About Spoke Gateways

A Spoke Gateway is a component of the Aviatrix Platform that you deploy on Spoke VPCs or VNets in a hub-and-spoke network topology. A Spoke Gateway enables connectivity between the Spoke VPCs and VNets and other network endpoints, such as on-premises data centers, remote offices, or other cloud environments. Network traffic between the Spoke VPCs and VNets and other network endpoints flows through the Transit VPC or VNet.

Creating a Spoke Gateway

Follow the steps below to create a Spoke Gateway and highly available (HA) Spoke gateway instances.

  1. In Aviatrix CoPilot, go to Cloud Fabric > Gateways > Spoke Gateways tab.

    For quick access, at the top of the navigation panel, type Spoke Gateways in the search bar.

  2. To create a Spoke Gateway, click + Spoke Gateway and provide the following information.

    Parameter

    Description

    Name

    A name for the Spoke Gateway.

    Cloud

    The Cloud Service Provider (CSP) where to create the Spoke Gateway.

    For AWS and Azure, you can use the dropdown menu to select Standard or Global, China, or GovCloud.

    Account

    The cloud access account for creating the Spoke Gateway.

    Region

    The cloud region in which to create the Spoke Gateway.

    VPC/VNet

    The VPC or VNet in the selected region in which to create the Spoke Gateway.

    Instance Size

    The gateway instance size.

    When selecting the gateway size, note that the size you select affects your IPsec performance.

    High Performance Encryption

    To enable High Performance Encryption (HPE) for the Spoke Gateway, set this toggle to On.

    HPE enables 10Gbps and higher IPsec performance between two single Aviatrix Gateway instances or between a single Aviatrix Gateway instance and on-prem Aviatrix appliance.

    You cannot turn High Performance Encryption On or Off after the Spoke Gateway is created.

    Attach to Transit Gateway

    Select the Transit Gateway to attach to the Spoke Gateway.

    Attach to Egress Transit FireNet

    Select the Egress Transit FireNet to attach to the Spoke Gateway.

    This option is only available if an Egress Transit FireNet has been created.

    In the Advanced Settings section, set the advanced gateway settings that may apply.

    Parameter

    Description

    BGP (all clouds)

    To enable the Spoke Gateway to run BGP connection to external routers and dynamically exchange routes, set this toggle to On.

    BGP over LAN (Azure)

    To enable BGP connection over LAN:

    1. Set this toggle to On.

      You must set both BGP and BGP over LAN settings to On to enable BGP over LAN connection on the Spoke Gateway.

    2. Enter the number of LAN interfaces you need (maximum is eight) for the BGP connection.

      You cannot delete an interface after the Transit Gateway is created.

    Global VPC (GCP)

    To connect the Spoke Gateway to a global VPC, set this toggle to On.

    In the Instances section, assign the subnet and IP address for the Spoke Gateway.

    Parameter Description

    Attach to Subnet

    The subnet in which to create the Spoke gateway instance.

    For best practice, select a different subnet in a different availability zone from the other Spoke gateway instances.

    Public IP

    The public IP address of the gateway instance.

    (AWS only) To allocate a new EIP, leave Public IP as Allocate New Static Public IP.

    To create a highly available (HA) gateway instance, click + Instance and designate the subnet and IP address of the gateway instance.

    • A Spoke Gateway can have up to 15 highly available gateway instances.

    • All gateway instances share the same properties as the Spoke Gateway.

    • All gateway instances are created in active-active mode.

    • A BGP-enabled Spoke Gateway can have only two highly available gateway instances.

    • A Spoke Gateway with Site2Cloud, SNAT, DNAT, or FQDN enabled can have only two highly available gateway instances.

  3. Click Save.

    You can monitor the progress of the gateway creation by going to CoPilot > Monitor > Notifications > Tasks tab. Click the expand arrow next to the gateway name to see the progress.

Editing a Spoke Gateway

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Spoke Gateways tab.

  2. In the table, locate the Spoke Gateway you want to edit and click the Edit icon on the right side of its row.

    You can also search by name in the Search field or click the Filter icon to filter the list based on your criteria.

  3. To edit the Spoke Gateway, you can change the gateway’s instance size, add or delete a Transit Gateway attachment, and add or delete HA Spoke Gateways.

    • To change the instance size, from the Instance Size dropdown menu, select a new size.

    • To attach a Transit Gateway, from Attach To Transit Gateway dropdown, select a Transit Gateway to attach the Spoke Gateway.

    • To delete a Transit Gateway attachment, in Attach To Transit Gateway, click X next to the Transit Gateway that you want to delete.

    • To add a HA Spoke Gateway:

      • In the Instances section, click + Instance.

      • In the new row in the table, select a subnet in a different availability zone (AZ) from the primary Spoke Gateway.

      • Enter the Public IP address of the HA Spoke Gateway. (AWS only) Leave Public IP at Allocate New Static Public IP.

        Repeat to add additional HA gateways.

    • To delete a HA Spoke Gateway, in the Instances table, click the Delete icon next to the HA gateway you want to delete.

    You cannot change High Performance Encryption or BGP settings after the Spoke Gateway is launched.

  4. Click Save.

Deleting a Spoke Gateway

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Spoke Gateways tab.

  2. In the table, locate the Spoke Gateway you want to delete and click the Delete icon on the right side of its row.

  3. To delete the Spoke Gateway, confirm that you want to delete the selected Spoke Gateway and click Delete.

    CoPilot deletes the Spoke Gateway and all its associated resources, which includes the high availability Spoke Gateways, Spoke-to-Spoke and Transit-to-Spoke attachments or peerings, and external connections.

To monitor the progress of this gateway deletion:

  1. From the left sidebar menu, go to Monitor > Notifications > Tasks tab.

  2. In the table, locate the delete task and click the arrow to expand the row. Depending on the gateway settings, the following states will display:

    • Delete gateway attachment

    • Delete HA gateway

    • Delete primary gateway