About Transit Gateways

A Transit Gateway is a component of the Aviatrix Platform that you deploy on Transit VPCs or VNets in a hub-and-spoke network topology. It serves as a centralized hub and manages connectivity between different Spoke VPCs and VNets and on-premises data centers, remote offices, or other cloud environments across single or multiple clouds and regions.

Creating a Transit Gateway

Follow the steps below to create a Transit Gateway and highly available (HA) Transit gateway instance.

  1. In Aviatrix CoPilot, go to Cloud Fabric > Gateways > Transit Gateways tab.

    For quick access, at the top of the navigation panel, type Transit Gateways in the search bar.

  2. To create a Transit Gateway, click + Transit Gateway and provide the following information.

    Parameter

    Description

    Name

    A name for the Transit gateway.

    Cloud

    The Cloud Service Provider (CSP) where to create the Transit Gateway.

    When you select AWS and Azure, you can use the dropdown menu to select Standard or Global, China, or GovCloud.

    Account

    The cloud access account for creating the Transit Gateway.

    Region

    The cloud region in which to create the Transit Gateway.

    VPC/VNet

    The VPC or VNet in the selected region in which to create the Transit Gateway.

    If the selected Transit gateway will be used in a Transit FireNet workflow, selecting a VPC/VNet that has the Transit + FireNet function enabled means that a particular set of /28 subnets have been created across two availability zones. This function is enabled when the VPC/VNet is created.

    Instance Size

    The gateway instance size.

    • When selecting Transit Gateway instance size, choose a t2 series for Proof of Concept (POC) or prototyping only. Transit Gateway of t2 series instance type has a random packet drop of 3% for packet size less than 150 bytes when interoperating with VGW. This packet drop does not apply to Spoke Gateway.

    • When selecting the gateway size, note that the size you select affects your IPsec performance. You can change the Transit Gateway size later.

    High Performance Encryption

    To enable High Performance Encryption (HPE) for the Transit Gateway, set this toggle to On.

    HPE enables 10Gbps and higher IPsec performance between two single Aviatrix Gateway instances or between a single Aviatrix Gateway instance and on-prem Aviatrix appliance.

    You cannot set High Performance Encryption to On or Off after the Transit Gateway is created.

    Peer to Transit Gateways

    The Transit Gateway(s) to peer with this Transit Gateway.

    In the Advanced Settings section, set the advanced gateway settings that may apply.

    Parameter

    Description

    Transit Egress Capability (all clouds except OCI and Alibaba)

    To add Transit Egress Capability to this Transit Gateway, set this toggle to On.

    Transit Gateways that have Transit Egress Capability enabled can have attachments added in the Transit FireNet workflow, or be selectable in the Transit Egress workflow.

    For Azure and GCP, selecting Transit Egress Capability must occur when the gateway is created. Otherwise, it will not display as an available Transit Gateway in the Transit FireNet or Transit Egress workflows.

    Gateway Load Balancer (AWS only)

    For AWS, if you enable Transit Egress Capability you can also enable the Gateway Load Balancer option, which creates a load balancer within the selected VPC. If this option is enabled here it will show as On and disabled if you add Transit FireNet to this gateway as part of the Transit FireNet workflow.

    Subnet (GCP only)

    For GCP, if you enable Transit Egress Capability you must also select a subnet.

    BGP over LAN (Azure and GCP)

    To enable BGP over LAN connections for this Transit Gateway, set this toggle to On.

    • For Azure, enter the number of LAN interfaces you need (maximum is eight) for the BGP connection.

      You cannot delete an interface after the Transit Gateway is created.

    • For GCP, select the subnet on which to apply the BGP over LAN connection. You cannot set BGP over LAN to On after the Transit Gateway is created.

    In the Instances section, assign the subnet and IP address for the Transit gateway.

    Parameter Description

    Attach to Subnet

    The subnet in which to create the gateway instance.

    For best practice, select a different subnet in a different availability zone from the other Transit gateway instance.

    Public IP

    The public IP address of the gateway instance.

    (AWS only) To allocate a new EIP, leave Public IP as Allocate New Static Public IP.

    To create a highly available (HA) gateway instance, click + Instance and designate the subnet and IP address of the gateway instance.

    • A Transit Gateway can have only two highly available gateway instances.

    • The gateway instances share the same properties as the Transit Gateway.

    • The gateway instances are created in active-active mode.

  3. Click Save.

    You can monitor the progress of the gateway creation by going to CoPilot > Monitor > Notifications > Tasks tab. Click the expand arrow next to the gateway name to see the progress.

Editing a Transit Gateway

You cannot change the High Performance Encryption setting after the Transit Gateway is launched.

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Transit Gateways tab.

  2. In the table, locate the Transit Gateway you want to edit and click the Edit icon on the right side of its row.

    You can also search by name in the Search field or click the Filter icon to filter the list based on your criteria.

  3. To edit the Transit Gateway, you can change the gateway’s instance size, add or delete Transit Gateway peering, enable BGP over LAN and add interfaces (Azure only), or add an HA instance to the gateway.

    • To change the instance size, from the Instance Size dropdown menu, select a new size.

    • To add a Transit Gateway peering, from Peer To Transit Gateways dropdown, select another Transit Gateway to peer with this gateway.

    • To delete a Transit Gateway peering, in Peer To Transit Gateways, click X next to the peering name that you want to delete.

    • (Azure only) To enable BGP over LAN for the Transit Gateway, toggle the slider to On and then enter the number of interfaces (maxiumum is eight).

    • To add an HA instance to the gateway, click +Instance and enter the necessary information in the Attach to Subnet and Public IP fields.

When you add new or additional BGP over LAN interfaces to an Azure Transit Gateway, the gateway is rebooted and traffic disruption may occur.

  1. Click Save.

Deleting a Transit Gateway

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Transit Gateways tab.

  2. In the table, locate the Transit Gateway you want to delete and click the Delete icon on the right side of its row.

  3. To delete the Transit Gateway, confirm that you want to delete the selected Transit Gateway and click Delete.

    If a Transit Gateway has any backup, Transit-Transit, or Transit-Spoke peering connections, these connections are automatically detached when the Transit Gateway is deleted.

    However, if the Transit Gateway is part of any external (Site2Cloud) connections you must remove those associations before deleting the Transit Gateway.

To monitor the progress of this gateway deletion:

  1. From the left sidebar menu, go to Monitor > Notifications > Tasks tab.

  2. In the table, locate the delete task and click the arrow to expand the row. Depending on the gateway settings, the following states will display:

    • Delete gateway peering

    • Delete HA gateway

    • Delete primary gateway