Creating a Spoke Gateway

Follow the steps below to create a Spoke Gateway and highly available Spoke gateway instances.

  1. In CoPilot, navigate to Cloud Fabric > Gateways > Spoke Gateways tab, and click + Spoke Gateway.

  2. Create the Spoke Gateway.

    Provide the following information for the Spoke Gateway.

    Parameter

    Description

    Name

    Enter a name for the Spoke Gateway.

    Cloud

    Select the Cloud Service Provider (CSP) where to create the Spoke Gateway.

    For AWS and Azure, you can use the dropdown menu to select Standard or Global, China, or GovCloud.

    Account

    Select the cloud access account for creating the Spoke Gateway.

    Region

    Select the cloud region in which to create the Spoke Gateway.

    VPC/VNet

    Select the VPC or VNet in the selected region in which to create the Spoke Gateway.

    Instance Size

    Select the gateway instance size.

    When selecting the gateway size, note that the size you select affects your IPsec performance.

    High Performance Encryption

    Set this toggle to On to enable High Performance Encryption (HPE) for the Spoke Gateway.

    HPE enables 10Gbps and higher IPsec performance between two single Aviatrix Gateway instances or between a single Aviatrix Gateway instance and on-prem Aviatrix appliance.

    You cannot turn High Performance Encryption On or Off after the Spoke Gateway is created.

    Attach to Transit Gateway

    Select the Transit Gateway to which to attach this Spoke Gateway.

    Use the Advanced Settings section to set the advanced gateway settings that may apply.

    Parameter

    Description

    BGP (all clouds)

    Set this toggle to On to enable the Spoke Gateway to run BGP connection to external routers and dynamically exchange routes.

    BGP over LAN (Azure only)

    Set this toggle to On for BGP connection over LAN.

    Enter the number of LAN interfaces you need (maximum is eight) for the BGP connection.

    You must set both BGP and BGP over LAN settings to On to enable BGP over LAN connection on the Spoke Gateway.

    Global VPC (GCP only)

    Set this toggle to On to connect the Spoke Gateway to a global VPC.

    Use the Instances section to create highly available Spoke gateway instances.

    • A Spoke Gateway can have up to 15 highly available gateway instances.

    • All gateway instances share the same properties as the Spoke Gateway.

    • All gateway instances are created in active-active mode.

    • A BGP-enabled Spoke Gateway can have up to two highly available gateway instances.

    • A Spoke Gateway with Site2Cloud, SNAT, DNAT, or FQDN enabled can have up to two highly available gateway instances.

    To create a gateway instance, click + Instance and designate the subnet and IP address of the gateway instance.

    Parameter Description

    Attach to Subnet

    Select the subnet in which to create the Spoke gateway instance.

    For best practice, select a different subnet in a different availability zone from the other Spoke gateway instances.

    Public IP

    Enter the public IP addresse of the gateway instance.

    (AWS only) To allocate a new EIP, leave Public IP as Allocate New Static Public IP.

  3. Click Save.