Multi-Cloud Transit-based Network Architecture – Aviatrix's secret sauce
So simple, so powerful.
When people hear about Aviatrix and what it can do, many of them become intrigued if it is really possible to have visibility, or control like never before, or have multi-cloud native network security. Or to get rid of AWS TGW once and for all. It’s a wow factor. It gets people’s attention.
It is possible because of the transit-based network architecture that Aviatrix proposes to enterprises. The Aviatrix transit and the deployment of Aviatrix gateways in every other existing VPC of the enterprise is what makes all this magic happen. That’s how the data-plane is created.
What is the Aviatrix Transit?
Aviatrix Transit is simply put, a VPC/VNet/VCN, that is deployed in every region that the enterprise operates in the cloud. Then, all these “Transit VPCs/VCNs/VNet’s” of different regions are connected (i.e., peered) together. It does not matter which of the major clouds they are in, or if it is just one cloud. Together, they form the Aviatrix Transit, which gives new abilities to do great things in the cloud, and puts enterprises back in control.
The rest follows naturally: in every region, simply connect other VPCs/VCNs/VNet’s to that region’s Aviatrix Transit VPC/VCN/VNet. Viola! All data that needs to pass through between virtual clouds will pass through the transit –the destination could be other virtual clouds of the enterprise, datacenters, third-party security, VPN, etc.
There are several ways that enterprises can leverage the Aviatrix Transit.
As clear from the diagram above, you can have different virtual clouds all connected together to a single Transit VPC/VCN/VNet. You can deploy the Transit in your preferred cloud service provider (CSP). For example,, if you operate in US-East region in Azure, GCP and AWS, then you can deploy your Transit VPC in AWS, and connect all virtual clouds of all other CSPs to it. Each of the other virtual clouds will also have Aviatrix Gateways deployed (marked by the red circle with four arrows). These gateways communicate with the Aviatrix Controller (inside the Shared Services VPC) and take instructions from the controller on what to do.
If you would like to have a dedicated Transit virtual cloud in every CSP, that is also possible! Following from the previous example, if you wanted a Transit VPC in AWS, a Transit VCN in GCP, and a Transit VNet in Azure then you can do that, and peer them together in the end (if you like).
Furthermore, you can also have more Transit virtual clouds if other regions as well, like West, EU, Asia, etc.
This is quite useful not just from a control and visibility perspective, but also if you have data centers or customers located closer to those regions then it will be important to deploy a dedicated Transit virtual cloud in those regions as well.
Deploying a Transit using Aviatrix
Deploying Transit Gateways is very easy within Aviatrix controller, and it takes just a few minutes. Simply enter some basic information and you are good to go!
Afterwards, you can attach your VPCs to the Transit Gateway easily, as shown below.
Aviatrix Transit is a powerful technology. This post only gives the basic idea of what it is. Imagine: encrypted peering, high performance encryption, next-generation firewall insertion, distributed threat visibility, ActiveMesh, and more. There are many other topics which for sake of brevity, are left out.
If you would like to learn more, contact us today to schedule a demo: http://www.aviatrix.com/schedule-demo