Aviatrix is excited to announce we have collaborated with AWS to support the AWS Cloud WAN preview. Aviatrix is committed to continuing to provide multi-cloud native networking solutions that leverage Cloud Service Provider (CSP) native technologies. Integrating AWS Cloud WAN with Aviatrix Transit opens advanced use cases from firewall insertion, complex NAT requirements, encrypted on-premises connectivity, and multi-cloud connectivity.
In this post we will discuss architectures for integrating Cloud WAN with Aviatrix Transit.
Overview of Cloud WAN integration
The integration point with Aviatrix to Cloud WAN is through industry-standard GRE tunnels that use the new Cloud WAN attachment type. This allows for route exchanges and can route traffic through the Aviatrix Platform for advanced traffic control, inspection, visibility, and multi-cloud connectivity. The use of GRE tunnels allows for high availability and bandwidth aggregation using Aviatrix’s ActiveMesh 2.0 technology.
Tunnel throughput is aggregated, and traffic will be load-balanced across all available tunnel that are configured between an Aviatrix Transit and Cloud WAN using equal cost multipathing (ECMP). Once tunnels are established, there is full connectivity between your Aviatrix Transit and Cloud WAN deployment. Policies on Cloud WAN can be defined to segment traffic and control access. The same can be done on the Aviatrix Transit. The attachment to Cloud WAN can be its own unique segment that can be used throughout your network topology.
Aviatrix integration use cases
Integration of your Aviatrix Transit with Cloud WAN adds advanced traffic control, NAT capabilities, visibility, and full interoperability. You can get started with the preview today to build our advanced use cases.
FireNet firewall insertion
Aviatrix FireNet makes it easy to seamlessly integrate firewalls into your cloud network architecture. This is a common requirement to bring advanced traffic inspection and next generation firewalling capabilities to cloud architectures. This “easy button” for firewall insertion extends quite naturally to the integration with Cloud WAN.
Traffic can be inspected north/south going to/from the internet as well as east/west going to/from VPCs. This allows for advanced control over traffic and seemly service insertion, as seen in the following diagram.
Encrypted on-premises connectivity
Aviatrix encrypts dataflows by default. The strong security and encryption model for Aviatrix Transit in the cloud can extend to on-premises connectivity using Aviatrix CloudN appliances. This ensure all traffic from on-premises to the cloud is encrypted end-to-end, all the way into the Aviatrix Transit.
Many customers want to ensure that the entire data path is encrypted all the way from on-premises into the cloud. Using Aviatrix for on-premises connectivity ensure that all connectivity is encrypted and secure as it traverses untrusted paths across service providers.
Advanced NAT
With cloud deployments of all sizes, overlapping and conflicting IP CIDR ranges is an increasing inevitability. This is especially true at scale with our largest customers from SaaS providers to healthcare and financial industries. Aviatrix makes it easy to solve for these complex IP conflict scenarios where other solutions quickly run into issues and require complex configurations.
Aviatrix mapped IPsec connectivity makes it incredibly easy to solve otherwise arbitrarily complex NAT scenarios. You simply define real and virtual CIDR address ranges when provisioning an IPsec tunnel. The remote side needs neither additional configuration nor complex NAT rule, in fact the device does not even need to support NAT at all.
You can see what that looks like in action in the following diagram. Customer A and B both have address ranges that directly conflict with VPC A and B that are behind Cloud WAN. The conflicting ranges can be easily mapped to new CIDR ranges that do not conflict using Aviatrix Spoke Gateways.
Visibility
In a previous post on the AWS APN blog we discussed how Aviatrix brings deep visibility, troubleshooting, and monitoring into your cloud networking deployment. The same benefits apply to all traffic going through the Aviatrix Platform as soon as it hit an Aviatrix Gateway. You benefit from the deep traffic visibility and monitoring. In addition, all traffic that traverses your Aviatrix data plane is monitored with Aviatrix ThreatIQ to detect any traffic to malicious destinations on the internet. This adds additional layers of protection to your cloud network as a defense in depth strategy for cloud networking security.
Conclusion
In this post we discussed how Aviatrix can integrate with Cloud WAN to add advanced capabilities and interoperability. This integration highlights the deep relationship that Aviatrix has with each of the CSPs. This allows Aviatrix to provide unique, differentiated multi-cloud native networking capabilities. Reach out to us to get started today!
