Azure Transit Network Design Patterns¶
There are many design patterns for networking and networking security deployment in the cloud. This document summarizes these design patterns that apply to Azure networks.
Aviatrix Encrypted Transit Network¶
In this design, all packets in flight between Spoke VNets and Transit to on-prem are encrypted.
Aviatrix Transit supports high performance (Insane Mode) IPSEC performance over ExpressRotue and Azure Peering.
Aviatrix Transit with Native Spokes¶
Aviatrix Transit also supports Azure native spoke VNets.
Transit FireNet with Aviatrix Spokes¶
You can apply firewall inspections for east-west, north-south and ingress/egress traffic.
Transit FireNet with Native Spokes¶
Firewall inspections can be applied to native Spoke VNet, on-prem to transit and north-south traffic.
Please refer to Transit FireNet Workflow for Azure Native Spoke VNets for more details.
If you have multiple sites to connect to the cloud, you can use an Aviatrix Transit Gateway to terminate the many site2cloud to branch offices.
Alternatively, you can use a SD-WAN termination point in the VNets to connect to the branches.
Both options can be described in the diagram below.
Aviatrix Transit Gateway for Azure Spoke to Spoke Connectivity¶
If you use Azure ExpressRoute gateway to connect Spoke VNets to on-prem, you can use Aviatrix Transit Gateway for Spoke to Spoke connectivity, as shown in the diagram below. To connect Spoke VNet, follow the Step 6b in the Multi-Cloud Transit Network workflow.
Multi-Cloud Transit with Native Spokes¶
Use Aviatrix Transit Gateways to inter-connect transit network for a multi cloud network deployment, as shown in the diagram below.