Gateway Route Handling
The following configurations applies to Aviatrix Spoke and Transit gateways.
Customize Spoke VPC Routes
This feature allows you to customize Spoke VPC/VNet route table entry by specifying a list of comma separated CIDRs. When a CIDR is inserted in this field, automatic route propagation to the Spoke(s) VPC/VNet will be disabled, overriding propagated CIDRs from other spokes, transit gateways and on-prem network. One use case of this feature is for a Spoke VPC/VNet that is customer facing and your customer is propagating routes that may conflict with your on-prem routes.
When this is enabled on an Aviatrix Transit Gateway, all Spoke VPC/VNets route tables are customized.
When it is enabled on an Spoke Gateway, only that gateway VPC/VNet route table is applied. This feature does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs.
To disable this feature, empty the field and click Save. The on-prem learned routes will be propagated in to the Spoke VPC/VNet routes.
Filter Learned Routes to Spoke VPC/VNet
This feature allows you to filter on-prem network CIDRs to Spoke VPC/VNet route table entry. The unwanted list of CIDRs should be entered as input. This list of CIDRs should be comma separated. One use case of this feature is for a Spoke VPC/VNet that is customer facing and you do not wish your customer to access all your on-prem network CIDRs.
The list of the filtered out CIDRs can be a super set of on-prem learned routes. For example, if the on-prem learned routes are 100.10.0.0/24 and 100.10.1.0/24, you can enter 100.10.0.0/16 to filter out both routes.
If the filtered out CIDR is a subnet of on-prem learned CIDR, the filtered CIDR won’t work.
When it is applied to the Aviatrix Transit Gateway, all attached Spoke VPC/VNets will filter on the configured routes.
When it is applied to a specific Spoke VPC/VNet, only the Spoke VPC/VNet route table is affected. This feature does not apply to AWS Transit Gateway (TGW) attached Spoke VPCs.
Customize Advertised Spoke VPC CIDRs
This route policy enables you to selectively exclude some VPC/VNet CIDRs from being advertised to on-prem.
One use case is if you have Spoke VPC/VNets that have multiple CIDR blocks, among which some of them are overlapping. If you attach these Spoke VPC/VNets, the Aviatrix Controller will reject them as there are overlapping CIDRs. By excluding the overlapping CIDRs, you will be able to attach the Spoke VPC/VNets.
When this policy is applied to an Aviatrix Transit Gateway, the list is an "Exclude list" meaning the CIDRs in the input fields will be excluded from advertising to on-prem.
When this policy is applied to an Aviatrix Spoke gateway, the list is an "Include list" meaning only the CIDRs in the input fields are advertised to on-prem. In Release 4.7 and later, the "Include list" can be network ranges that are outside of the Spoke VPC/VNet CIDR.
Configure Private VPC Default Route
This feature allows to configure default route in private VPC only. This is only supported for AWS Spoke gateway.
Skip Public VPC Route Table
Route Table Optimization allows customer to skip public VPC route table programming. This is only supported for AWS Spoke gateway and ActiveMesh 2.0. Customize Spoke CIDR and this feature are mutually exclusive.
Auto Advertise Spoke Site2Cloud CIDRs
Dynamic Route updates on Spoke for Site2Cloud allows regional redundancy for Overlapping and Non-overlapping CIDRs.
Route will be Auto Advertised or Removed for Remote and Local Virtual CIDRs when:::
-
S2C connection is created/deleted
-
S2C connection status change up/down
-
Spoke to Transit link goes down This feature is supported for mapped S2C connections only and on the
- following clouds.
-
-
AWS and AWS-Gov
-
GCP
-
Azure and Azure-Gov
-