About Spoke Gateway Settings

Your cloud provider account. The Aviatrix Controller uses your cloud provider’s account credentials to launch Aviatrix gateways via cloud provider API calls.

To learn more about cloud provider access accounts, see Accounts and Users.

Instance Size is the gateway instance size.

When selecting the gateway instance size, use the following guidelines of IPsec performance based on IPERF tests conducted between two gateways of the same size:

High Performance Encryption (HPE) is an Aviatrix technology that enables 10Gbps and higher IPsec performance between two single Aviatrix Gateway instances or between a single Aviatrix Gateway instance and on-prem Aviatrix appliance.

When a gateway instance is launched with High Performance Encryption enabled, the Aviatrix Controller will look for a spare /26 subnet segment to create a new public subnet "-insane" and launch the gateway on this subnet.

The instance sizes that support High Performance Encryption are:

For an overview of Aviatrix High Performance Encryption, see About High-Performance Encryption.

You attach a Spoke Gateway to a Transit Gateway to create a hub-spoke topology.

When you attach a Spoke Gateway to a Transit Gateway, the Aviatrix Controller attaches the Spoke VPC or VNet to the Transit VPC by building encrypted peering and transitive peering between the Spoke Gateway and the Transit Gateway.

When BGP is enabled, the Spoke Gateway establishes a BGP connection to an external router to dynamically exchange routes. It also establishes an IPsec tunnel to the router for packet forwarding.

A Spoke gateway with BGP enabled has a few restrictions compared to a non-BGP Spoke.

In AWS, BGP over LAN feature allows BGP-enabled Spoke Gateways to establish a connection with a pair of third-party instances, that are in the same VPC as the Spoke Gateway, without using the IPsec or GRE tunneling protocol.

In Azure, BGP over LAN allows BGP-enabled Spoke Gateways to establish a connection with a pair of third-party instances, that are in the same VNet but different from the Spoke Gateway VNet, without using the IPsec or GRE tunneling protocol.

Multiple BGP over LAN connections are supported, however, each connection can be connected to one or at most two third-party instances. For Azure, the two third-party instances must be in the same VNet.

For Azure, when configuring BGP over LAN, you must indicate the number of LAN interfaces you need (maximum is eight).

To learn more about BGP over LAN connections, refer to:

For more information about connecting BGP-enabled Spoke Gateways to an external device, see:

The Aviatrix Gateway High Availability feature enables you to create High Availability (HA) gateways for Spoke and Transit Gateways to minimize and reduce network downtime and improve network stability and performance.

When HA Spoke and Transit gateways are deployed, the Aviatrix Controller monitors your cloud network deployment, detects if a gateway is down and handles failover resolution automatically.

For an overview of the Aviatrix Gateway High Availability feature, see About Gateway High Availability.

Aviatrix Gateways are launched in a public subnet in AWS, GCP, and OCI. A public subnet in AWS VPC is defined as a subnet whose associated route table has a default route entry that points to the Internet gateway (IGW). To learn more about VPC and subnets, refer to this link.

If you do not have a VPC/VCN with public subnet in AWS, GCP, or OCI, you can use our Creating a VPC/VNet using CoPilot tool to create a VPC with fully populated public and private subnets in each AZ.

The Use VPC/VNet DNS Server feature enables you to set the default DNS server for the Aviatrix gateway.

When this feature is On, it removes the default DNS server for the Aviatrix Gateway and instructs the gateway to use the VPC or VNet DNS server configured in VPC or VNet DHCP option.

When this feature is Off, the Aviatrix Gateway will revert to use its built-in (default) DNS server.

For more information, see Using VPC/VNet DNS Server.

Jumbo Frame improves Aviatrix Gateway throughput performance.

The GRO/GSO feature enables you to configure the gateway interface and enable or disable Generic Receive Offload (GRO) and Generic Segmentation Offload (GSO).

GRO/GSO is On by default to improve performance. You can set this feature to Off to minimize out of order packets for sensitive applications (like FTP), but there will be a performance throughput penalty.

The Gateway Single AZ HA feature enables the Aviatrix Controller to monitor the health of the gateway instance and restart the gateway instance if it becomes unreachable. Gateway Single AZ HA is enabled by default.

Using Gateway Single AZ HA, you can select the gateway instance to restart.

When Gateway Single AZ HA status is On, the Aviatrix Controller attempts to restart the gateway instance. When status is Off, Controller does not attempt to restart the gateway instance.

Using the Change Interface(s) RX Queue Size, you can select a gateway and set the gateway’s interface(s) RX Queue Size.

This feature enables you to deploy a BGP-enabled Spoke Gateway connection to an external device where the external device, such as an on-premises firewall, does not support asymmetric routing on two tunnels.

Active-Standby mode applies to both BGP and Static Remote Route Based external connections.

When Active-Standby mode is enabled, the BGP-enabled Spoke Gateway connects to the external device with only one active peering connection forwarding network traffic and the other as standby.

If you enable Active-Standby mode, you can select the Failover Mode to determine the network’s behavior when the active peering connection goes down.

For more information, see About Active-Standby External Connection Configuration.