What should I understand about overcoming AWS and Azure networking limits?
Overcoming VPN Connection Limits
| Cloud | Network Resource | Default Limit | Hard Limit |
|---|---|---|---|
| AWS | VPN Connections Per Region | 50 | 50 |
| AWS | VPN Connections per VPC | 10 | 10 |
| Azure | User Defined Route Tables | 200 | 200 |
| Azure | User Defined Routes per Route Tables | 400 | 400 |
Aviatrix Site2Cloud feature is an easy, manageable way to overcome these provider limits on VPN connectivity. It also has advanced features like handling overlapping IP addresses. More about this here: How can cloud app providers use Aviatrix to connect with their customers?
Overcoming Peering and Route Table Limits
| Cloud | Network Resource | Default Limit | Hard Limit |
|---|---|---|---|
| AWS | VPC Peering Connections per VPC | 50 | 125 |
| AWS | Static Routes per Route Table | 50 | 100 |
| AWS | BGP advertised routes per route table | 100 | 100 |
Cloud providers’ peering limits can be further complicated by legacy protocols like BGP. Aviatrix AVX Gateways offer encrypted, high performance peering without filling up the Cloud Route Tables. More about this here: How does Aviatrix help overcome the 100 routes limit for AWS routing tables?
Overcoming Security groups and Network ACL Limits
| Cloud | Network Resource | Default Limit | Hard Limit |
|---|---|---|---|
| AWS | Security Groups per VPC | 500 | 500 |
| AWS | Inbound or Outbound rules per Security Group | 60 | SG rules per interface cannot exceed 300. |
| AWS | Security Groups per Network Interface | 5 | 26 |
| AWS | Network ACLs per VPC | 200 | 200 |
| AWS | Rules per Network ACL | 20 | 40 |
Aviatrix can operate as a light-weight stateful firewall (layer 4) to avoid cumbersome host level security configurations: https://docs.aviatrix.com/Solutions/build_zerotrust_cloud_network.html
Enterprises also run into these security rule limitations because there is a requirement to whitelist approved domain names. Aviatrix has an AWS recommended solution for whitelisting Domain Name (FQDN filtering): How can I create Internet ingress and egress security patterns for AWS?
Understanding Limits for Peering, Route Table Entries, Direct Connect and Express Route
| Cloud | Network Resource | Default Limit | Hard Limit |
|---|---|---|---|
| AWS | Virtual Interfaces per AWS Direct Connect | 50 | 50 |
| AWS | Active Direct Connects per region | 10 | 10 |
| AWS | Routes per BGP Session on a Private VIF | 100 | 100 |
| AWS | Routes per BGP Session on a Public VIF | 1000 | 1000 |
| Azure | ExpressRoute ExpressRoute circuits per subscription | 10 | 10 |
| Azure | ExpressRoute circuits per region per subscription | 10 | 10 |
Building a next-gen transit network can overcome these limitations. Aviatrix transit is a software defined, low TCO solution so you can practice network-as-code and scale beyond provider limits.
These provider limits were referenced from:
Become the cloud networking hero of your business.
See how Aviatrix can increase security and resiliency while minimizing cost, skills gap, and deployment time.