Edge Spoke Gateway Design Patterns

This document describes these common design patterns for deploying Aviatrix Edge Spoke Gateway.

Aviatrix Secure Edge Connectivity over Private Network
Aviatrix Secure Edge Connectivity over Public Network
Transit Connectivity with Redundant Edge
Transit Connectivity with Redundant Edge and Redundant Circuit
Multicloud Connectivity with Aviatrix Secure Edge
Aviatrix Secure Edge Connectivity to VLANs

Single Transit with Single Edge

Attachment over Private Network

In this design, a single Edge Spoke Gateway is attached to an Aviatrix Transit Gateway over a private network, such as AWS Direct Connect, Azure Express Route, and GCP Interconnect.

In this scenario:

The WAN router runs a BGP session for underlay CSP to exchange routes with the CSP and the CSP advertises the Transit CIDR, for underlay reachability.

You can also use Aviatrix Edge Spoke Gateway to terminate CSP underlay in Equinix Network Edge without a need for a WAN router as shown below.
The Edge Spoke Gateway LAN interface runs a BGP session to the LAN BGP router, where the LAN BGP router and the Edge Gateway exchange their network address range to each other over the BGP connection.
The Edge Spoke Gateway is attached to the Aviatrix Transit Gateway in the Transit VPC, as overlay, where the Aviatrix Transit Gateway and Edge Gateway exchange all their CIDRs to each other.
The Edge Spoke Gateway registration via Management with default route towards the Internet Firewall or router. Registration can be done via the Internet such as per the diagram or via private network.

Attachment over Public Network

In this design, a single Edge Spoke Gateway is attached to an Aviatrix Transit Gateway over the public network. Key ideas are similar to Attachment over Private Network design except the WAN Router provides Internet connectivity to Transit

If you have multiple Edge Spoke Gateways, make sure each gateway has a unique WAN Public IP.

Single Transit with Redundant Edge

In this design, multiple Edge Spoke Gateways are deployed to provide redundancy over a single private network circuit. Multiple Edge Spoke Gateways can be deployed in Active-Active mode with ECMP or Active-Standby.

In the Active-Active deployment model, the network device connected to the Edge Spoke Gateways needs to be able to handle asymmetric routing.

Single Transit with Redundant Edge and Redundant Circuits

In this design, multiple Edge Spoke Gateways are deployed with redundant private network circuits. Multiple Edge Spoke Gateways can be deployed in Active-Active mode with ECMP or Active-Standby.

In the Active-Active deployment model, the network device connected to the Edge Spoke Gateways needs to be able to handle asymmetric routing.

Multicloud Transit Networking with Edge

In a multicloud setup scenario, Edge Spoke Gateway can function as a transitive router providing high-performance encryption and routing the traffic between cloud service providers.

The key ideas for this scenario are:

Edge Spoke Gateway is attached to multiple Transit Gateways (for example, Transit in AWS and Transit in Azure)
Transitive Routing feature is enabled on the Edge Spoke Gateway.
(Optional) Transit Peering over public network between Transit in AWS and Transit in Azure.
By default, Transit Peering will be the preferred path. To make Transit Peering less preferred, use Connection AS Path Prepend feature.
Edge redundancy can be achieved by deploying multiple Edge Spoke Gateways in Active-Active or Active-Standby configurations.

Aviatrix Edge Spoke Gateway Connectivity to VLAN

Avia Edge Spoke Gateway can be deployed in on-premises with LAN gateway functionality and VLAN and VRRP support. EdgeSpoke Gateways can connect to a single or multiple Transit Gateways in this design.