Open forum for cloud adoption, architecture and design, automation, migrations, managing cloud complexities and cost, and industry trends
- 141 Topics
- 252 Replies
If a user decides to decommission Aviatrix completely, will the user's multi-cloud environment continue to function like before? Will any gateways and other components created by Aviatrix that are native to a particular cloud remain in place? For example, you may have configured routes or security groups or even launched instances through the Aviatrix controller. Will they remain functional?
I was trying to spin up an Aviatrix Cloud Controller at AWS using Sandbox Starter Tool, but keep getting these errors: > The controller will be launched in us-east-1. Initializing modules... Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... --> Controller launch failed, aborting. Registry service unreachable. This may indicate a network issue, or an issue with the requested Terraform Registry. Registry service unreachable. This may indicate a network issue, or an issue with the requested Terraform Registry. registry service is unreachable > If anyone has faced the same issue before, kindly help me to find a solution. I ran starter Tool as docker container in my laptop and accessing to Hashicorp registry is fine from my laptop, not sure why it complains Terraform registry service is unreachable. ===Debug Message== --> Controller SSH key already exists, skipping. --> OK. --> Now going to launch the controlle
Aviatrix support many ways to do this. Build an SD-WAN POP in a VPC/VNET with SD-WAN virtual appliances, and then northbound you build standards-based IPsec/GRE tunnels + BGP over Public or Private peerings to the Aviatrix transit. The aviatrix transits can be instantiated in any region or any cloud, as many as you want, wherever you want. So you can build a nice architecture where your SD-WAN remote sites terminate at the closest POP to where their cloud apps live. You can put the SD-WAN appliances in the same VPC /VNET as aviatrix transit and do IPsec/GRE + BGP OR you can do native BGP with no tunneling for higher throughput. You can connect Aviatrix transits via IPsec/GRE + BGP over the internet/MPLS/direct-connect/express route to an on-premise physical SD-WAN appliance. More details can be found on your Aviatrix Youtube Channel where Dana (SD-WAN Expert) has a lot of videos explaining the design and deploy. You can also send an email to email@example.com
Hi I noticed the section on VPN gateways has stated the following: Note a /24 VPN CIDR block supports about 64 simultaneous VPN clients. This is because for each connected VPN client, VPN gateways reserves 3 virtual addresses. For larger number of clients per VPN gateway, consider making the VPN CIDR block to a /22 or /20 network. Is 'reservation of 3 virtual addresses' by VPN gateways is due to the Load balancing that can be implemented across the gateways? Jeff
Hi After making the unfortunate error of of terminating my 'Sandbox Starter' AMIs via the AWS console, instead of using the Sandbox 'Destroy' menu option, I have just spent some considerable time uninstalling my Desktop Docker, deleting Aviatrix policies, deleting/generating keys, etc in my efforts to get the Sandbox Terraform script to successfully complete it's setup of the Sandbox again. It has proven to be a painful learning and time consuming process. So - I have some questions: 1 - In the the event that I mistakenly terminated a SandBox AMI via the AWS console, is there a script/command available that can be used to rebuild that particular AMI again? 2 - In the event that no such 'rebuild' script/command exists, will using the 'Destroy' option remove all remaining elements of the existing Sandbox, so that a new Sandbox can be successfully installed by running 'Sandbox Starter' again? - or is it not that simple? 3 - Does creation of a new Sandbox
Hi, I have a questions re: clarification of the below statement: "This tool is packaged as a container image that could run locally on the Windows/Linux/MACOS laptop/server/VM or EC2 instances. The container code is available here" If the container image can run locally on a PC/Server does this mean there is no requiremnet to spin up the AWS resources? I'm trying to understand: 1 If the Sandbox tool need both AWS and Docker? 2 Can the Sandbox tool only use AWS? 3 If Sandbox tool need both AWS and Docker, what does it use Docker for? Jeff
I'm considering creating the Azure VNET part of the Sandbox to build on my knowledge of Aviatrix. However - I cannot find any information on the type of minimum build/specification (eg memory, processor, storage, build type) that I need to select to successfully create the transit & spoke gateways. If the this automatically done by the script Sandbox script, I would still like to know what would be selected as I want to know what is the cost of running the Azure instances before I consider going ahead with creating the VNET. Can someone please advice - thanks.
I have question related to Google Cloud Inter-Region Latency, when I went through the table "Latency Measured In Millisecond Between Google Cloud Regions" I found in some rows the source and destination are similar, for example let's take source: us-east1 and destination us-east1 and the latency is 0.555. what do you mean in this number? do you mean the latency inter-zones in the same region " us-east1"?
Hello All, I am already read documentation about both items, however I have some doubts to make difference between two terms and based some topology. CloudWAN -> It related specific feature that can manage device remotely ( Cisco Routers ) via Aviatrix Controller, as well as will have some benefits based if you contracted with AWS ( for example ) Global Accelerator. However, is it necessary to install something to make this deploy or can be considered only feature associated inside Aviatrix Dashboard? CloudN -> It related Aviatrix virtualization router can be deploy in DC via hypervisor or bare metal, in order to make connection of this router with gateway on the cloud doing a IPSEC or HPE if there is necessity connection, being managed by Aviatrix Controller. Is it correct approach for it? The big difference CloudWAN is feature associated inside Controller?
Many organisations still believe in everything that the big cloud vendors like AWS, Google, Azure etc are saying. Naturally they each want to sell you their own products and services as being world class, secure and always available. We already know this not to be true with the recent outages … https://techhq.com/2020/12/3-biggest-public-cloud-outages-of-2020/. The reality is they don’t want your organisation to be multi cloud and have public cloud choice. Typically, they want to lock you in and once done, you’ll have little or no say on how to control or secure your data and have poor visibility into events and how that impacts you and your customers until it’s too late. Don’t be fooled into believing them any longer. The next phase of cloud computing is evolving and organisations are waking up to the fact that they do actually need to be multi cloud ready and have choice. Its predicted that in 2021 more than 50% of data will span multi clouds. This is great news f
For DR purpose and features like - Fail over - Fail back - DR Testing we need to clone source VPC (10.0.0.0/16- us-west1) to another VPC (10.0.0.0/16- us-east2) with same CIDR. Is this OVERLAP-CIDR support is available. TGW etc.. not support CIDR overlaps
How does Aviatrix fix problems in Azure? We orchestrate and manage the UDR routes using Aviatrix Gateway in Azure to provide a scalable architecture and a lot of other things as well. How does Aviatrix work with ARM templates for Azure? Aviatrix has its own Terraform provider so configurations can be applied consistently across clouds. Is Azure NSG similar to NACLs or SG in AWS? Azure NSG can be attached to either subnet or instance, so it’s similar to both AWS NACL and SG. Is Azure's NVA similar to the Transit Gateway in AWS? No, the AWS Transit Gateway is an actual managed service from AWS. Azure NVA is not a managed service in itself. NVA means Network Virtual Appliance and can be either a 3rd-party element or a native Azure element such as Azure Firewall. Is there NACL in Azure? What you do with NACL in AWS, you can do with NSG in Azure. What is the preferred transit opti
Is Direct Connect (DX) encrypted by default? No. DX is not encrypted. The encryption solution needs to be built on top of it. If you are looking for near line rate encryption for DX and/or ER (Express Route), Aviatrix has a hardware appliance called CloudN that one should consider. Does the 3rd party firewall and Aviatrix controller have to be in AWS, or do the firewall services work on Azure as well? Nothing has to be in AWS. If you are a customer who has no footprint in AWS, you can only be in Azure, which means that your Controller, GWs, FWs will all be in Azure, too. I want to have routing from multiple regions to my on-prem via AWS-TGW, would I need multiple route peering? Yes, you would terminate a VPN per TGW to on-prem. If using a Direct Connect, you could leverage the DX Gateway. If the VPN tunnel is built with an AWS-TGW, do we also need to programs routes in VPCs? You will need to go into the VPC route tables and manually configure routes for D
What's the difference between the Aviatrix Controller and Gateway? Are these 2 separate appliances? The AVX-Controller sits in the Management/Operations plane. It is the Appliance you deploy from AWS/Azure/etc. You only need one controller. This controller then deploys AVX-Gateway appliances based on use-case and requirement. We can always automate the Route Table configurations via Cloud Formation, so what does Aviatrix do? Sure, you can automate the RT configuration, but compared to what the Aviatrix controller does for you, there is a huge difference. The controller injects intelligence into the cloud network. The controller will monitor routes from on-prem, routes from VPC, routes from TGW attachments, routes from peering relationships, and more, and programs those end-to-end not only in a single cloud, but across clouds AND across accounts and subscriptions. The controller audits these routes and paths, ensures that there are no black holes, ensures that th
Do you provide a VPN client for end users for the point-to-site connectivity or are they still using another third party? Aviatrix has its own VPN client with added benefits like SAML, but you can also use OpenVPN clients as well. Is there a NAC module for Aviatrix VPN clients? We can enforce the minimum version of the VPN client that the user uses. But besides that, there are no other NAC functionalities today. Is transit traffic not possible with the Smart SAML VPN? Once the user is on the Aviatrix backbone, they can access all the resources.
How do you decide which type of workload should be run on private and public clouds? You can run any type of workload in the public cloud. At the end of day, the VM/Instances in Cloud are regular Linux or Windows machines. The Cloud actually gives you even more options/services to run your workload. Does Aviatrix use Terraform to deploy/automate across the Cloud platforms? Yes! Totally! For Terraform, we are an official provider. Also we support REST API. https://www.terraform.io/docs/providers/aviatrix/. What is the benefit of using different Public Clouds, why not consolidate on one preferred cloud? You want to diversify. Just like how you would do main DC and DR in separate locations, it makes sense to be in different CSPs. Sometimes, there are better offerings in terms of services and support and cost when it comes to different CSPs. Are the controllers and the gateways multi-tenant? Yes. The Controller allows you to onboard different accounts from different tena
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.