Aviatrix uses two different techniques to build encrypted peering connection (tunnel). It depend whether Aviatrix HPE (High Performance Encryption) is enabled or not
- If HPE is enabled then AWS native peering is used and encrypted tunnel is built over the private network link
- Documented here: https://docs.aviatrix.com/HowTos/insane_mode.html#how-does-insane-mode-work
- For Insane Mode (HPE) between two gateways, between a Transit GW and a Spoke gateway, or between two Transit GWs (Transit Peering), the Aviatrix Controller automatically creates the underlying AWS Peering connection and builds the tunnels over it
- It means 1 cents per GB for send and receive (that is 2 cents per GB)
- Documented here: https://docs.aviatrix.com/HowTos/insane_mode.html#how-does-insane-mode-work
- If HPE is not enabled, then AWS-IGW is used to build the encrypted tunnel