Transit Network VPC. AWS Reference Deployment Guide. Last updated: May 10, Aviatrix Systems, Inc. 411 High Street Palo Alto, CA USA

Similar documents
Configuring VPC Peering For AWS

Configuring VNet Peering For Azure

Configuring Aviatrix Encryption

Aviatrix Virtual Appliance

AWS Remote Access VPC Bundle

Configuring User VPN For Azure

Aviatrix Site2Cloud Virtual Appliance

Docker Container Access Reference Design

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

A Reference Design. VPN user access and VPC networking. Version Copyright Aviatrix Systems, Inc. All rights reserved.

AWS Networking Fundamentals

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Introducing AWS Transit Gateway

Creating Your Virtual Data Center

AWS VPC Cloud Environment Setup

Advanced CSR Lab with High Availability and Transit VPC

Deploying Transit VPC for Amazon Web Services

CloudN Startup Guide. Version Copyright Aviatrix Systems, Inc. All rights reserved. Aviatrix Systems Page 0

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

How to Configure VNET peering with the F-Series Firewall

Extending Enterprise Security to Multicloud and Public Cloud

SD-WAN Deployment Guide (CVD)

LTRDCN-2100 Cloud networking solutions with Cisco Cloud Services Router (CSR 1000V) on AWS and Azure

aviatrix_docs Documentation

Securely Access Services Over AWS PrivateLink. January 2019

AWS Networking & Hybrid Cloud Connectivity

EdgeConnect for Amazon Web Services (AWS)

Cisco Multicloud Portfolio: Cloud Connect

vcloud Director Tenant Portal Guide vcloud Director 8.20

VMware Cloud on AWS Operations Guide. 18 July 2018 VMware Cloud on AWS

VMware Cloud on AWS Getting Started. 18 DEC 2017 VMware Cloud on AWS

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

How to Configure Forcepoint NGFW Route-Based VPN to AWS with BGP TECHNICAL DOCUMENT

Top 30 AWS VPC Interview Questions and Answers Pdf

How to Configure a Site-To-Site IPsec VPN to the Amazon AWS VPN Gateway

MCR Connections to Amazon Web Services via Direct Connect (DX)

Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN

vcloud Director User's Guide

Virtual Private Cloud. User Guide. Issue 03 Date

How to Configure Azure Route Tables (UDR) using Azure Portal and ARM

FortiGate. on OCB FE Configuration Guide. 6 th December 2018 Version 1.0

vcloud Director User's Guide

VNS3 Configuration. IaaS Private Cloud Deployments

vcloud Director User's Guide

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Deploy the Firepower Management Center Virtual On the AWS Cloud

ONBOARDING GUIDE GLOBALPROTECT CLOUD SERVICE FOR REMOTE NETWORKS

Creating your Virtual Data Centre

vcloud Director User's Guide

NGFWv and ASAv in Public Cloud

Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014

AWS_SOA-C00 Exam. Volume: 758 Questions

NGF0502 AWS Student Slides

How to Configure an IPsec Site-to-Site VPN to a Windows Azure VPN Gateway

1. VPC and Subnet Layout

SAM 8.0 SP2 Deployment at AWS. Version 1.0

VNS3 version 4. Free and Lite Edition Reset Overlay Subnet

1. Click on "IaaS" to advance to the Windows Azure Scenario. 2. Click to configure the "CloudNet" Virtual Network

Cisco CSR1000V Overview. Cisco CSR 1000V Use Cases in Amazon AWS

How to Configure an IKEv1 IPsec Site-to-Site VPN to the Static Microsoft Azure VPN Gateway

MCR Google Cloud Partner Interconnect

Configuring AWS for Zerto Virtual Replication

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

Virtual Private Cloud. User Guide

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

25 Best Practice Tips for architecting Amazon VPC

VMware Cloud on AWS Networking and Security. 5 September 2018 VMware Cloud on AWS

VMware vshield Edge Design Guide

VNS3 Configuration. Quick Launch for first time VNS3 users in Azure

NGFWv & ASAv in Public Cloud (AWS & Azure)

Multicloud Networking: An Overview. Shannon McFarland CCIE #5245 Distinguished

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Microsoft Azure Configuration. Azure Setup for VNS3

VNS3 IPsec Configuration. VNS3 to Cisco ASA ASDM 5.2

Networking in AWS. Carl Simpson Technical Architect, Zen Internet Limited

Creating Your Virtual Data Center

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

How to Configure an IPsec VPN to an AWS VPN Gateway with BGP

Workspace ONE UEM Certificate Authentication for Cisco IPSec VPN. VMware Workspace ONE UEM 1810

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Amazon Virtual Private Cloud Deep Dive

PROTECT WORKLOADS IN THE HYBRID CLOUD

Amazon Virtual Private Cloud Deep Dive

FortiMail AWS Deployment Guide

How to Configure an IKEv1 IPsec VPN to an AWS VPN Gateway with BGP

VNS3 IPsec Configuration. VNS3 to Cisco ASA ASDM 9.2

VMware Cloud on AWS Operations Guide. 19 December 2018 VMware Cloud on AWS

SelectSurvey.NET AWS (Amazon Web Service) Integration

Restrictions for DMVPN Dynamic Tunnels Between Spokes. Behind a NAT Device. Finding Feature Information

Virtual Private Network. Network User Guide. Issue 05 Date

WAF on AWS Deployment Kit. On Demand. Configuration Guide

MyIGW Main. Oregon. MyVPC /16. MySecurityGroup / us-west-2b. Type Port Source SSH /0 HTTP

Configuring High Availability

VNS3 Configuration. ElasticHosts

Configuring High Availability (HA)

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Cloud Native Security. OpenShift Commons Briefing

Puppet on the AWS Cloud

VM-SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES

Cisco Multicloud Portfolio: Cloud Connect

Transcription:

Transit Network VPC AWS Reference Deployment Guide Last updated: May 10, 2017 Aviatrix Systems, Inc. 411 High Street Palo Alto, CA 94301 USA http://www.aviatrix.com Tel: +1 844.262.3100

TABLE OF CONTENTS 1 Overview...1 2 Aviatrix Solution Key Benefits...2 3 Pre Configuration Checklist...2 3.1 Deploy the Aviatrix Controller...2 3.2 Check VPC Settings...3 4 Configuring VPC Peering...4 4.1 Step 1 Deploy Gateways...5 4.2 Step 2 Connect Spoke VPC to Transit VPC...5 4.3 Step 3 Connect Corporate Data Center to Transit VPC...6 4.4 Step 4 Configure Transitive Routing...6 5 Appendix Terminating on VGW...8 6 Appendix Support...9 6.1 Aviatrix Support...9 6.2 AWS Support...9

1 Overview Aviatrix is a next generation cloud networking solution built from the ground up for the public cloud. It simplifies the way you enable site to cloud, user to cloud and cloud to cloud secure connectivity and access. The Aviatrix solution requires no new hardware and deploys in minutes. This configuration guide provides step by step instruction on how to build a highly available AWS Transit VPC. Below is an architecture diagram of what a general AWS Transit VPC deployment looks like, where a Hub VPC (or Transit VPC) connects many Spoke VPCs to facilitate communication between Spoke VPC and on-prem network. A B n... Aviatrix Controller Aviatrix Gateways TRANSIT VPC LEGEND IPSec Aviatrix control traffic Corporate Data Center(s) Other Cloud Providers Page 1 of 11

2 Aviatrix Solution Key Benefits Simplicity. Centrally managed, point and click solution deploys in minutes. Highly Available. Built-in gateway redundancy supports hot standby and fail over in seconds. Cost Saving. If hub and spoke VPCs are in the same region, encrypted traffic is routed over AWS peering, reducing network bandwidth cost by 10 times (comparing to AWS Transit VPC solution that goes over Internet with VGW for hub and spoke traffic). Scalable. The solution does not require a unique public IP address on the hub gateway connecting to each spoke gateway. No limits on the number of spoke VPCs can be connected to hub VPC. Visibility. Central dashboard monitors, displays and alerts link status and link latency. Additional Benefits. Stateful firewall at the gateway to enforce security policies. OpenVPN based user access allows end to end cloud network solution. For more details, visit www.aviatrix.com. 3 Pre Configuration Checklist Before configuring user VPC peering, make sure the following is completed. Pre Configuration Check List 1. Deploy the Aviatrix Controller 2. Check VPC Settings These prerequisites are explained in detail below. 3.1 Deploy the Aviatrix Controller The Aviatrix Controller must be deployed and setup prior to configuring VPC and site peering. Please reference the Aviatrix Controller getting started guide for AWS on how to deploy the Aviatrix Controller. Aviatrix Controller Getting Started Guide Check and make sure you can access the Aviatrix Controller dashboard and login with an administrator account. The default URL for the Aviatrix Controller is: https://<public ip of Aviatrix Controller> Page 2 of 11

3.2 Check VPC Settings The VPC must have at least one public subnet to deploy the gateway. This means one subnet must be associated with a route table that has an IGW as its default route. If your hub VPC and spoke VPC are in the same region and you like to route the traffic over AWS peering, go to AWS console and configure the necessary AWS peering between the two VPCs. Page 3 of 11

4 Configuring VPC Peering Please make sure the pre-configuration steps in the previous section is completed before proceeding. The instructions in this section will use the following architecture. The CIDR and subnets may vary depending on your VPC setup; however, the general principals will be the same. 2 Region: US-WEST1 3 CIDR: 10.1.0.0/16 Region: US-EAST1 CIDR: 10.2.0.0/16 Corporate Data Center Location: California CIDR: 10.3.0.0/16 1 Aviatrix Controller Aviatrix Gateways LEGEND IPSec Aviatrix control traffic TRANSIT VPC Location: US-WEST1 CIDR: 10.0.0.0/16 In this example we have three VPCs: Transit VPC, spoke VPC in US-WEST1 and spoke VPC in US-EAST1. The corporate data center is located in California. The system will be configured such that all spoke nodes and sites will be able to communicate with each other via the transit VPC. Page 4 of 11

4.1 Step 1 Deploy Gateways The first step is to deploy Aviatrix gateways in each VPC. Instructions: 1. Login to the Aviatrix Controller Console 2. Click on Gateway -> Create Setting Cloud Type Account Name Region VPC ID Gateway Name Public Subnet Gateway Size Enable NAT VPN Access Value Choose AWS Choose the account name Choose the region where your VPC is located Choose the VPC This name is arbitrary (ex. gw01) Select a public subnet where the gateway will be deployed t2.micro is fine for testing. Uncheck this box Uncheck this box 3. Click Create. It will take a few minutes for the gateway to deploy. Do not proceed until the gateway is deployed. 4. Repeat steps 2 and 3 for the additional 2 VPCs in this example. 5. Done 4.2 Step 2 Connect Spoke VPC to Transit VPC This step explains how to connect a spoke VPC to the transit VPC. Instructions: 1. From the Aviatrix Controller Console 2. Click VPC/VNet -> Encrypted Peering -> Encrypted Peering. 3. Click Add 4. Select the VPC1 (transit) gateway and VPC2 (spoke 1) gateway for the peering Note: If the two VPCs are in the same region, you can check the box over AWS Peering. This would allow the encrypted peering to route traffic over native AWS peering, resulting in 10 times bandwidth saving. 5. Click Add 6. Select the VPC1 (transit) gateway and VPC3 (spoke 2) gateway for the peering and then click Add 7. Done Page 5 of 11

4.3 Step 3 Connect Corporate Data Center to Transit VPC This step explains how to connect the corporate data center to the transit VPC Instructions: 1. From the Aviatrix Controller Console 2. Click VPC/VNet -> Site2Cloud - >Add Setting VPC ID/VNet Name Gateway Connection Name Customer Gateway IP Address: Customer Network Private Route Encryption Cloud Subnet Null Encryption Value Choose Transit VPC ID Choose Transit VPC gateway This name is arbitrary (ex. corpdatacenter) Public IP address of the terminating device at the corp datacenter 10.3.0.0/16 (in this example) Uncheck 10.0.0.0/16, 10.1.0.0/16, 10.2.0.0/16 (in this example) Uncheck 3. Click Add 4. Click List, select the Transit VPC ID and then click Run 5. Put a check mark next to your Connection Name (from above) and then click download 6. If your terminating device is a Cisco ASA, select ASA, otherwise, select Generic. 7. This template file contains the necessary information to configure the terminating device at the corp data center. Once the terminating device is configured, the tunnel will automatically come up. 8. Done 4.4 Step 4 Configure Transitive Routing This step explains how to configure transitive routing so that every spoke and site node can communicate with each other via the transit VPC. Instructions: 1. From the Aviatrix Controller Console 2. Click VPC/VNet -> Encrypted Peering -> Transitive Peering a. For VPC2 (spoke 1) select: i. Click Add ii. Source VPC: VPC2, Next Hop VPC: VPC1 (transit), Destination CIDR: 10.2.0.0/16 iii. Click Add and then Add again iv. Source VPC: VPC2, Next Hop VPC: VPC1 (transit), Destination CIDR: 10.3.0.0/16 v. Click Add b. For VPC3 (spoke 2) select: i. Click Add ii. Source VPC: VPC3, Next Hop VPC: VPC1 (transit), Destination CIDR: 10.1.0.0/16 Page 6 of 11

3. Done iii. Click Add and then Add again iv. Source VPC: VPC3, Next Hop VPC: VPC1 (transit), Destination CIDR: 10.3.0.0/16 v. Click Add Page 7 of 11

5 Appendix Terminating on VGW The Aviatrix transit VPC solution also supports terminating on AWS VGWs in the spoke VPC. In this case, the AWS VGWs must be manually setup in each spoke VPC. A B n... Aviatrix Controller Aviatrix Gateways TRANSIT VPC LEGEND IPSec Aviatrix control traffic Corporate Data Center(s) Other Cloud Providers Page 8 of 11

6 Appendix Support 6.1 Aviatrix Support Standard: 8x5 Enterprise Phone Support, email support, product-specific knowledge-base and user forum is included. For Additional levels of support and support offers please visit: www.aviatrix.com/support 6.2 AWS Support AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services. Learn more Page 9 of 11

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback