Creating a VPC/VNet using CoPilot
You can create a VPC/VNet in your cloud provider environment using the CoPilot user interface.
When you create a VPC/VNet by using CoPilot or other Aviatrix tools, the VPC/VNet will be listed as Aviatrix Managed in the CoPilot > Cloud Resources > Cloud Assets > VPC/VNets & Subnets page.
If you create a VPC/VNet for a FireNet deployment, we recommend you use Aviatrix tools to create the VPC/VNet and set the Transit + FireNet option.
When you create a VNet in Azure, a default route of 0.0.0.0 is added, which points to the next hop type "None" in User Defined Route Table (UDR) for all private subnets it creates. Any public subnet it creates does not have such UDR default route entry. |
To create a VPC/VNet using CoPilot:
-
In CoPilot go to Cloud Resources > Cloud Assets > VPC/VNets & Subnets.
-
Click + VPC/VNet.
-
Specify the cloud provider in which to create the VPC/VNet.
-
Specify the cloud account that pertains to the VPC/VNet.
-
Specify the region in which to create the VPC/VNet.
-
Specify the VPC CIDR you want for the VPC/VNet.
-
Specify the VPC Function. Options are Default or Transit + FireNet.
Default — See Default Behavior for Creating a VPC (AWS).
Transit + FireNet — See Creating a VPC/VNet for a FireNet Deployment.
-
(Optional for AWS/Azure) Specify Advanced Settings.
-
Click Save.
About Creating a VPC/VNet
This section discusses creating a VPC in AWS by using the CoPilot user interface.
Default Behavior for Creating a VPC (AWS)
By default, for non-Transit VPCs, the Aviatrix Controller creates a pair of subnets (public and private) per availability zone.
The prefix lengths of the subnets the Controller creates will be VPC CIDR plus 4 bits. If your region has three availability zones, the Controller will create 6 subnets.
In addition, if the VPC you are creating has an address space of /16
(for example, 192.168.0.0/16
, each subnet will get a prefix length of /20
(/16
+ 4 bits).
Example:
For a VPC with address space 192.168.0.0/16
and in a region with three availability zones, the address allocation would look like this:
Subnet 1 (private az-a): 192.168.0.0/20
Subnet 2 (private az-b): 192.168.16.0/20
Subnet 3 (private az-c): 192.168.32.0/20
Subnet 4 (public az-a): 192.168.48.0/20
Subnet 5 (public az-b): 192.168.64.0/20
Subnet 6 (public az-c): 192.168.80.0/20
Creating a VPC for a FireNet Deployment
The Transit + FireNet option is for Transit VPCs or Transit FireNet VPCs. For these VPCs, the Controller creates a particular set of /28 subnets across two availability zones.
When you create a VPC for a FireNet deployment, specify the Transit + FireNet VPC option. When this option is set, the Controller creates a set of /28 subnets across two availability zones as shown in the table below.
Aviatrix FireNet VPC Public Subnet | Description |
---|---|
Public-gateway-and-firewall-mgmt-AZ-a |
A /28 subnet (public in AWS/GCP/OCI) in AZ a for FireNet Gateway and firewall instance management interface. |
Public-gateway-and-firewall-mgmt-AZ-b |
A /28 subnet (public in AWS/GCP/OCI) in AZ b for FireNet HA Gateway and firewall instance management interface. |
Public-FW-ingress-egress-AZ-a |
A /28 subnet (public in AWS/GCP/OCI) in AZ a for firewall instance’s egress interface. |
Public-FW-ingress-egress-AZ-b |
A /28 subnet (public in AWS/GCP/OCI) in AZ b for firewall instance’s egress interface. |
Adjusting the Subnet Size
You cannot customize subnet size and pair count for Transit VPCs or Transit Firenet VPCs. For these VPCs, the controller creates a particular set of /28 subnets across two availability zones. |
The Subnet Size field allows you to modify the default behavior of adding 4 bits to the prefix length of the VPC. Here you can specify the prefix length of the subnets you create, which will effectively determine the size of the subnets.
For instance, you may want to create larger subnets.
The number of subnet pairs defaults to 1 if the Subnet Size is specified, but the Number of Subnet Pair(s) is not.
|
Example:
For the same VPC (192.168.0.0/16
) and Subnet Size specified as /19
you would have the following distribution:
Subnet 1 (private az-a): 192.168.0.0/19
Subnet 2 (public az-a): 192.168.32.0/19
The remaining address space from 192.168.64.0
to 192.168.255.255
will remain unused.
Adjusting the Number of Subnet Pairs
You cannot customize subnet size and pair count for Transit VPCs or Transit Firenet VPCs. For these VPCs, the controller creates a particular set of /28 subnets across two availability zones. |
The Number of subnet pair(s) field allows you to specify the number of subnet pairs to be created within the VPC. Each pair consists of one public subnet and one private subnet.
The number of subnet pairs cannot exceed the number of availability zones in the region. |
For instance, if you input 2
in the Number of subnet pairs field, the controller will create 2 pairs of subnets, resulting in 4 subnets (2 public and 2 private) in the VPC.
Example:
For the Number of subnet pairs set as 2
in a region with 2 or more availability zones, the subnet creation could look like this:
Subnet 1 (private az-a): 192.168.0.0/19
Subnet 2 (private az-b): 192.168.32.0/19
Subnet 3 (public az-a): 192.168.64.0/19
Subnet 4 (public az-b): 192.168.96.0/19
It is mandatory to specify Subnet Size when configuring the custom Number of Subnet Pair(s). In the example above, the Subnet Size was specified as /19 .
|