Edge Gateway Requirements

The following sections provide the Edge Gateway virtual machine and network port access requirements for Edge Gateway deployment.

Virtual Machine CPU and Memory Configurations

This table provides the CPU and memory specifications of the virtual machine instance supported for the Aviatrix Edge Gateway deployment.

Deployment Type	Hardware Profile	Storage Requirements	Note
Small	2 vCPU - 4GB	64 GB	<1Gbps Throughput
Medium	4 vCPU - 8GB	64 GB	<5Gbps throughput
Large	8 vCPU - 16GB	64 GB	~10Gbps throughput
X-Large	16 vCPU - 32GB	64 GB	~10Gbps throughput

Deployment Type

Hardware Profile

Storage Requirements

Note

Small

2 vCPU - 4GB

64 GB

<1Gbps Throughput

Medium

4 vCPU - 8GB

64 GB

<5Gbps throughput

Large

8 vCPU - 16GB

64 GB

~10Gbps throughput

X-Large

16 vCPU - 32GB

64 GB

~10Gbps throughput

We recommend that you do not change the Edge VM resource allocation after deploying it. Aviatrix support may not be able to assist with any issue that occurs on a system with customized resource allocation.

Over subscription of host resources can lead to a reduction of performance and your instance could become unstable. We recommend that you follow the guidelines and the best practices for your host hypervisor.

Aviatrix Edge Gateway Ports and Protocols

The Aviatrix Edge Gateway requires outbound access to communicate with the Aviatrix Controller. You must allow access on these ports on your firewall.

MGMT: TCP 443 access to the Aviatrix Controller’s public IP address
MGMT: TCP 443 access to the Aviatrix Controller’s private IP address (only permit this access if you selected Management over Private Network for management IP connectivity)
WAN: UDP 500/4500

Additional required outbound ports are described in the table below.

Source	Destination	Port	Purpose
WAN eth0	Aviatrix Transit Gateway eth0 private or public IP address. If multiple WAN interfaces are configured, this access must be allowed for all WAN links.	UDP 500	IPsec
WAN eth0	Aviatrix Transit Gateway eth0 private or public IP address. If multiple WAN interfaces are configured, this access must be allowed for all WAN links.	UDP 4500	IPsec
Mgmt eth2	DNS server	UDP 53	DNS lookup
Mgmt eth2	Aviatrix Controller FQDN or private or public IP address.	TCP 443	Edge to Controller
Mgmt eth2	Aviatrix CoPilot FQDN or private or public IP address.	UDP 5000	Syslog
Mgmt eth2	Aviatrix CoPilot FQDN or private or public IP address.	UDP 31283	Netflow

Source

Destination

Port

Purpose

WAN eth0

Aviatrix Transit Gateway eth0 private or public IP address.

If multiple WAN interfaces are configured, this access must be allowed for all WAN links.

UDP 500

IPsec

WAN eth0

Aviatrix Transit Gateway eth0 private or public IP address.

If multiple WAN interfaces are configured, this access must be allowed for all WAN links.

UDP 4500

IPsec

Mgmt eth2

DNS server

UDP 53

DNS lookup

Mgmt eth2

Aviatrix Controller FQDN or private or public IP address.

TCP 443

Edge to Controller

Mgmt eth2

Aviatrix CoPilot FQDN or private or public IP address.

UDP 5000

Syslog

Mgmt eth2

Aviatrix CoPilot FQDN or private or public IP address.

UDP 31283

Netflow

If the Management egress IP is provided at the time of creating an Edge gateway, Aviatrix will program the Controller’s gateway security group with the required security rules (see above) that will allow the Edge gateway to connect to the Controller. We will also program the CoPilot’s security group with rules for netflow and syslog.
If you don’t know the Management egress IP at the time of creating an Edge Gateway, you can add the Management egress IP for the gateway at a later time and Aviatrix will add the required rules to the Controller’s gateway security group enabling the Edge gateway to connect to the Controller and likewise for CoPilot.
You could also choose to manage the Controller and CoPilot’s security groups and add the required rules to allow the Edge gateway to connect to the Controller and CoPilot.