About Edge Gateway Settings

This document describes the settings you can configure for an Aviatrix Secure Edge Gateway.

Site

Site refers to an edge Location. Aviatrix Secure Edge uses the site name to link an edge location and Edge Gateway pair. Multiple sites can be created for the same physical site.

When deploying an Edge Gateway, follow these guidelines to decide whether to use an existing site or create a new one.

  • Use an existing site:

    • If you want to have Active-Standby on 2 Edge Gateways (assign the same site)

  • Edge Gateways with the same site:

    • Can only join the same domain.

    • Can have the same or different local ASN.

    • Need to have FireNet traffic inspection configured per site.

  • If you want to configure FireNet management on the Edge Gateway, you need to configure it per site.

  • When multiple Edge Gateways are attached to a common Transit Gateway, the Transit Gateway will propagate routes from Edge Gateways with the same Site to other Edge Gateways with a different Site but will not propagate routes from the Edge Gateways to other Edge Gateways with the same Site.

ZTP File Type

Zero-Touch Provisioning (ZTP) enables network engineers to remotely deploy and provision network devices at remote locations.

ISO ZTP file is supported for VMWare ESXi and open-source Kernel-based Virtual Machine (KVM) deployments.

cloud-init ZTP file is supported for open-source Kernel-based Virtual Machine (KVM) deployments.

The following cloud-init modules have been verified for Edge Gateway deployments: users, write_files, and chpasswd.

High Availability

When deploying high availability Edge Gateways at a site for redundancy, you have the option to select Active-Active Mode or Active-Standby Mode for connectivity between the Edge Gateways and the Transit Gateways.

Active-Active Mode

In Active-Active Mode, the Primary and HA Edge Gateways connect to the Transit Gateways with two active peerings. All connections established between the Edge Gateways and Transit Gateways perform load sharing and forward network traffic.

Active-Standby Mode

In Active-Standby Mode, the Primary and HA Edge Gateway connects to the Transit Gateways with one active peering and one standby peering. Only the Primary Edge Gateway actively forwards network traffic. When the Primary Edge gateway goes down, traffic is redirected to the Standby Edge Gateway.

By default, if a High Availability mode is not selected, Edge Gateways deployed in the same site will default to Active-Active Mode.

For more information about HA Edge Gateway, see About Aviatrix Edge Gateway High Availability.

Active-Standby

This feature enables you to deploy an Edge Gateway connection to an external device where the external device, such as an on-prem firewall, does not support asymmetric routing on two tunnels.

When Active-Standby is On, the Edge Gateway connects to the external device with only one active tunnel forwarding traffic and the other as standby.

When Active-Standby mode is On, it applies to both BGP and Static Remote Route Based external device connections.

If you enable Active-Standby, you can select the Failover Mode to determine the network’s behavior when the Primary Edge Gateway goes down.

  • When Preemptive is enabled, the network automatically switches back to using that Primary Edge Gateway when the primary gateway is back up.

  • When Preemptive is not enabled, the network continues to use the Standby Edge Gateway even after the primary gateway is back up, until you initiate a manual switchover.

The Preemptive option is not applicable in Active-Standby mode if Virtual Router Redundancy Protocol (VRRP) is enabled on the Edge Gateway.

For more information about HA Edge Gateway, see About Aviatrix Edge Gateway High Availability.

Interfaces

WAN Interface

The network interface to connect to the Aviatrix Transit Gateway. Requires a default gateway and Layer 3 reachability to Transit Gateway Private or Public IP.

LAN Interface

The network interface to connect to the LAN network.

Management Interface

The network interface to connect to the Aviatrix Controller. Requires a default gateway, DNS access and Internet access to Aviatrix Controller, Aviatrix software download, and tracelog upload. Internet access is not required, if Management interface is over a private network.

Jumbo Frame

Jumbo Frame improves the performance throughput between an Aviatrix Transit Gateway and Edge Gateway. Jumbo Frame is supported on all Edge platforms (Equinix, Megaport, Aviatrix Edge, and Self Managed).

There are two Jumbo Frame configuration settings for an Edge Gateway: one for the Edge Gateway and another when you create an Edge Gateway attachment.

  • You must first enable Jumbo Frame on the Edge Gateway. Enabling Jumbo Frame on the Edge Gateway enables it on the WAN and LAN interfaces of the gateway.

  • When you attach an Edge Gateway to a Transit Gateway, you can choose to enable Jumbo Frame. This enables Jumbo Frame for the tunnel connection between the Edge Gateway and the Transit Gateway.

  • Jumbo Frame is supported for AWS and OCI only; it is not supported for Azure and GCP.

  • Jumbo Frame is only supported on private connections that support Jumbo Frame.

  • Jumbo Frame is supported with High Performance Encryption and BGP over LAN connections only. High Performance Encryption and Jumbo Frame must be enabled on all gateways in the end-to-end path of the traffic flow.

  • For BGP over LAN connection, Jumbo Frame is enabled (by default) when the Edge Gateway is created.

Change Interface(s) RX Queue Size

Using the Change Interface(s) RX Queue Size, you can select a gateway and set the gateway’s interface(s) RX Queue Size.

  • A larger RX queue size introduces high latency in forwarding packets.

  • A smaller RX queue size has low latency but will drop packets early when forwarding packets.