AWS Multi-cloud Transit BGP over LAN Workflow¶
Introduction¶
Transit BGP to LAN allows Aviatrix Transit Gateways to communicate with a pair of instances in the same VPC in AWS without running any tunneling protocol such as IPSec or GRE. One use case is to interoperate with third-party virtual appliances such as SD-WAN cloud instances that do not have the capability to support BGP over any tunneling protocols.
For example, integrating with SD-WAN gateways can be deployed as below,
where an Aviatrix Multi-cloud Transit Gateway connects to a third-party cloud instance in the same VPC in AWS.
This document describes a step-by-step instruction on how to build Aviatrix Transit Gateway to External Device using BGP over LAN in AWS. In this Tech Note, you learn the following:
- Workflow on deploying Aviatrix Transit Solution
- Workflow on launching third-party cloud instances
- Workflow on building BGP over LAN
For other BGP over LAN workflows, please check out the below documents:
For more information about Multi-Cloud Transit Network and External Device, please check out the below documents:
- Multi Cloud Global Transit FAQ
- Global Transit Network Workflow Instructions (AWS/Azure/GCP/OCI)
- Aviatrix Transit Gateway to External Devices
- Transit Network Design Patterns
Important
- This solution supports only ActiveMesh 2.0, please check this doc How to migrate to ActiveMesh 2.0 for migration detail.
- This solution is available to AWS and Azure. Workflow with AWS here is just an example. Please adjust the topology depending on your requirements.
- Require instance size to support at least 5 interfaces such as c4.4xlarge, c5.4xlarge, and c5n.4xlarge in AWS.
- LAN interfaces for Aviatrix Transit Primary and third-party cloud instance must be in the same Availability Zone.
- One BGP over LAN connection per gateway is supported.
The key ideas for this solution are:¶
- A BGP session establishes between a third-party cloud instance and Aviatrix Transit Gateway via each LAN interface in the same VPC.
- Data plane traffic also runs between a third-party cloud instance and Aviatrix Transit Gateway via each LAN interface without a tunnel protocol such as IPSec and GRE.
Prerequisite¶
- This feature is available for 6.3 and later. Upgrade Aviatrix Controller to at least version 6.3.
- In this example, we are going to deploy the below VPCs in AWS:
- Transit VPC (i.e. 10.1.0.0/16) by utilizing Aviatrix feature Create a VPC with Aviatrix FireNet VPC option enabled.
- Spoke VPCs (i.e. 192.168.1.0/24 and 192.168.2.0/24) by utilizing Aviatrix feature Create a VPC as the previous step or manually deploying it in each cloud portal. Moreover, feel free to use your existing cloud network.
- Third-party cloud instance has high throughput supported.
1. Deploy Aviatrix Multi-Cloud Transit Solution¶
Refer to Global Transit Network Workflow Instructions for the below steps. Please adjust the topology depending on your requirements.
Step 1.1. Deploy Aviatrix Multi-Cloud Transit Gateway and HA¶
- Follow this step Deploy the Transit Aviatrix Gateway to launch Aviatrix Transit gateway and enable HA with insane mode enabled in Transit VPC.
- In this example, size c5n.4xlarge are selected to benchmark performance.
Step 1.2. Deploy Spoke Gateway and HA¶
- Follow this step Deploy Spoke Gateways to launch Aviatrix Spoke gateway and enable HA with insane mode enabled in Spoke VPC
- In this example, size c5n.4xlarge are selected to benchmark performance.
Step 1.3. Attach Spoke Gateways to Transit Network¶
- Follow this step Attach Spoke Gateways to Transit Network to attach Aviatrix Spoke Gateways to Aviatrix Transit Gateways
2. Launch third-party cloud instances¶
Step 2.1. Deploy third-party cloud instances in the same VPC where Aviatrix Transit Gateways locate¶
- Create a third-party cloud instance and put MGMT interface in public gateway subnet.
- Create a new public WAN subnet and a dedicated routing table for WAN interface if needed.
- Create a new private LAN subnet and a dedicated routing table (optional) for LAN interface.
- Make sure the function “Source/Dest check” on third-party cloud instance’s interfaces is disabled
Important
The primary Aviatrix Transit Gateway must be deployed in the same available zone as the first third-party cloud instance. The HA Transit Gateway if deployed must reside in the same available zone as the second cloud instance.
3. Build BGP over LAN¶
Step 3.1. Configure BGP over LAN on Aviatrix Transit Gateway¶
- Login Aviatrix Controller
- Go to MULTI-CLOUD TRANSIT -> Setup -> 3) Connect to VGW / External Device / Aviatrix CloudN / Azure VNG
- Select option “External Device” -> “BGP” -> “LAN”
- Fill the parameters to set up BGP over LAN to a third-party cloud instance
| Transit VPC Name | Select the Transit VPC ID where Transit GW was launched |
| Connection Name | Provide a unique name to identify the connection to external device |
| Aviatrix Transit Gateway BGP ASN | Configure a BGP AS number that the Transit GW will use to exchange routes with external device |
| Primary Aviatrix Transit Gateway | Select the Transit GW |
| Enable Remote Gateway HA | Check this option in this example to connect two external devices |
| Remote BGP AS Number | Configure a BGP AS number that third-party cloud primary instance will use to exchange routes with Aviatrix Transit Primary |
| Remote LAN IP | Use the private IP of the LAN interface of the third-party cloud primary instance |
| Local LAN IP | Leave it blank and the controller will assign an IP in the same subnet where the Remote LAN IP locates. Optionally configure an IP of your choosing within the same subnet where the Remote LAN IP locates. |
| Remote BGP AS Number (Backup) | Configure a BGP AS number that third-party cloud HA instance will use to exchange routes with Aviatrix Transit HA |
| Remote LAN IP (Backup) | Use the private IP of the LAN interface of the third-party cloud HA instance |
| Local LAN IP (Backup) | Leave it blank and the controller will assign an IP in the same subnet where the Remote LAN IP (Backup) locates. Optionally configure an IP of your choosing within the same subnet where the Remote LAN IP (Backup) locates. |
Click the button “CONNECT” to generate BGP session over LAN
Step 3.2. (Optional) Download the BGP over LAN configuration sample from Aviatrix Controller¶
- Navigate to SITE2CLOUD -> Setup
- Select the connection that you created with “Connection Name” in the previous step
- Click the button “EDIT”
- Select Vendor type, Platform, and Software
- Click the button “Download Configuration”
Step 3.3. Configure BGP over LAN on third-party cloud instance¶
- (Optional) Open the downloaded BGP over LAN configuration file
- Configure those related BGP and LAN info on third-party cloud instance
Step 3.4. Verify LAN status on Aviatrix Controller¶
Navigate back to Aviatrix Controller
Go to SITE2CLOUD -> Setup
Find the connection that you created with “Connection Name” in the previous step
Check the Tunnel Status
Go to MULTI-CLOUD TRANSIT -> List
Select the Transit Primary Gateway that was created in the previous step
Click the button “DETAILS/DIAG”
Scroll down to the panel “Connections” -> “On-prem Connections”
Find the connection that you created with “Connection Name” in the previous step
Check the Tunnel Status
Step 3.5. Verify BGP session status on Aviatrix Controller¶
Go to MULTI-CLOUD TRANSIT -> Advanced Config -> BGP Tab
Find the connection that you created with “Connection Name” in the previous step
Check the BGP Status
4. Ready to go!¶
At this point, run connectivity and performance test to ensure everything is working correctly.
5. Performance Benchmark¶
6. Additional Read¶
Additional read can be found in this short blog, Need of conventional BGP support in the cloud