Edge Spoke Gateway Deployment Workflow for On-Premises

This document provides instructions for deploying a primary and secondary highly available (HA) Edge Spoke Gateways on Aviatrix Edge Platform.

For an overview of Aviatrix Edge, see About Aviatrix Hybrid Cloud Edge.

The following deployment scenarios are supported:

  • Single VLAN connected to the Edge Gateway via a single vNIC.

  • Multiple VLANs connected to the Edge Gateway via a single vNIC (Trunk Port) and sub-interfaces for each VLAN.

  • VRRP on Edge Gateway.

  • LAN-side BGP.

  • Connectivity to single or multiple Transit Gateways from Edge Gateway.

Topology

650

Prerequisites

Before you can deploy an Edge Spoke Gateway on the Aviatrix Edge Platform:

  1. You must perform the prerequisite steps to procure and onboard your edge device. See Prerequisites for Edge Spoke Gateway Deployment for On-Premises.

  2. You should be familiar with the Edge Spoke Gateway interfaces. See Edge Spoke Gateway Interfaces.

Edge Spoke Gateway Deployment Workflow in Aviatrix Edge Platform

To deploy an Edge Spoke Gateway, first you need to procure and onboard your edge devices on the platform of your choice (see Prerequisites for Edge Spoke Gateway Deployment for On-Premises).

Next, you deploy the primary and secondary highly available (HA) Edge Spoke Gateways on the edge devices. For cloud connectivity, attach the primary Edge Spoke Gateway to the Transit Gateway. For LAN-side connectivity, attach the primary Edge Spoke Gateway and the LAN-side router.

The diagram below provides a high-level view of the process for deploying Edge Spoke Gateway using Aviatrix CoPilot.

edge aviatrix workflow

The workflow below guides you through these steps.

  1. Create the primary and secondary HA Edge Spoke Gateways.

  2. Attach the primary Edge Spoke Gateway to the Transit Gateway.

  3. Connect the primary Edge Spoke Gateway to an external device.

Creating the Primary and Secondary Edge Spoke Gateway (Aviatrix Edge Platform)

To create a primary and secondary (HA) Edge Spoke Gateway, follow these steps:

Step 1: Gateway Configuration

  1. In Aviatrix CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways > Spoke Gateways tab.

  2. Click + Spoke Gateway, then provide the following information.

    Field

    Description

    Name

    Name for the Edge Gateway.

    The name must start with a letter and contain only letters, numbers, and dashes (no special characters or spaces) and it can be up to 50 characters long.

    Platform

    The platform account where you want to deploy the Edge Gateway.

    You can create and edit platform accounts in CoPilot by going to Cloud Fabric > Hybrid Cloud > Platforms tab. See Set Up the Aviatrix Edge Platform Account.

    Site

    Identifies the edge location.

    You can select an existing name or enter a new name for the edge location.

    High Availability

    The high availability mode.

    • Off creates only the primary Edge Gateway with one active peering.

    • On (Active Standby Mode) enables Edge Gateway connection with one active peering and one standby peering. Only the active peering forwards network traffic. The network switches to the standby peering when the primary peering goes down.

    • On (Active Active Mode) enables Edge Gateway connections with all active peerings to perform load sharing and forward network traffic.

    Preemptive

    Determines the network’s behavior when the primary gateway goes down.

    Preemptive is applicable only when High Availability is set to On with Active Standby Mode. The Preemptive is set on the primary gateway.

    • On enables the network to automatically switch back to the primary gateway when the primary gateway connection is back up.

    • Off enables the network to continue to use the standby gateway even after the primary gateway is back up, until you initiate a manual switchover.

    Primary Device

    The edge device where you want to deploy the primary Edge Gateway.

    Secondary Device

    The edge device where you want to deploy the secondary (HA) Edge Gateway.

    The primary and secondary devices must have the same hardware configuration.

    Gateway Resource Size

    The gateway size.

    • Small - 2 vCPU - 4GB

    • Medium - 4 vCPU - 8GB

    • Large - 8 vCPU - 16GB

    • X-Large - 16 vCPU - 32GB

  3. Click Next to configure the gateway interfaces.

Step 2: Interface Configuration

By default, an Edge Spoke Gateway has three interfaces: one WAN interface on eth0, one LAN interface on eth1, and one Management interface on eth2. You will need these configuration information to configure the interfaces.

In the Interface Configuration section, configure the WAN, LAN, and Management interfaces. If High Availability mode is selected, then configure both the primary and secondary Edge Gateways.

Configuring the WAN Interface

To configure the WAN interface:

  1. In Interface Configuration, click WAN, then provide the following information.

    Field

    Description

    Interface

    This is set to the Edge Gateway’s logical interface.

    IP Assignment

    The default is Static for static IP assignment.

    DHCP for dynamic IP address assignment is not supported.

    Interface Labels

    Name to identify the WAN interface.

    Interface CIDR

    The CIDR for the WAN interface.

    Interface CIDR must be in the format interface_ip/netmask (for example, 192.18.20.1/24).

    Default Gateway IP

    The Default Gateway IP address for the WAN interface.

    For CSP underlay, this is the remote side IP address of the BGP session on CSP VNG or VGW.

    Public IP

    The public IP for the WAN interface.

    The public IP of the WAN interface is used for peering connections over the public network.

Configuring the LAN Interface

To configure the LAN interface:

  1. Click LAN, then provide the following information.

    Field

    Description

    Interface

    The Edge Gateway’s logical interface name.

    IP Assignment

    The default is Static for static IP assignment.

    DHCP for dynamic IP address assignment is not supported.

    VRRP

    To enable Virtual Router Redundancy Protocol (VRRP) on the Edge Gateway, set this switch to On.

    VRRP can be configured only if HA Edge Gateway is configured.

    Interface CIDR

    The native VLAN interface IP address.

    This interface is where untagged packets are sent.

    VRRP Gateway IP

    The Virtual IP for the VRRP Gateway, when VRRP is enabled.

    Default Gateway IP

    The Default Gateway IP address for the native VLAN interface.

    Interface Labels

    Name to identify the native VLAN interface.

  2. If your LAN is segmented into virtual LANs (VLANs), click + VLAN Interface to add one or more VLAN sub-interfaces, then provide the following information for each VLAN sub-interface.

    You cannot edit the VLAN ID after the Edge Gateway is created. To edit the VLAN sub-interface attributes, it is highly recommended to delete and recreate the VLAN sub-interface configuration.

    Field

    Description

    VLAN ID

    The VLAN ID of the VLAN segment.

    VLAN ID must be a number between 2 and 4092.

    VLAN Interface CIDR

    The VLAN IP address of the VLAN segment.

    Default Gateway IP

    The Default Gateway IP address of the VLAN segment.

    Sub-Interface Tag

    Name to identify the VLAN segment.

    When a secondary HA Edge Gateway is configured, the VLAN configurations that are shared between the primary and secondary gateway and are non-editable on the secondary gateway.

Configuring the MGMT Interface

To configure the Management interface, click MGMT, then provide the following information.

Field

Description

Interface

The Edge Gateway’s logical interface name.

IP Assignment

The MGMT interface defaults to DHCP.

This setting cannot be changed.

The Edge Gateway will automatically NAT out of the physical MGMT interface of the edge node when using the Aviatrix Edge platform.

Private Network

Leave this setting to Off.

The Edge Gateway on the edge hardware requires public Internet reachability to connect to the Aviatrix Controller and Aviatrix Edge infrastructure in the cloud.

Egress CIDR (Primary)

The Egress CIDR is the public IP address which the Management interface uses.

If the Public IP is used from Edge Gateway Management interface to establish connectivity to Aviatrix Controller, then configure the Public IP as the CIDR. The CIDR is then added to the Controller security group to allow incoming traffic from the Edge Gateway.

Egress CIDR (Secondary)

The Egress Public IP for the secondary Edge Gateway’s Management interface when High Availability is configured.

If a required field is missing, the interface tab is highlighted to indicate there is an error.

Step 3: Verify the Edge Gateway Creation

See, Verifying the Edge Gateway Creation.

Gateway Configuration

Field

Description

Name

Name for the Edge Gateway.

The name must start with a letter and contain only letters, numbers, and dashes (no special characters or spaces) and it can be up to 50 characters long.

Platform

The platform account where you want to deploy the Edge Gateway.

You can create and edit platform accounts in CoPilot by going to Cloud Fabric > Hybrid Cloud > Platforms tab.

Site

Identifies the edge location.

You can select an existing name or enter a new name for the edge location.

High Availability

The high availability mode.

  • Off creates only the primary Edge Gateway with one active peering.

  • On (Active Standby Mode) enables Edge Gateway connection with one active peering and one standby peering. Only the active peering forwards network traffic. The network switches to the standby peering when the primary peering goes down.

  • On (Active Active Mode) enables Edge Gateway connections with all active peerings to perform load sharing and forward network traffic.

Preemptive

Determines the network’s behavior when the primary gateway goes down.

Preemptive is applicable only when High Availability is set to On with Active Standby Mode. The Preemptive is set on the primary gateway.

  • On enables the network to automatically switch back to the primary gateway when the primary gateway connection is back up.

  • Off enables the network to continue to use the standby gateway even after the primary gateway is back up, until you initiate a manual switchover.

Primary Device

The edge device where you want to deploy the primary Edge Gateway.

Secondary Device

The edge device where you want to deploy the secondary (HA) Edge Gateway.

The primary and secondary devices must have the same hardware configuration.

Gateway Resource Size

The gateway size.

  • Small - 2 vCPU - 4GB

  • Medium - 4 vCPU - 8GB

  • Large - 8 vCPU - 16GB

  • X-Large - 16 vCPU - 32GB

Interface Configuration WAN Interface

Field

Description

Interface

This is set to the Edge Gateway’s logical interface.

IP Assignment

The default is Static for static IP assignment.

DHCP for dynamic IP address assignment is not supported.

Interface Labels

Name to identify the WAN interface.

Interface CIDR

The CIDR for the WAN interface.

Interface CIDR must be in the format interface_ip/netmask (for example, 192.18.20.1/24).

Default Gateway IP

The Default Gateway IP address for the WAN interface.

For CSP underlay, this is the remote side IP address of the BGP session on CSP VNG or VGW.

Public IP

The public IP for the WAN interface.

The public IP of the WAN interface is used for peering connections over the public network.

LAN Interface

Field

Description

Interface

The Edge Gateway’s logical interface name.

IP Assignment

The default is Static for static IP assignment.

DHCP for dynamic IP address assignment is not supported.

VRRP

To enable Virtual Router Redundancy Protocol (VRRP) on the Edge Gateway, set this switch to On.

VRRP can be configured only if HA Edge Gateway is configured.

Interface CIDR

The native VLAN interface IP address.

This interface is where untagged packets are sent.

VRRP Gateway IP

The Virtual IP for the VRRP Gateway, when VRRP is enabled.

Default Gateway IP

The Default Gateway IP address for the native VLAN interface.

Interface Labels

Name to identify the native VLAN interface.

VLAN Interface

If your LAN is segmented into virtual LANs (VLANs), click + VLAN Interface to configure one or more VLAN sub-interfaces.

You cannot edit the VLAN ID after the Edge Gateway is created. To edit the VLAN sub-interface attributes, it is highly recommended to delete and recreate the VLAN sub-interface configurations.

Field

Description

VLAN ID

The VLAN ID of the VLAN segment.

VLAN ID must be a number between 2 and 4092.

VLAN Interface CIDR

The VLAN IP address of the VLAN segment.

Default Gateway IP

The Default Gateway IP address of the VLAN segment.

Sub-Interface Tag

Name to identify the VLAN segment.

When a secondary HA Edge Gateway is configured, the VLAN configurations that are shared between the primary and secondary gateway and are non-editable on the secondary gateway.

MGMT Interface

Field

Description

Interface

The Edge Gateway’s logical interface name.

IP Assignment

The MGMT interface defaults to DHCP.

This setting cannot be changed.

The Edge Gateway will automatically NAT out of the physical MGMT interface of the edge node when using the Aviatrix Edge platform.

Private Network

Leave this setting to Off.

The Edge Gateway on the edge hardware requires public Internet reachability to connect to the Aviatrix Controller and Aviatrix Edge infrastructure in the cloud.

Egress CIDR (Primary)

The Egress CIDR is the public IP address which the Management interface uses.

If the Public IP is used from Edge Gateway Management interface to establish connectivity to Aviatrix Controller, then configure the Public IP as the CIDR. The CIDR is then added to the Controller security group to allow incoming traffic from the Edge Gateway.

Egress CIDR (Secondary)

The Egress Public IP for the secondary Edge Gateway’s Management interface when High Availability is configured.

Attaching Edge Spoke Gateway to Transit Gateway

To attach an Edge Spoke Gateway to a Transit Gateway, perform the prerequisites then create the attachment.

Prerequisites

Before you create the attachment:

  1. Ensure Local ASN Number is configured on Edge and Transit Gateway.

  2. If the Edge to Transit Gateway attachment is over public network, you need to update the WAN Public IP on the Edge Gateway.

    1. Go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.

    2. Click Spoke Gateways.

    3. Locate the Edge Gateway, and click its Edit icon on the right.

    4. In Edit Edge Gateway, go to Interface Configuration and click WAN.

    5. In Public IP, click Discover.

      edge discover public ip

    6. Verify the WAN Public IP and click Save.

Attach Edge Spoke Gateway to Transit Gateway

  • To create a High Performance Encryption mode attachment, make sure the Transit Gateway is created with High Performance Encryption enabled.

  • If you want Jumbo Frame enabled on the Edge Gateway, make sure to enable Jumbo Frame on the Edge Gateway before you attach it to the Transit Gateway.

To create the attachment:

  1. In Aviatrix CoPilot, go to Cloud Fabric > Hybrid Cloud > Edge Gateways tab.

  2. Click Spoke Gateways.

  3. Locate the Edge Gateway, and click Manage Gateway Attachments icon on the right side of the row.

  4. In Manage Gateway Attachments > Transit Gateway tab, click +Attachment and provide the following information.

    Field

    Description

    Transit Gateway

    From the dropdown menu, select the Transit Gateway you want to attach to the Edge Transit Gateway.

    Local Edge Gateway Interface

    From the dropdown menu, select the WAN interface of the local Edge Gateway.

    Attach Over

    From the dropdown menu, select whether the connection between the Edge Gateways is over a Private Network or the Public Network.

    Jumbo Frame

    If you want to use Jumbo Frames for the connection between the Edge Gateways, set Jumbo Frame toggle to On.

    Jumbo Frame option is applicable when the attachment is over a private network.

    High Performance Encryption

    If you want to enable High Performance Encryption (HPE) for the connection between the Edge Gateways, set High Performance Encryption toggle to On.

    Number of Tunnels

    From the dropdown menu, select the number of HPE tunnels to create.

    • Max Tunnels creates the maximum tunnels based on the gateway sizes and the number of interface IPs on the peering gateway.

      This option is available only for connection over a private network.

    • Custom allows you to specify the number of tunnels to create.

  5. To attach the Edge Gateway to another Transit Gateway, click + Attachment again and provide the required information.

    You can attach an Edge Gateway to multiple Transit Gateways. Each attachment can be configured with different parameters, such as connecting interfaces, connection over private or public network, high-performance encryption, and Jumbo Frame.

  6. Click Save.

Connecting Edge Spoke Gateway to an External Device (BGP over LAN)

For LAN-side connectivity, you can connect the Edge Spoke Gateway to an external device, such as a LAN BGP router.

To connect the Edge Gateway to the LAN BGP router, follow these steps.

  1. In CoPilot, navigate to Networking > Connectivity > External Connections (S2C) tab.

  2. From + External Connection To dropdown menu, select External Device, then provide the following information.

    Field

    Description

    Name

    Name to identify the connection to the LAN router.

    Connect Using

    Select BGP.

    Type

    Select LAN.

    Local Gateway

    The Edge Gateway that you want to connect to the LAN router.

    Local ASN

    The Local AS number that the Edge Gateway will use to exchange routes with the LAN router.

    This is automatically populated if the Edge Gateway is assigned an ASN already.

  3. In LAN Configuration, provide the following information.

    Field

    Description

    Remote ASN

    The BGP AS number that is configured on the LAN router.

    Remote LAN IP

    The IP address of the LAN router.

    Local LAN IP

    This is automatically populated with the Edge Gateway’s LAN interface IP address.

  4. Click Save.