What’s New in the Aviatrix Controller?

The Controller Proxy feature has been deprecated and is no longer supported starting with version 8.0.0. Users using this feature should remove proxy configurations and transition to direct outbound access or alternative network configurations as appropriate. Please contact your Account Representative for additional information.

The Gateway Audit feature and the corresponding Gateway Audit Status setting are deprecated starting with version 8.0.0 and will be removed in a future release. While the options may still appear in the Controller UI under Settings > Advanced > Gateway > Gateway Audit Status, they are no longer supported. A deprecation note has been added in the UI for visibility. Avoid using these settings in new deployments.

Supports external connections such as partner networks, SDWAN solutions, and on-prem locations via IPSec and GRE on Aviatrix Transit Edge. This enhancement enables secure partner and remote site connectivity from non-cloud environments like network aggregation sites, Equinix, and Megaport. Customers can land IPSec or GRE connections directly on Aviatrix Transit Edge, available as a physical appliance or as a virtual network service in supported provider locations. Configuration Supported: BGPoIPSec, BGPoGRE, and static IPSec Applications: Connecting to partner networks, integrating SDWAN connectivity, or linking remote sites to the cloud

Provides fine-grained control over BGP route propagation and preference. Aviatrix Secure Cloud Network now supports BGP communities with enhanced controls in version 8.0.0, including global enablement, per-gateway, and per-connection options for blocking, adding, or replacing communities. Communities Supported: Numeric communities such as 65535:65535, No-Advertise, and No-Export

Enables rapid failure detection between BGP peers, reducing downtime and accelerating convergence. BFD provides a proactive alternative to BGP hold timers and supports both single-hop and multi-hop configurations for external BGP sessions on Aviatrix gateways.

Adds support for deploying Transit Edge and Spoke Edge via Megaport Virtual Edge (MVE) using cloud-init. This expands deployment options for Aviatrix Edges in all Megaport-enabled locations.

Extends ActiveMesh BGP peering to LAN neighbors at the Edge. This is ideal for data center and mid-mile network architectures such as deployments at Equinix, enabling BGP peering from single or HA Edge instances to remote LAN HA routers.

Introduced a non-ActiveMesh option for Megaport edge peerings and Site-to-Controller connections to support Layer 2 point-to-point connectivity.

Starting with version 8.0.0, the Controller includes an automatic upgrade mechanism that periodically checks for and installs critical security fixes for operating system packages. This enhancement helps ensure that the Controller stays protected against known vulnerabilities without requiring manual intervention.

Automatic upgrades do not trigger a system reboot. If a kernel update is included, it will be queued and applied at the next manual reboot.

Optimized route reconciliation at the gateway to reduce CPU and memory usage, improving performance in large-scale testbeds. Benchmarks have been added to help calculate scale parameters such as CPU usage relative to the number of routes.

Starting with version 8.0.0, the Controller associates Google Cloud Resource Manager tags with VPCs in GCP. These tags can be used to match VPCs in Distributed Cloud Firewall (DCF) rules, similar to how tag-based matching works in AWS and Azure. This enhancement enables more granular control and simplifies GCP VPC management by allowing DCF rules to be applied based on specific tags.

Allows configuring pushconfig timeouts at the system level, enabling support teams to adjust timeouts more efficiently.

Starting with version 8.0.0, the Controller reduces memory consumption in the Cloud Account Inventory (CAI) system by eliminating redundant storage of cloud provider credentials across regions. This enhancement improves system performance and stability, especially in large-scale or resource-constrained environments. No configuration changes are needed—this optimization is applied automatically upon upgrade.

Transit Edge S2C Static IPSec configuration is a preview feature in this release.

SNI Verification is a preview feature that allows matching certificate fields (CN/SAN) with the SNI field in TLS connections.
See SNI Verification (Preview) under CoPilot Features for details.

Starting with version 8.0.0, the upgrade_platform API no longer supports upgrading the Controller and Gateways in a single API call. To perform an upgrade, first upgrade the Controller using one API call. Then, initiate a separate call to upgrade one or more Gateways.

Added a configurable option to increase the MAX_APP_DOMAINS limit for specific users, after a safety review. The publicly supported maximum remains 1200. This configuration change may impact user migration workflow.