What does this AWS Solution do?
Amazon Virtual Private Cloud (Amazon VPC) provides customers with the ability to create as many virtual networks as they need, as well as different options for connecting those networks to each other and to non-AWS infrastructure. There are two common strategies for connecting multiple, geographically dispersed VPCs and remote networks: one is to implement a hub-and-spoke network topology that routes all traffic through a network transit center (a transit VPC); the other is to create a meshed network that uses individual connections between all networks. Both approaches can create an efficient and available transit network, each offering specific benefits and tradeoffs for different business needs.
AWS Solution overview
This webpage addresses key considerations for implementing a global transit network on AWS, and provides general best practices and an overview of common transit network patterns. The following sections assume basic knowledge of highly available remote-network connectivity, IPsec VPNs, network addressing, subnetting, and routing.
Click to enlarge
Aviatrix Quick Start
Aviatrix has collaborated with AWS to offer a fully automated AWS Quick Start that deploys a global transit VPC in minutes.
This Quick Start sets up a secure Aviatrix Next-Gen Global Transit Hub architecture that includes the Aviatrix Controller and Aviatrix Gateways in a highly available configuration. You can create a new VPC or use an existing VPC for the transit hub.
After you deploy the Aviatrix Controller using this Quick Start, you can use the Aviatrix Global Transit Network Wizard in the Aviatrix Controller to deploy the Hub Gateway instances into a VPC that will be designated as the Next-Gen Global Transit Hub. The wizard allows you to launch and configure two Aviatrix Gateways in the transit hub VPC and the designated spoke VPCs. The gateway instances allow for IPsec VPN termination, routing, and security policies, and provide ongoing monitoring.
Once you have established your transit VPC, you can extend beyond the AWS Cloud and automatically configure VPN connections to on-premises infrastructure or other network providers with the Aviatrix Controller.
Aviatrix also enables you to expand your global transit architecture to include a Shared Services layer AWS Direct Peering for better support of teams that require a shared or management VPC for common services in the cloud.
Click to enlarge
Cisco Offering reference implementation
AWS offers a fully automated solution that deploys a Cisco-based transit VPC in minutes. This highly available design deploys two Cisco CSR 1000v instances into separate Availability Zones of a dedicated transit VPC, which will act as the hub of your global transit network. The CSR instances allow for VPN termination and routing.
This solution uses AWS Lambda to automatically search for appropriately tagged virtual private gateways (VGWs) and then configure VPN connections between those spoke VPCs and the CSR instances in the transit VPC. Configuration data is stored in Amazon S3.
This solution includes an optional template that allows you to automatically add spoke VPCs from a second AWS account.
Once you have established your transit VPC, you can extend beyond the AWS Cloud and manually configure VPN connections to on-premises infrastructure or other network providers.
Browse our portfolio of AWS-built solutions to common architectural problems.
Find AWS certified consulting and technology partners to help you get started.
Sign-up and start exploring our services.