Aviatrix Intelligent Controller

Few days ago, I was talking to a customer who asked if Aviatrix was yet another proprietary solution with vendor lock-in? Valid question, that needs a more thorough answer….


Aviatrix Platform is the only Networking and Security Solution that has been built on a cloud-native networking architecture. It’s born in the cloud and is built for the cloud. At the heart of this is our Controller that utilizes the cloud provider APIs to interact with cloud native constructs to deploy, program, automate and manage them. In addition, Controller address the performance, scale and design challenges of the native cloud constructs by doing the same lifecycle management of Aviatrix’s own Networking and Security components.  In this article, I will try to explain why Aviatrix Intelligent Controller is not be confused with a point product that’s proprietary in nature but rather the exact opposite. The ability of our Controller to be completely cloud agnostic and speak multi-lingual cloud APIs, thereby able to take control of all public cloud native constructs in addition to Aviatrix’s own, makes it a non-proprietary solution with no vendor lock-in. Following are a just some examples:

Public Cloud Networking Constructs

 It’s all about an Enterprise class and Service-Provider grade consistent, repeatable, high performance and scalable Data Plane which is what Aviatrix Gateways offer as part of our solution across one or many public clouds. Aviatrix Controller does a great job of managing this data plane but there are times when we have to incorporate public cloud native constructs in some legacy designs. One example of this is brownfield environments where we find AWS Transit Gateway (TGW) that our controller can provide Orchestration for by programing and updating TGW route tables, so the routes are dynamically propagated to the Spoke VPCs. Other examples of this is where Controller automatically spins up public cloud load balancers so traffic from remote users can be automatically load balanced to Aviatrix SAML VPN gateways or when Azure Spoke vNETs needs to be natively connected to Aviatrix Transit.

Route Table and UDR Management

Aviatrix Controller does an amazing job in doing Dynamic traffic engineering and traffic steering across Aviatrix Data Plane but quite a few times, this needs to be done in conjunction with cloud-native data plane routing services. The ability of Aviatrix Controller to automate the propagation of routes (VPC Route Tables or Azure User defined Routes) , attach VPCs in a hub-and-spoke architecture as an alternative to a manually configured and managed VPC peering mesh provides an additional value add to customers that need handsfree approach in some native part of cloud network.

VPC/vNET/VCN creation

Aviatrix controller can discover ALL VPCs/VNETs/VCNs from the accounts that are onboarded. It also discovers the associated CIDR ranges. One can add new VPCs/VNETs/VCNs directly from the controller UI for a single source of truth for virtualized networks across clouds. To make this even more useful, Aviatrix Controller creates VPCs and vNETs with customized CIDRs that have specific roles and needs such as Transit and FireNet VPC/vNET. This is an immense value add that provides a single Controller UI to manage your entire Public cloud CIDR and IP addressing.

Life Cycle Management of NextGen Firewall

Aviatrix partners with next generation Enterprise class firewall vendors to provide an integrated solution with full life cycle management of the Firewalls. If customers choose to, they can even deploy the Firewalls directly from the Controller UI, completely eliminating any other vendor specific deployment workflows. This means that from the Controller UI, the Firewalls are automatically deployed, and Aviatrix Gateways are put in front of the Firewall cluster for load balancing. The Firewalls does not need to run BGP. All routes programming is done by the Controller through firewall vendor APIs in a completely dynamic fashion. The Controller also monitors the health of the firewall instances and in case of failure will automatically load balance traffic to only the working firewalls.

Terraform Provider

Terraform is an open-source infrastructure as code software tool that enables users to define and provision a datacenter infrastructure using a high-level configuration language. By its nature, terraform is open source and vendor neutral and if this is an integral component of any customer’s cloud deployment model, Aviatrix fully support it. In fact, Aviatrix is now an official Terraform provider. The Aviatrix Terraform Export feature on the Controller allows users to export their current Controller configurations (resources) into Terraform files and import them into their Terraform environment, facilitating an easy transition to using Terraform to manage their infrastructure.

Troubleshooting & Day 2 Operations

The Controller checks the Security Groups associated with the instances, VPC/vNET/VCN route entries, Network ACL, TGW & UDR Route tables when troubleshooting for any given flow between a source and destination. In addition, it provides expert diagnostics to identify the faulty setup in these resources. This is a task that the Controller does for all Aviatrix gateway components, but it also does this for Native constructs giving users the ability to abstract the complexity and not have to do this manually in the native part of Public cloud network.


CloudWAN is an Aviatrix service that utilizes native AWS services (Transit Gateway, Global Accelerator and VPCs) to extend Aviatrix’s intelligent orchestration and control to customer’s existing Cisco branch office routers. Unlike any other solution, Aviatrix CloudWAN uses the same controller to manage and automate secure connectivity of existing Cisco IOS/IOS-XE branch routers and directly configures VPN settings and BGP to point Branch network to the closest AWS Global Accelerator thereby providing an optimal Site to Cloud connectivity in a fully automated manner. This also means that the controller can push configuration changes, gather health telemetry, run diagnostics and retrieve critical device status to provide you a central place to manage your entire Branch WAN connectivity.

Analytics and Visibility

Aviatrix Controller, together with it’s CoPilot component of the platform extends visibility into complex, multi-cloud networks. It delivers, end-to-end, in-depth, historical analytics of multi cloud networks with a single pane of glass that offers application flows, inventory, health, and complete topological view of the network that includes native components such as  AWS TGW, VPC/vNETs/VCNs and even instances(VMs) in addition to Aviatrix own gateways giving a holistic view of the entire network topology.

Licensing model

No contract negotiation, no lengthy PO process and no shelf-ware. Aviatrix provides a cloud consumption model with multi-dimensional Metered AMI for instant consumption and need based scaling.. Although EA and BYOL type options are available, trying Aviatrix is as simple as launching the Controller from marketplace of your favorite cloud with no upfront commitments and trying one of the many use cases offered by Aviatrix.


To summarize, Aviatrix Platform embraces the cloud native networking constructs and extends the capabilities, performance & visibility with its own Data Plane giving users a single pane of glass for entire virtual network across clouds. It’s ability to consume the cloud native constructs and integrations with many systems makes it extremely versatile, open and easily consumable.

Reply Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
Like1 Follow
  • 7 mths agoLast active
  • 54Views
  • 2 Following