Why Should I use Aviatrix Next Gen Transit when I can just use the AWS Transit Gateway?
The Aviatrix Next Generation Transit Network is built upon the AWS Transit Gateway to provide better security, scalability and functional capabilities that are important for dynamic AWS implementations. Aviatrix was a launch partner of the AWS Transit Gateway (TGW). The Aviatrix advanced features were built in collaboration with the AWS product team.
Here are the main takeaways on how Aviatrix makes the AWS TGW implementation better and more scalable:
Route propagation: The AWS Transit Gateway can learn routes from on-premise environment. It can also advertise attached VPCs back to on-premise routers. But these routes are not propagated to the spoke VPCs. Aviatrix NextGen Transit solution learns routes from on-premise (using BGP) and populates both the AWS TGW route table and the spoke VPC route tables. This function ensures network correctness and avoids risky practices like using static, summarized routes.
Bring your own Firewall: The AWS Transit Gateway native capabilities allow you to insert firewalls in-line. But there is no support for automated failover or scale out performance. The Aviatrix transit DMZ solution is designed to insert firewall of your choice to inspect cloud traffic flow. It does not require the complexity of building IPsec tunnels or external scripts.
Multi-cloud Connectivity: While AWS Transit Gateway provides you an efficient way to connect hundreds of VPCs, it does not address the need for a multi-cloud world. Aviatrix lets you connect AWS VPCs to Azure or other network (transit or otherwise)
East west (VPC to VPC) segmentation: Aviatrix has partnered with AWS to build Security Domains on top of AWS TGW’s route-domains. Aviatrix Security Domains and Connection Policies provide a framework to ensure routes do not get enabled that violate policies. VPCs within a security domain can communicate to each other but VPCs across domains cannot – unless connection policies allow for it. These policies can also granularly define connectivity to on-premise environments.
BGP Route limitations: A BGP connection into the AWS Transit Gateway, there is a hard limit of 100 routes that can advertise in either direction. Which means, if you have 3 routes being advertised from on-premise to the TGW, you can only have 97 VPCs attached to the TGW. If you advertise 10 routes from on-premise, you can only have 90 VPCs attached. Since Cloud consumers are planning for 100s of VPCs across accounts and regions, this is a serious limitation. Aviatrix Orchestrator overcomes this limit by converting BGP to Software-Defined Cloud routing. Aviatrix solution can also summarize the routes as required.
Visibility: Aviatrix is the go-to partner for AWS when it comes to networking and routing. With the introduction of the AWS TGW, Aviatrix has built robust visualization tools that lets you plan and implement connection architectures that span Accounts, Regions and Clouds. More importantly, the visualization feature also alerts you if there are out-of-band updates that violate your Security Domain and Connection Policies.
Troubleshooting: AWS TGW allows connectivity across hundreds of VPCs. But, when connectivity does not work from a source to a destination, it is next to impossible to trace route tables entries based on TGW attachment IDs and VPC CIDRs to debug the issue. Aviatrix Controller helps users troubleshoot connectivity issues by a heuristic analysis of potential issues. The FlighPath troubleshooting feature lets the cloudops user provide source and destination instances and derives potential trouble points like security groups, VPC route tables, TGW configurations, etc.
Aviatrix’s centralized controller, with deep integration into cloud platforms and creative use of networking technologies, offers AWS TGW users a complete solution that helps them build, scale and operate dynamic multi-account, multi-cloud networks.
For more information please visit: https://aws.amazon.com/solutions/aws-global-transit-network/