AWS Partner Network (APN) Blog

How to Connect VPCs Fast Using the Aviatrix Next-Gen Global Transit Hub on AWS Quick Start

By Sunil Kishen, VP Sales and Partnerships at Aviatrix
By Wayne Davis, Solutions Architect at AWS

AWS Quick StartsIf you are sold on the concept of using a global transit network to connect Virtual Private Clouds (VPCs) to a hub-and-spoke architecture, you may be wondering where the best place to start is.

With the Aviatrix Global Transit Hub on AWS Quick Start, you can be up and running with fully-connected VPCs in about 10 minutes—without delving into the Command Line Interface (CLI), Border Gateway Protocol (BGP), or other tedious protocols.

See the Aviatrix Global Transit Hub on AWS Quick Start >>

What is a Next-Gen Transit Hub?

A next-generation Global Transit Hub is part of a second generation of networking technology, combining a traditional Global Transit Hub with additional security, scale, and operational functionalities. This Aviatrix solution provides enhanced security by maintaining VPC segmentation, allowing users to control policy-based connectivity, and using encrypted links everywhere.

From an operations perspective, Aviatrix includes higher levels of automation via REST APIs, configuration wizards to simplify and streamline orchestration of networking services, troubleshooting with Aviatrix EC2 FlightPath and other integrated tests, and visibility with global dashboards.

Lastly, future-oriented teams can grow easily as this Aviatrix solution removes route table limitations and extends the Next-Gen Global Transit Hub with additional cloud networking use cases—remove user VPV, egress security, site-to-cloud and multi-cloud peering.

Secure, Point-and-Click Networking for Cloud Teams

Aviatrix, an AWS Partner Network (APN) Advanced Technology Partner, was founded on the belief that networking in the cloud should be as dynamic and scalable as cloud compute and storage. As one of the first APN Partners to earn the AWS Networking Competency, Aviatrix is well suited for implementing an AWS Global Transit Network.

Now, you can use the Aviatrix Global Transit Hub on AWS Quick Start to connect multiple geographically-dispersed VPCs and remote networks faster than ever.

Developed by Aviatrix in partnership with AWS, this Quick Start uses a hub-and-spoke model to quickly and easily establish communication between spoke VPCs and your on-premises network. The hub-and-spoke network topology works by routing traffic from multiple spoke VPCs through a central hub—an approach that minimizes the number of connections.

You can add spoke VPCs to the network by tagging them in AWS. Aviatrix Global Transit Hub automatically establishes VPN connections between the spoke VPCs and the hub VPC by using AWS CloudFormation templates and AWS Lambda functions. The transit network supports multiple AWS accounts and can be extended to include shared services with direct peering, or to connect your cloud network to on-premises networks.

Reasons to Choose Aviatrix for Your Global Transit Architecture

Various options are available for setting up a global transit hub in AWS. Aviatrix offers advantages that include:

Centralized Controller with Transit Network Wizard

Point-and-click, centralized management console (with REST API support) manages distributed Gateways that can easily be operated by both CloudOps and network engineers. No deep networking skills are required, and no network router CLI knowledge is needed. You can use the Aviatrix Controller to implement changes or customizations quickly and easily.

BGP Required in Transit Hub VPC Only

The Aviatrix Global Transit Hub is API-based and uses policy-based routing from the spokes to the transit hub VPC. The spoke VPC routes are advertised to the Transit Hub Gateways by the Aviatrix Controller. Those Gateways exchange routes with the on-premises network using the Border Gateway Protocol (BGP) via the AWS Virtual Private Gateway (VPG). Conversely, the learned on-premises routes from the Transit Hub Gateways are sent to the Aviatrix Controller for propagation to the spoke VPCs. Spoke VPCs do not run BGP.

Simplified Troubleshooting

The Aviatrix Global Transit Hub includes integrated diagnostic tools that make troubleshooting much easier, compared with traditional networking products that use BGP everywhere. The integrated EC2 FlightPath troubleshooting tools helps identify Amazon EC2 connectivity problems to minimize downtime.

Built-In Security

Encrypted links, integrated stateful firewalls for policy enforcement, and control of outbound traffic using fully qualified domain name (FQDN) filtering ensures that security is fully integrated with your global transit network. VPC isolation and segmentation are created by design so that spoke-to-spoke connectivity through the transit hub is not allowed. Instead, Aviatrix supports spoke-to-spoke connectivity using AWS Peering or Aviatrix Encrypted Peering only where required.

This option allows direct spoke-to-spoke connectivity, eliminating the transit hop and reducing traffic load by separating on-premises-bound traffic from in-cloud traffic. You can enable Direct Peering using the Aviatrix Controller’s Encrypted Peering or AWS Peering configuration option.

Monitoring and Visibility

The Aviatrix Controller dashboard provides a visual representation of your global transit network. It monitors, displays, and provides alerts on link status, performance, and link latency for transit hubs and spoke VPCs.

Aviatrix Next-Gen Global Transit Hub Architecture

If you are deploying this AWS Quick Start for a new VPC using default parameters, here is the Aviatrix architecture the Quick Start builds on the AWS cloud:

Aviatrix Global Transit Hub-2

Figure 1 – The AWS Quick Start deploys this Aviatrix Global Transit Hub architecture for a new VPC on AWS.

The Quick Start deploys the Aviatrix Controller into an existing or new VPC. Upon deploying the Aviatrix Controller using this Quick Start, you will be able to use the Aviatrix Global Transit Network Wizard in the Aviatrix Controller to deploy hub gateway instances into a VPC that will be designated as the Global Transit Hub. The Wizard also allows you to deploy the spoke gateway instances in the spoke VPCs and connect them to the Global Transit Hub VPC.

The Quick Start in Action

Here are the steps for deploying the Aviatrix Global Transit Hub on AWS Quick Start:

  • If you don’t already have an AWS account, create one at https://aws.amazon.com
  • Prepare your AWS account and subscribe to the Aviatrix AMI via AWS Marketplace
  • Launch the Quick Start, and choose whether you want to launch the AWS CloudFormation template into a new VPC or existing VPC on AWS
  • Check the region that is displayed, and change if necessary
  • Select the template you want to use, review the default settings, and customize as you wish
  • Specify tags (key-value pairs) for resources in your stack, and set advanced options
  • Review and confirm the template settings
  • Deploy the stack
  • Monitor the status of the stack. When the status is CREATE_COMPLETE, the Aviatrix Global Transit Hub is ready
  • Launch the Cloud Controller Console
  • Use the Global Transit Configuration Wizard in the Cloud Controller to complete the set of architecture in Figure 1

You can also launch the Aviatrix Cloud Controller dashboard, connect the transit hub to an enterprise site using VPN or AWS Direct Connect, and configure Aviatrix Identity Access Management (IAM) roles on a secondary account.

Next Steps

Establishing connections among VPCs doesn’t require expert-level networking skills. Rather, you can take advantage of the Aviatrix Global Transit Hub on AWS Quick Start to automate most of the configuration required, and connect multiple geographically dispersed VPCs and remote networks in about 10 minutes.

Contact Aviatrix

If you would like to see how Aviatrix can help transform your business, please contact Aviatrix Systems >>

This is My Architecture Video: Aviatrix

Watch our This Is My Architecture video with Aviatrix Founder and Chief Technology Officer Sherry Wei.