What does this AWS Solution do?
Amazon Virtual Private Cloud (Amazon VPC) provides customers with the ability to create as many virtual networks as they need, as well as different options for connecting those networks to each other and to non-AWS infrastructure. One common strategy for connecting multiple VPCs with remote networks is to implement a hub-and-spoke network topology in each region that routes all traffic through a network transit center using AWS Transit Gateway or a transit VPC. Another common strategy is to create a meshed network that uses individual connections between all networks. Both approaches can create an efficient and available transit network, each offering specific benefits and tradeoffs for different business needs.
AWS Solution overview
This webpage addresses key considerations for implementing a global transit network on AWS, and provides general best practices and an overview of common transit network patterns. The following sections assume basic knowledge of highly available remote-network connectivity, IPsec VPNs, network addressing, subnetting, and routing.
Click to enlarge
Aviatrix Quick Start
Aviatrix has collaborated with AWS to offer a fully automated AWS Quick Start that deploys a global transit network solution that leverages AWS Transit Gateway in minutes. The diagram presents the Aviatrix Next-Generation transit network architecture you can build using the Quick Start deployment guide and accompanying AWS CloudFormation template.
Aviatrix Next-Gen transit network solution is part of a second generation of networking technology, combining AWS Transit Gateway for connecting spoke VPCs and Aviatrix gateways at the edge to provide network segmentation, scale, easier operational functionalities, and additional security integration with firewall appliances.
This Quick Start sets up a secure Aviatrix Next-Gen transit network architecture that includes the Aviatrix Controller, AWS Transit Gateway, and Aviatrix Gateways at the edge in a highly available configuration. You can create a new VPC or use an existing VPC for the transit hub.
After you deploy the Aviatrix Controller using this Quick Start, you can use the Aviatrix TGW Orchestrator in the Aviatrix Controller to create AWS Transit Gateway and network segmentations. Deploy the Aviatrix Gateway into the edge VPC for connecting to your on-premise network over VPN.
You can optionally deploy third party firewall appliances at the edge VPC to build a scaled-out transit DMZ architecture.
Aviatrix also enables you to expand your global transit architecture to include a Shared Services layer AWS Peering for better support of teams that require a shared or management VPC for common services in the cloud.
Click to enlarge
Cisco Offering reference implementation
AWS offers a fully automated solution that deploys a Cisco-based transit VPC in minutes. This highly available design deploys two Cisco CSR 1000v instances into separate Availability Zones of a dedicated transit VPC, which will act as the hub of your global transit network. The CSR instances allow for VPN termination and routing.
This solution uses AWS Lambda to automatically search for appropriately tagged virtual private gateways (VGWs) and then configure VPN connections between those spoke VPCs and the CSR instances in the transit VPC. Configuration data is stored in Amazon S3.
This solution includes an optional template that allows you to automatically add spoke VPCs from a second AWS account.
Once you have established your transit VPC, you can extend beyond the AWS Cloud and manually configure VPN connections to on-premises infrastructure or other network providers.
Browse our portfolio of AWS-built solutions to common architectural problems.
Find AWS certified consulting and technology partners to help you get started.
Sign-up and start exploring our services.