Building a Multi-Cloud Network for less than $1 an Hour – Aviatrix Kickstart

This is the post I had been meaning to write for ages. How do you leverage Infrastructure as Code to build a multi-cloud network? It turns out you don’t have to write the code yourself. This is the beauty of Aviatrix Kickstart.

For less than $1 an hour, I was able to build a multi-cloud transit network with 2 spoke VPCs in AWS, 2 spoke VNets in Azure, a transit VPC in AWS, a transit VNet in Azure, and a peered connection between the two. Oh, and also 2 EC2 test instances in AWS for various tests. All within an hour.

The quickest way to build this would have been to script it in Terraform. But with Kickstart, a containerized environment handles this for you. So you don’t need to have Terraform skills or write any code.

Kickstart is a Docker image that you can download from here. All you need to run it are:

  • Docker. You can do this either by installing Docker Desktop on your client PC (Windows or Mac) or running it on an AWS EC2 Linux 2 AMI.
  • An AWS account and optionally an Azure account. I built the entire environment in AWS and Azure Free Tier accounts.

Once you run docker run -it aviatrix/kickstart bash, the script walks you through the process and allows you to configure the region, names of the resources, and CIDRs of the Aviatrix Controller as well as the Multi-Cloud Network Architecture (MCNA) Transits. It then leverages Terraform to issue several Day-Zero activities. Aviatrix Kickstart makes it so easy that I was able to build the following architecture in less than an hour without writing a line of code.

Check out these resources for more details:

  • Guide to building the environment
  • 10-minute video of demo
  • Test cases to try out once you’ve built the environment

Why I Joined Aviatrix

Earlier this month I joined Aviatrix Systems as a Solutions Architect with a focus on growing the Aviatrix Certified Engineer (ACE) program. I had gone through a journey of 2 years of immersing myself in Public Cloud platforms from training sites, such as A Cloud Guru and Linux Academy. Here are some of my observations during that period which led to my decision to join Aviatrix:

  • Cloud Networking is radically different from on-premises networking. For example,
    • In the on-prem world, network architects designed in layers (Core, Aggregation/Access). The world of Public Cloud is flat in order to meet the pace of DevOps.
    • Security principles, such as Defense-in-Depth have led to new constructs, such as IAM, Accounts, Organizations, Subscriptions, which were not prevalent in the on-prem world.
    • Cloud Vendors try their best to abstract the networking underlay constructs so that networking is represented as a black box to the cloud architect. To a certain extent they’ve done well (who honestly misses Spanning Tree?), but just because they don’t offer a mechanism to view these constructs, it doesn’t mean they no longer exist. In fact, Operations needs better visibility now than they did in the on-prem world.
  • While Cloud Vendors offer Networking Specialty certifications, they don’t provide any visibility into Day 2 Operations. And from an Architecture perspective, they trivialize the networking underlay. For example, they don’t provide solutions to real-world problems like overlapping subnets or end-to-end visibility.
  • Cloud vendors are incentivized by lock-in and have no real motivation for multi-cloud.
  • Enterprises find it easier to interpret multi cloud mostly in terms of governance and billing rather than infrastructure.
  • Cloud Training platforms such as A Cloud Guru and Udemy completely lack multi-cloud networking offerings. They have training courses on various cloud-first tools and technologies like Terraform, CloudFormation, Deployment Manager, Docker, Kubernetes, and certification courses for AWS, Azure, and GCP. But when it comes to multi cloud let alone multi cloud networking, they have not yet capitalized on the opportunity.
  • Enterprises need better instruction on the need for multi-cloud networking. Often when Enterprises say they need Cloud Infrastructure Architects, they really mean Cloud Application Architects. Yet, when they cross that bridge of multi-cloud (and they almost inevitably will), then they realize that application performance relies on a rock solid transit. And that is where Aviatrix shines.

Aviatrix is the pioneer in multi-cloud networking and is solving a really hard problem the right way – by simplifying. I’m looking forward to sharing some more of my learnings with you as I embark on this new journey.

What’s the Big Deal About Multi-Cloud Networking – Part 2

If you were experiencing issues with Zoom calls today, you were not alone.

But if you take a close look at today’s outage, it is clear that it was correlated with an AWS outage today.

In fact, most of Zoom runs on AWS, according to AWS. This is despite Oracle’s claim that millions of users run Zoom on Oracle Cloud. Zoom didn’t state the cause of the outage, but it is quite possible from these two charts that a well-architected transit network, such as the Aviatrix Multi-Cloud Network Architecture, could have prevented this outage.

What’s the Big Deal with Multi-Cloud Networking?

The other day I was pruning my apps on my phone to delete those that had not been used in a long time. Here are some that gave me pause:

  • Business (Adobe, Concur, Dropbox, etc)
  • E-commerce (Amazon, Grocery Shopping, Meal Delivery, Starbucks, etc)
  • Financial Institutions
  • G-Suite Apps
  • Microsoft 365 Apps
  • Home Automation (Amazon Alexa, Home Automation)
  • Entertainment (Netflix, Spotify, etc)
  • Security (Password Managers, Authenticators, SSO)
  • Media (News)
  • Multimedia conferencing (Zoom, etc)

I’m sure many of you have a longer lists. Each of these apps has a cloud presence that we often take for granted. We just sit back and assume that the infrastructure is taken care of, and it is for smartphone owners. But for a large company, or enterprise, that infrastructure is far more complex.

Take an enterprise A that uses multiple clouds to leverage their respective strengths:

Continue reading What’s the Big Deal with Multi-Cloud Networking?

The Management Plane of Multi-Cloud Networking – Aviatrix CoPilot

Recently, Aviatrix launched a new product called CoPilot to address the dire need of operational visibility in multi-cloud networking. This piqued my interest because the none of the Cloud Service Providers (CSPs) provide any topology tools for end-to-end visualization, monitoring and troubleshooting. So I decided to attend the launch event.

Some of the biggest challenges that enterprises face in today’s multi-cloud environments are complexity and lack of visibility (topology and traffic flow). It’s difficult enough managing a single CSP. Add multiple vendors with their proprietary, opaque ways of passing data and it becomes nearly impossible to pinpoint how and where traffic is flowing.

This is critical for enterprises that have SLAs that need to be met. For example, around a decade ago when electronic trading started replacing open outcry transactions in the financial markets, there was a strong need to identify, at millisecond granularity, where delays in electronic trades were occurring. Penalties would be imposed on the Exchange if it could not prove that the delays were on the member trading firm’s side. Monitoring tool companies like Correlix and Corvid (not to be confused with COVID!) were born out of this need.

Of course, that was fine for the on-prem world. In a multi-cloud world, this becomes far more complex. For example, if there is a routing issue (that is not yet identified as a outright outage) in a region for a particular CSP, and an airline is unable to track its passengers’ baggage that is intended to traverse multiple partner airlines (each using their own CSP), how will it be able to identify where the fault is without the right level of operational visibility in a multi-cloud environment? How will it meet its SLAs? CoPilot is able to visually identify such global multi-cloud anomalies.

The way CoPilot is able to achieve this based on its Aviatrix Transit Gateway as well as the native constructs from each CSP. While Aviatrix Controller is the Control Plane and Aviatrix Transit Gateway is the Data Plane, in a sense Aviatrix CoPilot can be considered the Management Plane (excluding the domain of IAM). It is more than just passive monitoring as it allows the user to take action in real-time.

The topology below shows AWS, Azure, and GCP clouds along with instances.

Aviatrix CoPilot Topology

 

The FlowIQ visualization tool makes use of heat maps and Sankey flow diagrams to provide intelligent reports on traffic patterns, trends, and key analytics regarding flow through the multi-cloud network. See this screenshot below.

Aviatrix CoPilot FlowIQ

Other anomalies it is able to detect include if an unusual amount of traffic is coming from a certain geo-location. The FlowIQ tool allows the user to search on a given geo-location as well, such as in this screenshot below.

 

Aviatrix CoPilot Heat Map

The presenter also gave a sneak peek of some very impressive features on their roadmap:

  • Track what resources VPN users are trying to access
  • Show live link latencies – This is an absolute must for SLA testing.
  • Latency Monitor – You will be able to set thresholds for latencies and be notified when the latency is exceeded. See the screenshot below.

Aviatrix CoPilot Live Latency

I believe Aviatrix is only getting warmed up in the world of operational visibility for multi-cloud networking.

 

EtherealMind

Software Defined & Intent Based Networking

ipSpace.net Blog Posts

Musings on Cloud, Multi-Cloud, Networking