How to integrate Aviatrix Transit with popular SDWAN solutions
As enterprise networks have grown into more geographically dispersed and global footprint, many have migrated to SD-WAN for the site to site connectivity. In addition to the cost-effectiveness, SD-WAN technologies provide network teams the ability to do policy-based routing and benefit from security services directly built into the network. Many organizations want to leverage their already deployed SD-WAN technologies to connect their premises to public cloud networks.
In this article, we will look at an architecture that leverages Aviatrix integration with popular SD-WAN solutions to reap the full benefits of both intelligent, multi-cloud networking that Aviatrix offers, and flexible remote connectivity capabilities of SD-WAN solutions.
How does Aviatrix Integrate with SDWAN
Aviatrix Transit Service is a full-featured cloud networking solution that enables secure connectivity between networks within and across clouds. Using Multi-Cloud Network Architecture (MCNA), Aviatrix provides a global transit overlay for connectivity between resources that are deployed across different regions, different clouds, remote sites, and users. To integrate with outside networks, Aviatrix transit service accepts termination of BGP + IPsec tunnels for full connectivity between external networks, namely on-premises data centers, and the public cloud.
SD-WAN solutions provide branch-to-branch connectivity over underlying WAN connections at each branch/location. Most SDWAN solutions also support IPSec termination to connect to networks outside of their world.
Since both solutions offer IPSec connectivity, we can use that to establish a connection between the two solutions. This integration allows for the exchange of routing information and traffic forwarding in both directions. we are essentially connecting the two worlds together to form a joint end-to-end enterprise network. The integration will be able to leverage Aviatrix control and data plane capabilities for the connectivity in the cloud, combined with SDWAN’s solutions to manage connectivity to on-premises and remote office resources.
Establishing BGP Peer with SD-WAN headend
With this method, we can build an IPSec tunnel between Aviatrix transit gateways and the SD-WAN headend gateways. Although SDWAN gateways are usually deployed inside a VPC/vNET in the cloud, with this method we can connect to any SD-WAN edge that’s reachable from Aviatrix gateways over IP networks.
As for route exchange, the preferred method would be to leverage BGP for optimal path selection and failover. Aviatrix also supports static routing in case SDWAN gateways may not support this mode.
Advantages of this approach:
Dynamic route propagation between on-premises and cloud networks to ensure network correctness
High availability and load balancing through software intelligence
Multi-cloud network segmentation using Aviatrix security domains extended to the edge
Aviatrix controller offers an easy to follow, step-by-step workflow for configuring any part of the global transit network. To configure this integration, go to step 3 of Aviatrix Transit workflow as seen in the screenshot.
Alternative approach: Using cloud route tables for traffic steering
In addition to leveraging IPSec tunnels, we can use VPC route tables to create traffic handoff to connect SDWAN solutions to Aviatrix transit. In this method, we leverage native VPC/vNet route tables that allow us to point specific traffic to the corresponding gateway for that traffic direction. This method is less preferred due to manual touchpoints that are required, and should only be used if IPSec integration is not an option. Some keys aspects to consider:
Advantage of this approach:
-No IPsec between the gateways to leverage full native throughput. This is advantageous if the total throughput that the SDWAN solution exceeds well beyond 2Gbps.
-Aviatrix gateways may need to be in the same network (VPC/vNet,VCN) as the SDWAN headend gateways.
-Static route configuration creates administrative issues and increases changes of network issues
-We must have a clear distinction between on-premises routes and cloud routes summaries.
If you have a multi-cloud strategy, you have already invested in SD-WAN technology or looking to invest in SD-WAN, this integration can bring a complete solution to your enterprise networking architecture where dynamic remote connectivity meets dynamic and intelligent cloud connectivity.