What is Aviatrix Edge Segmentation?
Edge Segmentation is essentially the Security Domain concept extended from Aviatrix Transit GW (AVX-TR-GW) to AWS-TGW
Edge Segmentation allows you to specify the edge connection on Aviatrix Transit GW and then which AWS-TGW Security Domain it can communicate with.
The Edge Segmentation feature requires AWS-TGW to be present in the network.
Customer Use-Case and Topology
- Partner1 builds IPSec tunnels with Aviatrix Transit GW (AVX-TR-GW)
- Partner2 builds IPSec tunnels with Aviatrix Transit GW (AVX-TR-GW)
- Partner1 should only be allowed to access App1-VPC attached to AWS-TGW
- Partner2 should only be allowed to access App1-VPC attached to AWS-TGW
This can be allowed via AWS-TGW Connection Policy control in Aviatrix Controller.
One can use the same VPC domain or create a new domain for each partner.
How to Enable Edge Segmentation?
To enable Edge Segmentation, go to Aviatrix Transit Network -> Setup -> Step 3, Connect to VGW/External Device/CloudN, to select the option “Enable Edge Segmentation”.
Where to view Edge Segmentation Security Domain?
When you enable the Edge Segmentation, the screen will not show any domain there. In the background Aviatrix Controller creates a corresponding Security Domain, but it shows in the AWS-TGW Orchestration area.
Go to AWS-TGW Orchestrator --> Plan --> Security Domain --> Select TGW. Now you will see edge domain as shown in the following diagram
Now first connect App1-Domain to Aviatrix_Edge_Domain.
And then connect App1-Domain to Aviatrix_Edge_Domain:Partner1-Tunnel
To build the connection policy.