What is a Next-Generation Transit Hub and how is it different?
A global transit network is an AWS-sanctioned approach for facilitating communications from many Spoke VPCs to on-premise datacenter resources via a Transit Hub VPC. Organizations may need to build connectivity from spoke VPCs to the on-premise data center to, for example, perform a look up in Active Directory or enable a cloud workload to access a database on premise. While AWS recommends the Global Transit architecture, they do not natively provide transitive routing in their public cloud platform — so they recommend their Network Competency partners such as Aviatrix.
Increasingly, cloud engineers and DevOps teams are involved in provisioning, troubleshooting and scaling AWS networking themselves. Moving at cloud speeds, they are comfortable with treating infrastructure as code-and they want to apply that similar concept to cloud and transit networking. This trend is driving the need for a Next-Generation Transit Hub — one that more easily facilitates cloud teams who perform their own networking to be successful while also being self-sufficient. These teams need to build “to the cloud” and “in the cloud” connections nearly instantly, without having to descend into the Command Line Interface (CLI) or BGP of the IT networking world.
Don’t Default to Implementing Your 90’s Era Network in the Cloud
The Aviatrix Next-Generation Transit Hub redefines AWS transit networking by delivering the network as code, rather than as a virtualized instance of a data center router. With Aviatrix, cloud teams get all the networking needed for AWS, but without the manual configuration, complexity (BGP, CLI ) and provisioning delays introduced with virtual router offerings such as the Cisco CSR v1000. Key features to look for in a Next-Generation Transit Hub include:
Software Defined, Centralized Management
Enabling anyone including a non-network engineer to automate networking. The point-and-click management console — with Terraform and CloudFormation support — automates the network coding and processes that currently only highly skilled network engineers can figure out.
Security by Default
Implements VPC segmentation by default — connectivity from VPC to VPC and VPC to data center only occurs when specified by policy. Additionally, encrypted links, an integrated stateful firewall for policy enforcement, and fully qualified domain name filtering (FQDN), ensure security integration with the transit architecture.
AWS Cloud Native
REST API-based with integration for other modern, third party tools.
Onboard diagnostic tools that make troubleshooting much easier. Identify EC2 Connectivity problems faster to minimize business downtime.
With Aviatrix, networking functionality easily becomes part of the Cloud and DevOps stack, orchestrated in the same way as other cloud and DevOps tools — with change control, Terraform automation, revision control, documentation, and testing all built into the process. The figure below illustrates deployment of the centralized management — the Aviatrix Controller which is deployed in any VPC — that manages one or more Aviatrix Gateways.
A Next-Generation Transit Hub helps cloud teams build connectivity according to their team’s schedule rather than the networking team’s schedule. Time-consuming activities like network provisioning, encryption, routing configuration, maintenance updates, and troubleshooting are no longer complex, error-prone or dependent on another team.