Overview of Aviatrix ActiveMesh

The key benefits of ActiveMesh are improved network resiliency, failover convergence time and performance.

ActiveMesh can be applied to connect two Transit GWs. There are 4 tunnels established between the Transit GWs, as shown in the diagram below.

Each Transit GW connecting to the VGW in ActiveMesh mode has two VPN tunnels to the VGW.

The link between two ActiveMesh gateways is used to forward packets when both tunnels are down for one of the ActiveMesh gateway.

For example, in a spoke VPC/VNet, virtual machine (EC2/GCE) traffic is forwarded to the ActiveMesh primary gateway which then forwards traffic to the AVX Transit GW. If both tunnels between the ActiveMesh spoke gateway and the Transit GW are down, the packet is forwarded by the ActiveMesh primary gateway to the backup ActiveMesh gateway.

ActiveMesh enables the Aviatrix Transit Gateway to connect to multiple remote sites over IPsec VPN tunnels.

When you configure VPN to remote sites from MULTI-CLOUD TRANSIT > Setup > External Connection (Connect to VGW/External Device/Azure VNG in the Transit Network workflow, the VPN tunnel is built with route based VPN on the Aviatrix Transit Gateway.

ActiveMesh Transit Gateway supports both remote route based VPN and remote policy based VPN tunnels. In both cases, the Aviatrix Transit Gateway operates in route based mode.

On the other hand, when you configure VPN to remote sites from Site2Cloud page and select a Transit Gateway, the VPN tunnel is built with policy based VPN.

VPC route table points to only one Spoke Gateway, so there is no load balancing for traffic initiated from virtual machine instances. But once the traffic arrives at the gateway for transmission to the Spoke VPC/VNet, the traffic is load balanced across the ActiveMesh peering to the Spoke VPC/VNet Gateways.