Azure Transit Network Design Patterns
There are many design patterns for networking and networking security deployment in the cloud. This document summarizes these design patterns that apply to Azure networks.
Aviatrix Encrypted Transit Network
In this design, all packets in flight between Spoke VNets and Transit to on-prem are encrypted.
Tip
Aviatrix Transit supports high performance (Insane Mode) IPsec performance over ExpressRotue and Azure Peering.
Aviatrix Transit with Native Spokes
Aviatrix Transit also supports Azure native Spoke VNets.
Transit FireNet with Aviatrix Spokes
You can apply firewall inspections for east-west, north-south and ingress/egress traffic.
Transit FireNet with Native Spokes
Firewall inspections can be applied to native Spoke VNet, on-prem to transit and north-south traffic.
Please refer to Transit FireNet Workflow for Azure Native Spoke VNets for more details.
SD-WAN Integration
If you have multiple sites to connect to the cloud, you can use an Aviatrix Transit Gateway to terminate the many site2cloud to branch offices.
Alternatively, you can use a SD-WAN termination point in the VNets to connect to the branches.
Both options can be described in the diagram below.
Aviatrix Transit Gateway for Azure Spoke-to-Spoke Connectivity
If you use Azure ExpressRoute gateway to connect Spoke VNets to on-prem, you can use Aviatrix Transit Gateway for Spoke-to-Spoke connectivity, as shown in the diagram below. To connect Spoke VNet, follow the Step 6b in the Multi-Cloud Transit Network workflow.
Multi-Cloud Transit with Native Spokes
Use Aviatrix Transit Gateways to interconnect transit network for a multi cloud network deployment, as shown in the diagram below.