Scribd Logo
Upload

Welcome to Scribd!

  • ACE Prof Mod2b - Transit Networking

    Uploaded by

    Syed Asad Raza
    41 views14 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    41 views14 pages

    ACE Prof Mod2b - Transit Networking

    Uploaded by

    Syed Asad Raza

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 14

    Aviatrix Transit Networking

    What is Transit in
    Public Cloud?

    2
    Focus areas for cloud networks

    Common Operations and Visibility

    Connecting to Cloud
    Network Transit Network Security: NGFW + Internet

    End to End Network Correctness

    Aviatrix Systems, Inc. Confidential © 2020 AVIATRIX SYSTEMS, INC. | 3


    Aviatrix Transit Network
    APPLICATIONS LAYER

    Spoke VPC 1 Spoke VPC 2 Spoke VNET 1 Spoke VNET 2 Spoke VPC 1 Spoke VPC 2

    TRANSIT LAYER
    Transit VNET
    OPERATIONS

    Transit VPC Transit VPC

    ACCESS LAYER

    AWS Azure GCP

    Aviatrix Systems, Inc. Confidential © 2020 AVIATRIX SYSTEMS, INC. | 4


    Aviatrix Transit
    Cloud-Native, High Performance, Encrypted Transit

    • Standard, repeatable connectivity backbone for intra-region, inter-region


    and inter-cloud connectivity VPC/
    VNet SS
    VPC/
    VNet

    • No BGP to manage, a software-defined, cloud-native control-plane


    • Throughput could be up to 75Gbps Transit
    VPC/VNet FireNet
    • Advanced routing control
    • High performance automated service insertion
    • High visibility including NetFlow data
    • Enhanced troubleshooting tools
    • Aviatrix Gateway in spoke VPCs/VNets is not a must requirement (lose benefits)
    • Can connect VPC/VNets from other regions or clouds
    • Multi-cloud, repeatable across cloud types

    Aviatrix Systems, Inc. Confidential © 2020 AVIATRIX SYSTEMS, INC. | 5


    Dev-VPC route table (underlay)
    Destination Target
    1 10.0.0.0/8 ENI of Dev-Spoke-GW
    Src IP = 10.25.28.16 Dst IP = 10.22.23.105
    Dev-Spoke-GW route table (overlay)
    Destination Target
    Private IP: 10.25.81.91
    Public IP: 52.88.117.172 10.22.0.0/16 Encap to 35.155.31.81 (Transit-GW)
    Outer Src IP = 52.88.117.172 Outer Dst IP = 35.155.31.81

    Inner Src IP = 10.25.28.16 Inner Dst IP = 10.22.23.105 Encap 2


    Aviatrix Transit-GW route table
    Destination Target
    Internal decap 3
    10.22.0.0/16 Encap to 54.184.119.18
    Outer Src IP = 35.155.31.81 Outer Dst IP = 54.184.119.18 (Test-Spoke-GW)
    Inner Src IP = 10.25.28.16 Inner Dst IP = 10.22.23.105 4 Encap Public IP: 35.155.31.81

    Src IP = 10.25.28.16 Dst IP = 10.22.23.105


    Decap 4

    Test-Spoke-GW route table


    Test-VPC route table
    Destination Target
    Destination Target
    10.22.0.0/16 Decap to eth0 (VPC Private IP: 10.22.80.154
    Public IP: 54.184.119.18
    underlay) 10.22.0.0/16 Local

    Aviatrix Systems, Inc. Confidential © 2020 AVIATRIX SYSTEMS, INC. | 6


    Aviatrix Transit
    Intra-Region/Multi-Region/Multi-Cloud

    VPC/ VPC/ VPC/ VPC/ VPC/ VPC/


    VNet1 VNet2 VNet3 VNet1 VNet2 VNet3

    SD-WAN VPC/VNet
    x4
    Transit VPC/VNet Transit VPC/VNet
    Direct Connect/
    Express Route

    • Connect multiple regions, multiple clouds


    • Complete routing control including on-prem
    • Access another cloud using the same DX/ER
    • Seamlessly integrate with SD-WAN

    Aviatrix Systems, Inc. Confidential © 2020 AVIATRIX SYSTEMS, INC. | 7


    Isolation and Control for Departments, Apps and BUs
    Aviatrix Transit based Repeatable Architecture - Single Region

    VNet VNet
    VNet VNet VNet VNet VNet VNet VNetVNet VNet

    Transit w/FWs Transit w/FWs Transit w/FWsVNet TransitTransit w/o FWs


    Centralized
    Internet

    Expres
    Route
    Environment 3 Environment 2 Environment 1 Environment 4
    Central IT
    (Isolated) (w/NGFW) (w/NGFW) (No FWs) Services

    Aviatrix Systems, Inc. Confidential © 2020 AVIATRIX SYSTEMS, INC. | 8


    Multi-Region/Multi-Cloud Transit with Aviatrix
    VPC VPC VPC VPC VNET VNET VNET VNET

    Transit Transit
    Controller
    Direct Connect

    Express Route
    Aviatrix Systems, Inc. Confidential © 2020 AVIATRIX SYSTEMS, INC. | 9
    Summary: Characteristics of Aviatrix Transit Architecture

    • Well-rounded architecture
    o Centrally managed
    o No manual route table management
    o Data-plane HA doesn’t require any
    scripting
    o Robust connectivity
    o Scale-out repeatable architecture
    o End-to-end network awareness
    o Simplified Service Chaining (NGFW)
    o Operational visibility and
    troubleshooting

    Aviatrix Systems, Inc. Confidential © 2 0 2 0 A V I A T R I X S Y S T E M S , I N C . | 12


    Transit Comparison
    AWS Native Transit Azure Native Transit Aviatrix Transit

    Networking
    100 BGP Routes, No scalability
    AWS TGW Routes Scalability N/A
    No VPC CIDR summarization concerns
    Azure UDR Routes Scalability N/A 400 Routes per table No scalability concerns
    Intra-Region Connectivity No Yes Yes
    Yes (High
    Multi-Region Connectivity Limited Yes
    Performance)
    Multi-Cloud Connectivity No No Yes
    VPC/VNet Route Table Management No (Manual) No (Manual) Yes (Automated)
    Overlapping IPs Support No No Yes
    No (Only available
    BGP AS Path Prepend No Yes
    with VPN & ER)
    Intelligent Traffic Engineering No No Yes
    Routes Propagation with BGP Information No Yes Yes
    Number of Transit Gateways in a region 5 N/A No Limit
    Site to Cloud Performance ~1.25Gbps ~1.25Gbps ~10Gbps
    Security
    End-to-End Encryption No No Yes
    Multi-Cloud Network Segmentation No No Yes
    Edge Segmentation Manual No Yes
    Yes (High
    High-Performance Encryption (up to 75 Gbps) No No
    Performance)
    No (Only with Azure
    Automated Traffic Redirection to Firewalls No Yes
    FW & vWAN)
    Intra Security Domain Firewall Inspection No N/A Yes
    Exclude Firewall Inspection Addresses No No Yes

    1
    3
    Transit Comparison
    AWS Native Transit Azure Native Transit Aviatrix Transit
    Operational Control
    Routing Control (Network Route Approval) No No Yes

    Enterprise Grade Visibility No No Yes

    Includes Advanced
    Troubleshooting Limited (Complex) Limited (Complex)
    Tools

    Network Design Repeatability (Intra Region) No Yes (Complex) Yes

    Transit Network Correctness


    (Intelligently propagate non-RFC routes b/w on prem and No No Yes (Automated)
    spokes or b/w spokes)
    Automated Routes Audit
    No No Yes
    (nightly audit If routes were modified outside of controller)
    On-Demand Routes Audit
    No No Yes
    (same as above but on demand)
    Multi-Cloud Terraform Provider No No Yes
    Network CIDR Filtering Across Regions
    (e.g. route filtering b/w region to region if overlapping or black No No Yes
    hole route is detected)
    Yes (FlowIQ with link
    Ability to capture TCP sessions
    No No latency and resource
    (Realtime Traffic Flow Logs)
    tagging)
    Dynamic Topology Map, Flow Chart, Detail Flow Analytics,
    No No Yes (CoPilot)
    Latency and Tag-based management
    Routing Control (Network Route Approval) No No Yes
    Enterprise Grade Visibility No No Yes
    Includes Advanced
    Troubleshooting Limited (Complex) Limited (Complex)
    Tools

    14
    Next: AWS TGW
    Thank You

    You might also like