 can be used to map to DLG.
Eth0, Eth2 to Eth9 can be connected to the CSP or virtual connection.