About Gateway Routing Settings
This document describes routing features that you can enable for Aviatrix Spoke and Transit gateways. To enable routing features, see Enabling Gateway Routing Features.
About Spoke Gateway Routing Features
Configure Private VPC/VNet Default Route
This routing feature minimizes VPC private routing table programming.
When enabled, this feature allows the Aviatrix Controller to program a default route in the Transit VPC’s private routing table to point to the Spoke Gateway. Subsequently, any route change from the attached Transit Gateway will need no route change to the Transit Gateway’s private routing table.
This feature is only supported for Spoke Gateways in AWS. |
Skip Public VPC/VNet Route Table
This routing feature minimizes VPC public routing table programming.
When enabled, this feature allows the Aviatrix Controller to skip the Spoke VPC’s public routing table programming for non-RFC 1918 route changes from the attached Transit Gateway.
This feature is only supported for Spoke Gateways in AWS.
Customize Spoke VPC/VNet route table and this feature are mutually exclusive. |
Auto Advertise Spoke Site2Cloud CIDRs
Dynamic Route updates on Spoke Gateway for Site2Cloud allows regional redundancy for overlapping and non-overlapping CIDRs.
Route will be auto advertised or removed for remote and local virtual CIDRs when:
-
Site2Cloud connection is created or deleted.
-
Site2Cloud connection status changes to up or down.
-
Spoke-to-Transit gateway link goes down.
This routing feature is only supported for mapped Site2Cloud connections on AWS and AWS-GovCloud, GCP, and Azure and Azure-GovCloud. |
Customize Spoke VPC/VNet Route Table
This routing feature enables you to customize Spoke VPC or VNet route table entry by specifying a list of comma separated CIDRs. When a CIDR is entered in this field, automatic route propagation to the Spoke(s) VPC or VNet will be disabled, overriding propagated CIDRs from other Spoke and Transit gateways and on-prem network. For example, you could enable this feature for a Spoke VPC or VNet that is customer facing and your customer is propagating routes that may conflict with your on-prem routes.
When this feature is enabled on an Aviatrix Spoke Gateway, only that gateway VPC or VNet route table is applied.
To disable this feature, leave the CIDRs field empty.
Exclude Learned CIDRs to Spoke VPC/VNet Route Table
This routing feature enables you to filter on-prem network CIDRs to Spoke VPC or VNet route table entry by specifying a list of comma separated CIDRs. For example, you could enable this feature for a Spoke VPC or VNet that is customer facing, and you do not want your customer to access all your on-prem network CIDRs.
-
The list of the filtered out CIDRs can be a super set of on-prem learned routes. For example, if the on-prem learned routes are 100.10.0.0/24 and 100.10.1.0/24, you can enter 100.10.0.0/16 to filter out both routes.
-
If the filtered out CIDR is a subnet of on-prem learned CIDR, the filtered CIDR won’t work.
-
When this feature is applied to a specific Spoke VPC or VNet, only the Spoke VPC or VNet route table is affected.
Customize Spoke Advertised VPC/VNet CIDRs
This routing feature enables you to selectively exclude some VPC or VNet CIDRs from being advertised to on-prem.
For example, if you have Spoke VPCs or VNets that have multiple CIDR blocks, among which some of them are overlapping. If you attach these Spoke VPCs or VNets, the Aviatrix Controller will reject them as there are overlapping CIDRs. By excluding the overlapping CIDRs, you will be able to attach the Spoke VPC/VNets.
When this feature is applied to an Aviatrix Spoke Gateway, the list is a "Include list", that is, only the CIDRs in the input fields are advertised to on-prem. Include list can be network ranges that are outside the Spoke VPC or VNet CIDR.
Update Encrypted Spoke VPC/VNet CIDRs
This routing feature queries the cloud service provider (CSP) and updates the Aviatrix Spoke VPC or VNet route tables with any added CIDRs without detaching or re-attaching the Spoke Gateway.
For example, when new subnets and instances are added to a Spoke VPC, Aviatrix automatically updates the Spoke VPC route tables and propagates the new CIDRs to the transit network depending on the routing configurations.
This feature is supported on AWS, Azure, and GCP clouds.
About Transit Gateway Routing Features
Customize Attached Spoke VPC/VNet Route Tables
This routing feature enables you to customize the attached Spoke VPC/VNet route table entry by specifying a list of comma-separated CIDRs. When a CIDR is entered in this field, automatic route propagation to the attached Spoke(s) VPC/VNet will be disabled, overriding propagated CIDRs from other Spoke and Transit gateways and on-prem network. For example, you could enable this feature for a Spoke VPC/VNet that is customer facing and your customer is propagating routes that may conflict with your on-prem routes.
When this feature is enabled on an Aviatrix Transit Gateway, all Spoke VPCs or VNets route tables are customized.
This feature does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs.
To disable this feature, leave the CIDRs field empty.
Exclude Learned CIDRs to Attached Spoke VPC/VNet Route Tables
This routing feature enables you to filter on-prem network CIDRs to the attached Spoke VPC or VNet route table entry by specifying a list of CIDRs to filter separated by commas. For example, you could enable this feature for a Spoke VPC or VNet that is customer facing, and you do not want your customer to access all your on-prem network CIDRs.
-
The list of CIDRs to filter can be a super set of on-prem learned routes. For example, if the on-prem learned routes are 100.10.0.0/24 and 100.10.1.0/24, you can enter 100.10.0.0/16 to filter out both routes.
-
If the filtered CIDR is a subnet of on-prem learned CIDR, the filtered CIDR won’t work.
-
When this feature is applied to the Aviatrix Transit Gateway, all attached Spoke VPCs or VNets will filter on the configured routes.
This feature does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs.
Exclude CIDRs from Attached Spokes Advertisement
This routing feature enables you to selectively exclude some VPC/VNet CIDRs from being advertised to on-prem. For example, you could enable this feature for Spoke VPC/VNets that have multiple CIDR blocks, among which some of them are overlapping. If you attach these Spoke VPC/VNets, the Aviatrix Controller will reject them as there are overlapping CIDRs. By excluding the overlapping CIDRs, you will be able to attach the Spoke VPC/VNets.
When this feature is applied to an Aviatrix Transit Gateway, the list is a "Exclude list", that is, the CIDRs in the input fields will be excluded from being advertised to on-prem.
Customize Transit VPC/VNet Routes
This routing feature enables you to customize Spoke VPC or VNet route table entry by specifying a list of comma-separated CIDRs. When a CIDR is inserted in this field, automatic route propagation to the Spoke(s) VPC/VNet will be disabled, overriding propagated CIDRs from other Spoke and Transit gateways and on-prem network. For example, you could enable this feature for a Spoke VPC/VNet that is customer facing and your customer is propagating routes that may conflict with your on-prem routes.
When this feature is enabled on an Aviatrix Transit Gateway, all Spoke VPCs or VNets route tables are customized.
This feature does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs.
To disable this feature, leave the CIDRs field empty.