Skip to main content
The Aviatrix platform consists of several key components that work together to provide secure, scalable cloud networking. This section provides an overview of the core components and their roles in your network architecture.

Core Components

Controller

The Aviatrix Controller is the centralized management plane for your entire cloud network. It provides:
  • Single pane of glass for multi-cloud network management
  • Policy configuration and enforcement
  • Orchestration of gateways across all cloud providers
  • API and Terraform integration for infrastructure as code

CoPilot

CoPilot provides advanced visibility, monitoring, and operational insights:
  • Real-time network topology visualization
  • Traffic flow analysis and troubleshooting
  • Performance monitoring and alerting
  • Historical data analysis and reporting

Gateways

Gateways are the data plane components deployed in your cloud environments. They handle actual traffic forwarding and security enforcement.

Transit Gateways

Transit gateways serve as the hub in hub-and-spoke network architectures:
  • Connect multiple VPCs/VNets across regions and clouds
  • Provide high-performance encrypted connectivity
  • Support BGP for dynamic routing
  • Enable centralized security inspection

Spoke Gateways

Spoke gateways connect your workload VPCs/VNets to the transit network:
  • Attach to transit gateways for connectivity
  • Support network segmentation policies
  • Enable east-west traffic inspection

Edge Gateways

Edge gateways extend the Aviatrix network to on-premises and branch locations:
  • Deploy on physical or virtual appliances
  • Connect data centers and branch offices
  • Support high availability configurations
For more details, see Edge/Spoke Overview.

Security Components

Distributed Cloud Firewall (DCF)

The Distributed Cloud Firewall provides centralized policy management with distributed enforcement:
  • Define security policies based on application tags and attributes
  • Enforce policies at the gateway level across your network
  • Micro-segmentation without network redesign
For more information, see DCF Overview.

FireNet

FireNet enables integration with next-generation firewalls for advanced traffic inspection:
  • Insert third-party firewalls into your traffic path
  • Support for Palo Alto, Check Point, Fortinet, and more
  • Centralized or distributed inspection models

Networking Components

ActiveMesh

ActiveMesh is the Aviatrix high-performance networking architecture:
  • Active-active gateway deployment
  • Automatic failover and load balancing
  • Optimized routing for multi-cloud environments
For design considerations, see ActiveMesh Design Notes.

Network Segmentation

Segment your network traffic based on business requirements:
  • Create network domains for logical separation
  • Define connection policies between segments
  • Enforce zero-trust principles

Component Interaction

┌─────────────────────────────────────────────────────────────┐
│                      Controller                              │
│                   (Management Plane)                         │
└─────────────────────────┬───────────────────────────────────┘

            ┌─────────────┼─────────────┐
            │             │             │
            ▼             ▼             ▼
     ┌──────────┐  ┌──────────┐  ┌──────────┐
     │  Transit │  │  Transit │  │   Edge   │
     │  Gateway │  │  Gateway │  │ Gateway  │
     │  (AWS)   │  │ (Azure)  │  │(On-Prem) │
     └────┬─────┘  └────┬─────┘  └────┬─────┘
          │             │             │
    ┌─────┴─────┐ ┌─────┴─────┐       │
    │   Spoke   │ │   Spoke   │       │
    │  Gateways │ │  Gateways │       │
    └───────────┘ └───────────┘       │

                              ┌───────┴───────┐
                              │  Data Center  │
                              └───────────────┘

Next Steps