It is encouraged to let the mc-transit module build the transit VPC/VNET in stead of bringing your own. In some scenario's however, it can be useful to have more control over the VPC/VNET creation. For example when you want to enable a DDoS plan on a VNET, or need to create additional subnets like a GatewaySubnet for deployment of an Azure Route Server/VPN Gateway.
Using existing VPC/VNET's breaks compatibility with mc-firenet module versions up to and including 1.5.3. Use 1.5.4 or newer.
It can take a while for the controller to be able to find the byo VNET after creation. If deployment of the mc-transit module fails with this error: "Cannot find VNET resource group or VNET CIDR.", try again later.
Enabled by default and enhances gateway performance. This setting can be used to turn it off.
For beter readability, the locals are no longer part of variables.tf and can now be found in locals.tf.
This release is providing compatibility with these versions.
5 new arguments have been added, to configure the transit gateway with custom EIP settings:
- allocate_new_eip
- eip
- ha_eip
- azure_eip_name_resource_group
- ha_azure_eip_name_resource_group
This argument is used to add additional interfaces in order to set up BGP over LAN in Azure.
These arguments were added to support this:
- private_mode_subnets
- private_mode_lb_vpc_id
- private_mode_subnet_zone
- ha_private_mode_subnet_zone
In order to allow for using this module directly as root module in Terragrunt, the transit_gateway output was marked as sensitive before. This has proven to have undesireable side effects in vanilla Terraform operations. To use this module in Terragrunt, you need to wrap it in Terraform code or a wrapper module in stead.
When not explicitly configuring the transit name, the default name could exceed 30 characters for regions with long names. In Alibaba the region description within paranthesis automatically gets dropped as well. So "acs-us-east-1 (Virginia)" will become "acs-us-east-1".
As availability zones are not supported in the Aviatrix controller for Gov and DoD regions, the module automatically selects az_support = false, for these regions.
New variables available for configuration:
availability_domain
ha_availability_domain
fault_domain
ha_fault_domain
Previously, the module assumed multiple AD's available in every region. As per this release, it can handle single AD regions as well.
This option allows you to increase the receive buffer size. This may be required in scenarios where traffic is particularly bursty.
Previously regex mismatched the regions, resulting in the wrong cloud type.
When creating a transit gateway with enable_egress_transit_firenet enabled, the transit name will end in -egress in stead of -transit. This is done to simplify dual transit firenet deployments, as multiple transits in a ingle region would by default otherwise collide with the same name. If this behavior is underdesired for your deployment, you can negate it by manually setting the name in the name argument.
By default, the same name is used for VPC and transit gateway. This behavior can now be overridden by setting the gw_name argument. Default behavior has not changed.
This version of the module was released to support usage in combination with the mc-transit-deployment-framework module.
Most input variables that have a default value, have been set to be non-nullable as of this release. This allows parent or root modules calling this module to set arguments to null without changing the internal behavior of the module. This should cause no impact to existing usage.
Due to internal module logic, the wrong subnet was selected for insane mode, when using this module in OCI.
This version of the module was released to support usage in combination with the mc-firenet module. Some behaviors had to be adjusted, in order to extend this module with the mc-firenet module.
Previously, this module would create a transit VPC in AWS. For propper integration with firenet, this needed to change to a Firenet VPC. As this is a breaking change and if you do not want to change your current deployment or deploy firenet, there is a (hidden) backward compatibility flag that you can set, to retain transit VPC behavior.
legacy_vpc = true
Previously regex mismatched the regions, resulting in the wrong cloud type.
Allows to toggle the S2C receive packet CPU re-balancing on transit gateway.
In previous versions of this module, the HAGW was deployed in the incorrect subnet in AWS. Updating to this version rectifies that. As the HAGW needs to be redeployed, there is a chance of impact to network traffic. It is strongly advised to upgrade and rectify this issue however, as having the HAGW in the wrong subnet results in both gateways using the same availability zone. An availability zone outage could therefore take out both gateways at once.
This version supports the new 6.6.5404 features and works with the provider version 2.21.1-6.6-ga
With release 6.6.5404 this feature was introduced. More details can be found here.