What's the difference between the Aviatrix Controller and Gateway? Are these 2 separate appliances?
The AVX-Controller sits in the Management/Operations plane. It is the Appliance you deploy from AWS/Azure/etc. You only need one controller. This controller then deploys AVX-Gateway appliances based on use-case and requirement.
We can always automate the Route Table configurations via Cloud Formation, so what does Aviatrix do?
Sure, you can automate the RT configuration, but compared to what the Aviatrix controller does for you, there is a huge difference. The controller injects intelligence into the cloud network. The controller will monitor routes from on-prem, routes from VPC, routes from TGW attachments, routes from peering relationships, and more, and programs those end-to-end not only in a single cloud, but across clouds AND across accounts and subscriptions. The controller audits these routes and paths, ensures that there are no black holes, ensures that there are no routing loops, ensures there is no suboptimal routing, enforces architecture, provides route control (filtering, etc.), enables traffic engineering and best path selection (BGP based), dynamically reprograms a new path if the primary is no longer available. That's ONLY the routing components of the controller, which can do so much more.
What does Aviatrix use to measure latency?
Our APIs and basic networking tests are used to calculate the latency.
So Aviatrix itself is not a cloud service provider, but a partner of all the cloud providers and provides multi cloud network service?
Exactly. Our platform runs in any CSP and provides advanced network capabilities that they don’t, anywhere you want to operate.
Can you do network discovery across multiple clouds?
That’s exactly what CoPilot does. It’s achieved via receiving data from the controller and the gateways.
Is CoPilot supported on OCI at this time, or only the other 3 CSPs?
CoPilot will ingest traffic from anywhere you install a gateway, so yes.
How many Aviatrix Controllers do we need to deploy?
Just one, it's multi-account, multi-cloud capable. If you are concerned about failures, we support controller HA in AWS, and we have complete control plane/data plane separation. This means that if the controller fails, it either recovers automatically or you can recover it and your data plane will see no hits.
In a global deployment with multiple clouds, how many CoPilot instances should be deployed, per region, and per cloud?
There is one CoPilot per Aviatrix Controller. NetFlow data is not huge, but it depends on how much traffic is crossing those gateways. You need a centralized monitoring and visibility system. Assume if we allow you to deploy multiple CoPilots, you still need to bring the data to a central location for analytics, correlation, etc. The value you are getting from CoPilot is far greater than the price of the netflow.
Is the Aviatrix Controller installed as HA?
The Controller can be configured as HA, if anything happened to controller (control plane) it would not affect the data plane (gateways).
Can the controller be extended in a way with some custom code, or is the standard practice to automate Aviatrix with a tool such as Terraform and add your additional features there?
The standard practice is to go with Terraform. Or you can use any standard programming language if you want to invoke our APIs manually. For example, Python. See https://api.aviatrix.com/?version=latest
Can Aviatrix pull in any unique features for any cloud via routing traffic through the controller?
Traffic is not routed through the controller, that’s a very important first point. Now, the controller can integrate with any cloud service potentially, and have it take effect on the gateways we put in the data plane.
How does the Aviatrix controller talk to the VPC routing tables?
It’s calling AWS API’s with the AWS account credentials that you have setup on the Aviatrix controller at on-boarding time.
How does Aviatrix combine all of the different cloud vendors in a single tool? Are all of the services accessed with a use of ACI or different services are reached by different tools in the backend?
We program all of the CSPs using their own APIs. That’s what makes us unique. We access the CSPs with the Access accounts you already have.
Would it be fair to call Aviatrix as an Orchestration and Management platform to seamlessly manage your Multi-Cloud environment?
Orchestration is only one of the things it does. AVX Gateways do routing, BGP, IPSec, UserVPN, Encryption, and L4 FWs.
Is Aviatrix Gateway region specific in AWS/Azure/GCP?
In principle you deploy Aviatrix Gateway in a VPC/VNET/VCN, which by nature is bound to a region. Even in GCP we’d deploy the Gateway in a subnet (regional construct). So overall we are region-specific, but there’s no issue for us to build peerings between regions/clouds.
Can Aviatrix Gateway be deployed on-prem?
No, it is deployed in public clouds. You could set up a S2C connection with our controller to bring it on your on-prem or make your cloud apps visible to on-prem.
Do the centralized gateways increase latency?
When the Transit Gateway is sitting in the same region as the spoke Gateway, the latency is negligible and close to what AWS/Azure support. When you cross clouds, then you will see various ranges there.
This is the test we ran a while ago. These Cloud providers do update and enhance their networks time to time, so check their respective sites for latest latency info.
Can the Aviatrix Gateways leverage autoscale/scale sets so they support HA?
Aviatrix Gateways scan scale up or down easily from the Controller, and we have active mesh for HA.
Is the Copilot part of the controller or separate?
CoPilot is complementary to the controller and licensed separately.
Although all the networking configurations can be easily done by using the Aviatrix Orchestrator, what if I need to just provision a few VM's? Can I use the same orchestrator for it or I have to use the CSP console?
Deploying VM's is always done via CSP console. Aviatrix helps you build networking, so when the VM's come online, they are able to communicate with things outside of their VPCs or VNETs. You would use your CSP of choice, or automation tool of choice to instantiate your own workloads. We don't deploy custom workloads, but we handle networking and security.
Can you import existing CSP enterprise cloud environments into the controller and take over orchestration of those environments, then build additional functionality as desired?
We have a way to migrate things over to Aviatrix orchestration. We do it all the time as most of our customers are Brownfield.
Are both Controllers/Gateways Linux based or Windows based?
Does Aviatrix act as a Dynamic routing protocol for Multi VPC communication?
Not exactly. Aviatrix supports dynamic routing with on-prem, but within the cloud environment Aviatrix provides a software defined networking/security solution.
Is the Aviatrix controller integrated with an IDP or supports MFA?
Yes, the controller supports external IDP.
For E-W, do we need NAT?
Using Aviatrix, there is no need for a NAT. That's the main advantage of Aviatrix.
How do we register a gateway with the controller? Do we need to specify the controller's public IP address in the gateway?
The Controller is deploying the gateways (the instances). That’s the only way to deploy the gateways. There is no possibility to deploy a standalone gateway outside of the controller, so there is no need to register a gateway. The Controller knows all about that gateway from the very start.